Insolvency risk for protocol
Summary
To mint NFT representing real-estate object it requires to send usd value of the object to the protocol. Meanwhile the cost of NFT is actual data returned by oracle depends base on real-word condition (real-estate market condition, physical condition of that object and so on)
Vulnerability Details
Described above makes possible cases where user's debt (he took by providing his NFT as collateral) become insufficient.
There could be a gap between the user spend to mint NFT and actual price of NFT he put as a collateral for it's debt.
Consider the following example:
We mint NFT representing some property, at the moment of minting NFT oracle returns 100k$ as its price.
Over the time value of property went to 200k$, and now user decided to took debt against this NFT.
If the real-estate property eventually lose all it's value (or most part of it) - because of market condition or physical condition (let's say, if is burned) the position of the debt will be liquidated, meanwhile the protocol doesn't have enough money for repay user's debt. (because funds we send to mint the NFT was lower then the collateral value user took funds against)
The described risk happens because the gap between the initial value of NFT and the value we took debt against could drascticaly be different.
Impact
protocol insolvency
Tools Used
Manual review
Recommendations
ensure you calculate collateral value with initial nft mint price parameter
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.