but here is the issue: NFT print is very volatitle, if can increase by 200% of drop 60%, in the case when the NFT price does drop or increase, the onchain data rejects the valid price.
Consider this case:
a NFT is worth 80 ETH.
suddenly the NFT project rugs and the price drops to 10 ETH.
The deviation is too high and there is no way to adjust MAX_DEVIATION_RATE and the valid price cannot be recorded as TWAP price on-chain.
User's position cannot liquidated and user consider to borrow as if the NFT worht 80 ETH and leave the project in a insovlent position.
Tools Used
Manual Review
Recommended Mitigation Steps
Check timestamp of the updated price, make the MAX_DEVIATION_RATE adjustable.
Lines of code
https://github.com/code-423n4/2022-11-paraspace/blob/c6820a279c64a299a783955749fdc977de8f0449/paraspace-core/contracts/misc/NFTFloorOracle.sol#L14 https://github.com/code-423n4/2022-11-paraspace/blob/c6820a279c64a299a783955749fdc977de8f0449/paraspace-core/contracts/misc/NFTFloorOracle.sol#L371 https://github.com/code-423n4/2022-11-paraspace/blob/c6820a279c64a299a783955749fdc977de8f0449/paraspace-core/contracts/misc/NFTFloorOracle.sol#L206
Vulnerability details
Impact
the MAX_DEVIATION_RATE restriction can reject valid NFT price oracle.
Proof of Concept
the MAX_DEVIATION_RATE is hardcoded in the NFTFloorPrice.sol
then we set:
the parameter is used below:
note the line:
if the price moves below or above MAX_DEVIATION_RATE, the price update is rejected.
but here is the issue: NFT print is very volatitle, if can increase by 200% of drop 60%, in the case when the NFT price does drop or increase, the onchain data rejects the valid price.
Consider this case:
Tools Used
Manual Review
Recommended Mitigation Steps
Check timestamp of the updated price, make the MAX_DEVIATION_RATE adjustable.