Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Unverified Sequencer Status in Data Validation

tsar

Summary

Assuming this contract is not deployed on Ethereum it needs to use a Sequencer, the function staleCheckLatestRoundData is not checking for it, it's checking for stale price only. Checking for a stale price ensures the data is recent but if the Sequencer is offline, even recent data could be incorrect or unreliable. The Sequencer is responsible for ordering and validating transactions, so if it's down, the data from the Chainlink Oracle might not reflect the true state of the network. So, checking both the data freshness and the Sequencer status provides a more robust validation.

Vulnerability Details

The staleCheckLatestRoundData checks if price data is fresh but doesn't verify if the data delivery system (L1s/L2s/Sidechains Sequencer) is working.

Impact

If the Sequencer is down, even fresh data might be wrong, leading to potential contract malfunctions or exploits.

Tools Used

Manual review

Recommendations

Check sequencer uptime before consuming any price data. The Chainlink docs(https://docs.chain.link/data-feeds/l2-sequencer-feeds) on L2 Sequencer Uptime Feeds specify more details.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.