15,000 USDC
View results
Submission Details
Severity: medium
Valid

No validation to ensure the arbitrum sequencer is down

Summary

There is no validation to ensure sequencer is down

Vulnerability Details

Using Chainlink in L2 chains such as Arbitrum requires to check if the sequencer is down to avoid prices from looking like they are fresh although they are not.

The bug could be leveraged by malicious actors to take advantage of the sequencer downtime.

Impact

When sequencer is down, stale price is used for oracle and the borrow value and collateral value is calculated and the protocol can be forced to rebalance in a loss position

Tools Used

Manual review

Recommendations

Recommend to add checks to ensure the sequencer is not down.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.