15,000 USDC
View results
Submission Details
Severity: medium
Valid

staleCheckLatestRoundData() doesn't check if a sequencer is down in Chainlink feeds

Summary

When we are using Chainlink in L2 chains like Arbitrum, it's important to ensure that the prices that we gor from latestRoundData as fresh as possible even when the sequencer is down. This vulnerability could potentially be exploited by malicious user to gain some advantage.

Vulnerability Details

There is an oracle function to check for stale prices:

function staleCheckLatestRoundData(AggregatorV3Interface priceFeed)
public
view
returns (uint80, int256, uint256, uint256, uint80)
{
(uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound) =
priceFeed.latestRoundData();
uint256 secondsSince = block.timestamp - updatedAt;
if (secondsSince > TIMEOUT) revert OracleLib__StalePrice();
return (roundId, answer, startedAt, updatedAt, answeredInRound);
}

However it is not check if a sequencer is down. It can become a problem if you use the oracle on different l2 chains, like Arbitrum, as it could return a stale price.

Impact

The protocol can be abused by malicious user on L2 chains.

Tools Used

Manual review

Recommendations

Provide a check for a seqencer as it recommended in the Chainlink docs: https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code, like

bool isSequencerUp = answer == 0;
if (!isSequencerUp) {
revert SequencerDown();
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.