Foundry DeFi Stablecoin CodeHawks Audit Contest
Cyfrin
DeFiFoundry
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Deploying on L2 will not look at sequencer feeds

0xdeadbeef

Summary

This codebase is meant to be deployed on any EVM compatible chain. However, some chains such as Arbitrum and Optimism will open a possibility of stale trading without reverting

Vulnerability Details

Chainlink on Arbitrum and Optimism have a sequencer uptime feed that allows project to check if an asset price is updated or is stale.

Currently, the OracleLib allows a 3 hour threshold before marking a price result as stale.
Some feeds get updated very frequently and some do not, depends on price volatility. However 3 hours should indeed be enough.

HOWEVER - if a sequencer is down, price feeds will not be updated but can still be used on the L2.

Consider the following scenario.

  1. Alice has 1000$ worth of ARB token.

  2. Alice sees that Arbitrum sequencer is down for 2 hours and the ARB token price is down accordingly

  3. To prevent loss of her token value, Alice deposits all her ARB in the DSCEngine. Since DSCEngine does not check the sequencer feed, she will mint DSC at a stale price worth of 1000$.

function staleCheckLatestRoundData(AggregatorV3Interface priceFeed)
view
returns (uint80, int256, uint256, uint256, uint80)
{
(uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound) =
priceFeed.latestRoundData();
uint256 secondsSince = block.timestamp - updatedAt;
if (secondsSince > TIMEOUT) revert OracleLib__StalePrice();
return (roundId, answer, startedAt, updatedAt, answeredInRound);
}

Impact

Loss of funds (DCS incorrectly assumes prices)

Tools Used

Recommendations

Check the sequencer feed according to chainlink recommendations: https://docs.chain.link/data-feeds/l2-sequencer-feeds#overview

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.