No staleness check for lastPrimeRate in `getPrimeRate()`
Summary
Vulnerability Details
RAACPrimeRateOracle.sol has 2 state variable i.e lastPrimearte and lastUpdateTimestamp.
both of these updated in _processResponse()internal function which is called from BaseChainlinkFunctionsOracle.sol
But point is `RAACPrimeRate :: getPrimeRate()` fetch lastprimeRate and return it, it never checks for staleness of this value
Impact
lastPrimeaRate could be a stale value(old value)
Tools Used
manual review
Recommendations
Contract should implement a heartbeat (time period ) during which this lastPrimeRateis valid and after completion of heartbeat period again request for new value.
When getPrimerate() function called it lastUpdateTimestamp should check against heartbeat
Lead Judging Commences
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.