Price of NFTs could be outdated leading to incorrect calculation of the value of collaterals
Summary
The prices of houses are updated by the owner of the RAACHousePriceOracle contract through the sendRequest(...). The problem is that this has to be done manually by the owner for every NFT, which could lead to outdated prices of NFTs and incorrect calculations inside the LendingPool.
Vulnerability Details
Outdated prices can lead to incorrect calculations affecting both lenders and borrowers. For example, Alice deposits an NFT, which has an initial value of 10,000 USD and borrows assets worth 7,500 USD. The liquidation threshold is also 80% (0.8) as an example. The price of the NFT drops to 9,000 which means Alice is subject to liquidation, however since the price of the collateral/NFT is updated "manually" via sendRequest(...) by the owner, she still has a "valid" position as a borrower. On the contrary, let's have the same example with the same numbers, but this time the prices of both the collateral and borrowed assets go up. Let's say the borrowed assets are now worth 8,500 USD and the collateral 11,000 USD. The ratio of the borrowed assets/collateral is 0.77, but if the price of the collateral is updated, Alice will get liquidated even though she shouldn't be.
Impact
Outdated prices could lead to users being subjected to liquidation or users not getting liquidated on time.
Tools Used
Manual review
Recommendations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.