Description

The implemented functionality to preview NFT orders is incomplete. For example, the call below does not pass the _data and _tokenIds, which are required to determine the totalPrincipal. As it currently stands, even the most critical fields like totalPrincipal are not populated:

function previewBuyNowParams(address _collection)
    public
    view
    returns (ExecuteBuyNowParams memory)
{
    ExecuteBuyNowParams memory params;
    ReserveData memory reserveData = LibLiquidity.getReserveData(
        _collection
    );
    ReserveConfigurationMap memory reserveConf = LibReserveConfiguration
        .getConfiguration(_collection);

    (params.epoch, params.term) = reserveConf.getBorrowParams();
    params.nper = params.term / params.epoch;

    params.outstandingPrincipal =
        params.totalPrincipal -
        params.totalPrincipal /
        params.nper;

Impact

There is a high probability that users would rely on the intended functionality of previewBuyNow(...) to improve their user experience.

Currently, the operation is non-functional and users would not be able to preview orders.

This could discourage user engagement.

Recommendations

We suggest fully specifying the desired functionality in previewBuyNow(...) and then updating the function accordingly. For example, parameters like _data and _tokenId should be passed to return the purchase price of the NFT and the average trading price of the NFTs in the collection. This would further allow fields like params.totalPrincipal to be populated and hence result in correct interest rate calculations.

Remediation

Voyage has refactored the function to populate a new struct PreviewBuyNowParams in commit f3db2541↗. It has been verified that the struct has been populated in the following commits 2f4da9c9↗ and e1892115↗.