Summary

Chainlink recommends that all Optimistic L2 oracles consult the Sequencer Uptime Feed to ensure that the sequencer is live before trusting the data returned by the oracle.
Using Chainlink in L2 chains such as Optimism requires to check if the sequencer is down to avoid prices from looking like they are fresh although they are not.The bug could be leveraged by malicious actors to take advantage of the sequencer downtime.

Vulnerability Details

According to the project team's understanding, this contract may be deployed on any EVM-compatible blockchain. However, if the contract is deployed on certain Layer 2 (L2) chains, the oracle may return incorrect prices. When using Chainlink in L2 chains like Optimism, it is necessary to check if the sequencer is down to avoid receiving prices that appear fresh but are not accurate.
The presence of this bug could potentially be exploited by malicious actors to take advantage of the sequencer downtime and manipulate the contract's behavior to their advantage.
https:docs.chain.link/data-feeds#l2-sequencer-uptime-feeds

This is the link to the previous vulnerability reports.
https://github.com/sherlock-audit/2022-11-sentiment-judging/issues/3
https://github.com/sherlock-audit/2023-04-blueberry-judging/issues/142

Impact

Using incorrect prices can cause serious issues, and you can refer to the link I provided for more details.

Tools Used

vscode

Recommendations

It is recommended to follow the code example of Chainlink:https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code