If user take advantage of tokenising same property multiple times it will lead to protocol insolvency
Summary
Across protocol there is no check prevent tokenising same property multiple times which will lead to drastical unintended "leverage" for user he could use to take unfairly big loans
Vulnerability Details
Because the value of NFT pegged to real-estate property it could increase or decreased base on market and physical condition of that property.
Consider the following example :
User mint token representing some real-estate object at cost 100k$ 10 times ( so now user have 10 NFT)
User invest 500k$ to the real-estate and build, let's say, mansion there
Now his real estate cost 600k$ and that exact price chainlink will return as a price of NFT
Because user minted 10 NFT representing his real-estate the value of those NFT will be returned as 5m$ from chainlink
User spend total 1,6m$ (10 nft + rwa), but now he is able to took loan against this 5m$ which he will be able to return to take advantage of his "leverage"
Impact
Protocol won't be solvent to cover such loses in case tokenising same property
Tools Used
Manual review
Recommendations
build check against multiple tokenisation ( it might be oracle's value about property owner )
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.