RaacNFT can be mint at incorrect prices
Summary
The mint function in the RAACNFT contract does not check for outdated prices when fetching the house price from the oracle. If the oracle fails to update prices for a prolonged period, users may exploit outdated valuations, leading to financial imbalances in the protocol.
Vulnerability Details
The function fetches the house price from
raac_hp.tokenToHousePrice(_tokenId).There is no validation to check whether the price is recent or outdated.
If the oracle stops updating prices, the contract may use stale values.
This could allow users to mint NFTs at inaccurate or lower prices, resulting in financial loss for the protocol.
Impact
Users could mint NFTs at outdated (potentially lower) prices, leading to underpriced asset allocation.
The protocol may suffer economic losses if assets are valued incorrectly.
Potential manipulation risks where attackers could exploit stale prices to gain undervalued NFTs.
Tools Used
Manual code review
Static analysis of
mintfunction
Recommendations
Implement a timestamp check to ensure price data is recent:
(uint256 price, uint256 lastUpdated ) = raac_hp.getLastUpdated(_tokenId);if (block.timestamp - lastUpdated > MAX_PRICE_AGE) {revert RAACNFT__OutdatedPrice();}
Lead Judging Commences
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.