Core Contracts

Summary

The getNFTPricemethod in the LendingPool.sol contract returns the price of the parameter NFT. However, it was identified that the function does not check whether the received data is valid or out of date.

Vulnerability Details

The LendingPool.sol::getNFTPricereturns the price for an NFT ID which is later used in functions LendingPool.sol::withdrawNFTand LendingPool.sol::getUserCollateralValue. Staleness in the data can cause the following issues

• During the withdrawal process, the contract might allow a user to withdraw their NFT even when it would leave them undercollateralized. This would break the collateralization guarantees of the system and expose lenders to losses.

• Stale prices could lead to inconsistencies in user collateral tracking, affecting both liquidations and debt calculations and leading to potential bad lending due to incorrect price

Impact

• Undercollateralized Withdrawals – Users may withdraw NFTs even when it leaves them undercollateralized, breaking the system’s collateralization guarantees and exposing lenders to losses.

• Inaccurate Liquidations & Debt Calculations – Incorrect price data can lead to improper liquidation decisions, bad debt accumulation, and inaccurate lending risk assessments.

Tools Used

Manual Review

Recommendations

It is recommended to reject prices older than the threshold corresponding to the heartbeat of the price feed. The staleness threshold should correspond to the heartbeats of the oracle’s price feed.