`LendingPool` borrowing is vulnerable to price update front-running issue
Summary
Users can front-run the price update of a house to deposit the NFT before the update and borrow up to maximum capacity. Then when the price update happens, the loan is already undercollateralized, allowing the user to leave with an instant profit and not be impacted by the decreased value of the NFT.
Vulnerability details
A user hold a HouseNFT and detect that its price will drop.
The attacker front-run the price update to deposit this houseNFT and borrow up to maximum capacity in a same transaction, to finally let the price update be executed.
If the house price drop is bigger than the collateralization ratio protection[1], the attacker would have borrowed more than what the house NFT is worth after the update, allowing him to leave with the profit and never repay its loan.
[1] The collateralization ratio protection is represented by the variable liquidationThreshold, which can be updated to any value between 0% and 100%, making that attack
Impact
Attackers can create undercollateralized positions that he has detected at risk, and leave with a profit.
Recommended Mitigation Steps
Do not allow to call depositNFT and borrow in a same block.
Lead Judging Commences
LendingPool vulnerable to oracle front-running where users can deposit NFT and borrow max amount before price drops, creating instant undercollateralized positions for profit
LendingPool vulnerable to oracle front-running where users can deposit NFT and borrow max amount before price drops, creating instant undercollateralized positions for profit
Appeal created
LendingPool vulnerable to oracle front-running where users can deposit NFT and borrow max amount before price drops, creating instant undercollateralized positions for profit
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.