Foundry DeFi Stablecoin CodeHawks Audit Contest
Cyfrin
DeFiFoundry
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Adding Sequencer Check for Chainlink Oracle Data on Layer-2 Networks

pengun

Summary

The current code uses Chainlink Oracles for price feeds. However, according to the Chainlink documentation(https://docs.chain.link/data-feeds/l2-sequencer-feeds), it's recommended to check if the sequencer is operational when using Oracles on Layer-2 (L2) networks.

Vulnerability Details

The Chainlink Oracle provides a method for verifying the status of the sequencer, which allows you to know whether or not the Oracle is receiving regular updates.

Therefore, it's advised to add a check for sequencer operation in the current logic that verifies whether the Oracle data is stale.

Impact

Without this check, there's a risk that the system could operate on outdated or stale price data from the Oracle, which could lead to incorrect calculations and actions in the system.

Tools Used

VS Code

Recommendations

// Check the sequencer status and return the latest data
function getLatestData() public view returns (int) {
// prettier-ignore
(
/*uint80 roundID*/,
int256 answer,
uint256 startedAt,
/*uint256 updatedAt*/,
/*uint80 answeredInRound*/
) = sequencerUptimeFeed.latestRoundData();
// Answer == 0: Sequencer is up
// Answer == 1: Sequencer is down
bool isSequencerUp = answer == 0;
if (!isSequencerUp) {
revert SequencerDown();
}
// Make sure the grace period has passed after the
// sequencer is back up.
uint256 timeSinceUp = block.timestamp - startedAt;
if (timeSinceUp <= GRACE_PERIOD_TIME) {
revert GracePeriodNotOver();
}
// prettier-ignore
(
/*uint80 roundID*/,
int data,
/*uint startedAt*/,
/*uint timeStamp*/,
/*uint80 answeredInRound*/
) = dataFeed.latestRoundData();
return data;
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.