Core Contracts

Summary

RAACHousePriceOracle and RAACPrimeRateOracle are based on oracles using Chainlink Functions which is a BETA feature that shouldn't secure any real value in mainnet.

Vulnerability Details

Going through official chainlink documentation about [chainlink functions](https://docs.chain.link/chainlink-functions)

We can quote the important highlighted information:

Chainlink Functions is available on mainnet only as a BETA preview to ensure that this new platform is robust and secure for developers. While in BETA, developers must follow best practices and not use the BETA for any mission-critical application or secure any value. Chainlink Functions is likely to evolve and improve. Breaking changes might occur while the service is in BETA. Monitor these docs to stay updated on feature improvements along with interface and contract changes.

especially "not use the BETA for any mission-critical application or secure any value". Here the Chainlink function is based to set/get houses prices which doesn't follow Chainlink warning.

Impact

While it is hard to exactly define an impact, chainlink clearly mentions that Chainlink Functions shouldn't be used in Production and that breaking changes can occur. It could break the house price oracle functionality or make it work differently than expected during an amount of time.

Due to the warning we can consider the likelihood high too.

Recommendations

Do no use oracles based on chainlink functions while it is still in beta