Reliance on Chainlink Keepers for key operations.
Summary
The protocol depends on Chainlink Keepers to automate key operations like:
Distributing rewards from RewardsInitiator.sol
Sending cross-chain updates from SDLPoolCCIPControllerPrimary/Secondary.sol
If the Keepers fail or are disrupted, critical functionality would halt.
Vulnerability Details
An attacker could sabotage the Keepers to trigger a denial of service. For example:
Frontrun the keeper transaction and manipulate state to always revert
Disrupt the Chainlink node to prevent automation txs
Manipulate operations if keeper jobs are updated (e.g. change reward distribution)
Impact
The likelihood of a targeted attack is low. However, there are still failure risks if:
Chainlink nodes go down
Automation jobs need to be updated
Keepers halt if conditions unexpectedly change
Tools Used
Manual Review
Recommendations
Implement a DAO-controlled executor that can call operations
Build a decentralized network of keepers rather than relying on one Chainlink node
Improve redundancy between automation jobs
Adding decentralized execution and redundancy at the Keeper layer would help minimize issues if a disruption does occur.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.