Submission Details
Severity:
House price from oracle not scaled
Summary
Chainlink oracle and then in RAACHousePrices the prices are set in USD, however the rest of the protocol does not scale the price to the proper decimals.
Vulnerability Details
RAACHousePrices uses USD as the price when setting prices and returning prices
/**
* @notice Retrieves the latest price and update timestamp for a given token
* @param _tokenId The ID of the RAAC token
* @return The latest price and the timestamp of the last update
*
* Returns token-specific update timestamp
*/
function getLatestPrice(
uint256 _tokenId
) external view returns (uint256, uint256) {
return (tokenToHousePrice[_tokenId], lastUpdateTimestamp);
}
constructor(address initialOwner) Ownable(initialOwner) {}
/**
* @notice Allows the owner to set the house price for a token
* @param _tokenId The ID of the RAAC token
* @param _amount The price to set for the house in USD
*
* Updates timestamp for each token individually
*/
function setHousePrice(
uint256 _tokenId,
uint256 _amount
) external onlyOracle {
tokenToHousePrice[_tokenId] = _amount;
lastUpdateTimestamp = block.timestamp;
emit PriceUpdated(_tokenId, _amount);
}
RAACNFT uses the price without scaling
function mint(uint256 _tokenId, uint256 _amount) public override {
uint256 price = raac_hp.tokenToHousePrice(_tokenId);
if(price == 0) { revert RAACNFT__HousePrice(); }
if(price > _amount) { revert RAACNFT__InsufficientFundsMint(); }
Impact
Wrong prices uses for selling, estimating value, liquidation.
Tools Used
Manual review.
Recommendations
The simplest is to make RAACHousePrices return scaled prices, ie multiplied by asset decimals.
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.