No check for staleness in values of RAACHouse Price NFTs
Summary
During borrowing and lending, valuation is used for determining things ranging from collateralValue to Liquidation Thresholds, hence the values of assets must be as up-to-date as possible, however this is not the case in the LendingPoolContract, where RAAC NFT House prices are obtained and used whether they are stale or not.
Vulnerability Details
In the getUserCollateralValue(), the value of the NFTs owned by a user is obtained and looped through, and getNFTPrice() is called for each tokenId, and this leads us to the function, where the lastUpdateTimestampis neither verified nor used at all.
Impact
Stale values allow user to exploit the system for financial gains through some form of arbitrage, the RAAC values are crucial to the calculation of liquidation/collateral values so they must be up to date.
Tools Used
Manual Review
Recommendations
When dealing with ChainlinkOracles the difference between the lastUpdateTimestamp and block.timestamp is usually checked against some threshold, that would be fine here.
Lead Judging Commences
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.