Stale NFT price oracle data enables incorrect collateral valuation
Summary
The LendingPool::getNFTPrice() function retrieves NFT prices from the oracle without validating the timestamp of the last price update, allowing stale prices to be used for critical collateral calculations.
Vulnerability Details
The getNFTPrice() function retrieves the price and last update timestamp from the oracle but fails to validate if the price data is stale:
The function ignores the lastUpdateTimestamp value returned by the oracle. This means that even if the price data is days or weeks old, it will still be used for calculating collateral values and health factors.
Impact
Using stale price data can lead to incorrect collateral valuations used for borrowing limits
A stale high price could allow users to borrow more than their NFT is currently worth, while a stale low price could trigger unnecessary liquidations.
Recommendation
Add Maximum Price Age Check
Lead Judging Commences
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.