Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Arbitrary Debt Value Vulnerability in liquidateNFT

agbanusijohn

Summary

The liquidateNFT function accepts an unchecked debt parameter, allowing any value to be provided. This opens the door for potential manipulation of the auction process.

Vulnerability Details

When liquidating an NFT with https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/pools/StabilityPool/NFTLiquidator.sol#L97, the function does not validate or restrict the debt value. This means a malicious debtor controlling the StabilityPool could intentionally set an arbitrary (or even artificially low) debt value. In doing so, they could later bid on the NFT at a bargain or buy back at a much lower price, subverting the intended liquidation process to liquidate debt as the debt is transferred to the protocol and potentially recovering the NFT under unfair terms.

Impact

Allows potential financial manipulation by acquiring NFTs below their real value
Distrust in the auction mechanism

Tools Used

Manual Review, Forge

Recommendations

use an external oracle to confirm the debt’s value before liquidation

Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.