It is assumed that the project is supposed to be deployed on any EVM-based chain. Using Chainlink in L2 chains such as Arbitrum requires checking if the sequencer is down to avoid prices from looking like they are fresh although they are not.
In OracleLib.sol, staleCheckLatestRoundData() function is used the get the price of the tokens. There is no check that the sequencer is down.
In DSCEngine.sol, staleCheckLatestRoundData() is utilized in getTokenAmountFromUsd() and getUsdValue().
The bug could be leveraged by malicious actors to take advantage of the sequencer downtime.
Manual Analysis
It is recommended to follow the code example of Chainlink:
https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.