Summary

In DSCEngine.sol, the Chainlink integration does not verify if the L2 sequencer is up before using the data provided by the price feed. If the sequencer goes down, invalid data can be provided to the DSCEngine smart contract.

Vulnerability Details

Optimistic rollup protocols move all execution off the layer 1 (L1) Ethereum chain, complete execution on a layer 2 (L2) chain, and return the results of the L2 execution back to the L1. These protocols have a sequencer that executes and rolls up the L2 transactions by batching multiple transactions into a single transaction. If a sequencer becomes unavailable, it is impossible to access read/write APIs that consumers are using and applications on the L2 network will be down for most users without interacting directly through the L1 optimistic rollup contracts. The L2 has not stopped, but it would be unfair to continue providing service on your applications when only a few users can use them.

In DSCEngine.sol:344, the function getTokenAmountFromUsd attempts to calculate the token amount from a specified USD amount in Wei. The function is designed to work with the price feed from the AggregatorV3Interface to get the necessary conversion rate. However, it does not check whether the sequencer is up and running in case the contract is deployed to a L2. This lack of an uptime check means that the data retrieved for conversion calculations might not be current or accurate, leading to incorrect conversions.

The same problem repeats with the function getAccountCollateralValue, which determines the total collateral value in USD for a particular user.

Impact

In case the contract is deployed to an L2 and the sequencer goes offline, incorrect conversions of amounts and imprecise evaluation of collateral values can happen.

Tools Used

Manual Review

Recommendations

If this contract is deployed to an L2, it is advised to implement the following code sample provided by Chainlink: https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code