Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

getNFTPrice() does not have checks to ensure NFT price is fresh or Old one.

0xhacksmithh

Summary

Vulnerability Details

function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId);
if (price == 0) revert InvalidNFTPrice();
return price;
}

getNFTPrice() is a crucial function as it is used to calculate user's health factor.

To fetch NFT's price it called `RAACHousePrices :: getLatestPrice()` But point there is no heartbeat or freshness check present which will ensure, price updated recently or its old

https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/pools/LendingPool/LendingPool.sol#L591-L595

Impact

HouseNft price could be a old value, which will directly impact on Health factor calculation.

Tools Used

Recommendations

RAACHousePrices.sol contract should maintain a heartbeat period, and once this heartBeat period exceed it should request for fresh price of HouseNft.

And during fetching of house price via getNFTPrice(), this function should also check freshness of houseprice against heartbeat time period.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.