Using Chainlink in L2 chains such as Arbitrum requires to check if the sequencer is down to avoid prices from looking like they are fresh although they are not.
The bug could be leveraged by malicious actors to take advantage of the sequencer downtime.
The OracleLib
is used the get the the price of collateral. There is no check that the sequencer is down:
could potentially be exploited by malicious actors to gain an unfair advantage.
Manual Review
Code example of Chainlink:
https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.