its irrelivant, as any token id price update will up date lastUpdateTimestamp
Summary
Vulnerability Details
RAACHousePrices.sol is a Contract for managing house prices associated with RAAC tokens.
it has a mapping mapping(uint256 => uint256) public tokenToHousePricethat Maps from RAAC tokenId to house price in USD and a state variable lastUpdateTimestampfor Timestamp of the last price update.
setHousePrice()function called from RAACHousePriceOracle :: _processResponse()to set corresponding HouseId's price
But here problem when setHousePrice() update price of any HouseID lastUpdateTimestampget updated. So when protocol goes for staleness check for those HouseID prices it will give them inccorect answer, as very old HouseId price will show that these are recently updated
i think its irrelevant, there should be another mapping that indicates which HouseID price updated when, that will helps in staleness check(to determine price is recent one OR updated long time ago).
Impact
Some HouseIds prices could very old
Tools Used
manual review
Recommendations
Like we are tracking HouseId to Price, maintain a same type of mapping to track HouseId to LastupdatedTimestamp for that tokenmapping(uint256 => uint256) public tokenToHousePrice
Lead Judging Commences
RAACHousePrices uses a single global lastUpdateTimestamp for all NFTs instead of per-token tracking, causing misleading price freshness data
RAACHousePrices uses a single global lastUpdateTimestamp for all NFTs instead of per-token tracking, causing misleading price freshness data
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.