Core Contracts

Summary

The RAACHousePriceOracle.sol contract suffers from a critical vulnerability due to the lack of access control in the setOracle function. Without restrictions, any user can modify the oracle address, enabling potential manipulation of price data critical to the RAAC protocol. This flaw could lead to severe consequences such as incorrect asset valuations, unauthorized borrowing, or wrongful liquidations, threatening the protocol’s financial stability and user trust.

Vulnerability Details

Identified Issue

1. Unrestricted Access to setOracle Function

   • Description: The setOracle function lacks any access control mechanism, allowing any external caller to update the oracle address.

   • Original Code (assumed):

     solidity

     function setOracle(address newOracle) external {

     oracle = newOracle;

     }

   • Problem: Absence of restrictions (e.g., onlyOwner) means an attacker could set the oracle to a malicious contract, feeding false price data into the system.

Impact

The lack of access control in setOracle has significant repercussions:

• Price Feed Manipulation: An attacker could replace the oracle with one providing falsified data, leading to:

  • Over-valuation of collateral, allowing excessive borrowing.

  • Under-valuation, triggering unjust liquidations.

• Financial Losses: Incorrect pricing could result in losses for users and the protocol through mismanaged loans or liquidations.

• Protocol Instability: As the oracle underpins real estate NFT valuations, manipulation could destabilize the lending pool, risking systemic failure.

Changes Needed

To address this vulnerability, the following modifications are required:

• Access Control: Restrict the setOracle function to the contract owner using OpenZeppelin’s Ownable contract and the onlyOwner modifier.

• Input Validation: Add a check to prevent setting the oracle to the zero address, ensuring a valid oracle is always in use.

Full Updated Code

Here is the corrected version of the RAACHousePriceOracle.sol contract:

solidity

Explanation of Changes

• Ownable Inheritance: The contract now inherits from OpenZeppelin’s Ownable, which provides ownership functionality and sets msg.sender as the owner by default.

• onlyOwner Modifier: Applied to setOracle to ensure only the contract owner can call it, preventing unauthorized access.

• Input Validation: Added a require statement to block the zero address (address(0)), avoiding invalid oracle configurations.

• Placeholder Function: Included getPrice as an example to illustrate the oracle’s role, though the actual implementation would depend on the specific oracle integration.

Recommendations

• Immediate Fix: Deploy the updated contract with access control and input validation as shown above.

• Further Enhancements: Consider adding an event emission in setOracle (e.g., event OracleUpdated(address newOracle)) for transparency and monitoring.