[M] Missing checks for whether L2 Sequencer is active may result in stale prices being used
Summary
When deploying the contract on any EVM-compatible blockchain, including Layer 2 solutions like Arbitrum, it's crucial to assess the timeliness of the data from Chainlink oracles, especially under circumstances where the Arbitrum sequencer might be inactive. It's essential to verify the sequencer's operational status before relying on the oracle data.
Vulnerability Details
Should there be a disruption in the Arbitrum Sequencer, the oracle data could become outdated, leading to potential issues with data staleness. Although the function staleCheckLatestRoundData() checks for stale prices, it doesn't evaluate the status of the Arbitrum Sequencer. Given that the OracleLib.sol library is employed for assessing Chainlink Oracle for stale information, it's necessary to incorporate this additional check. Further guidance on this can be found in Chainlink's documentation regarding L2 Sequencer Uptime Feeds:
https://docs.chain.link/data-feeds#l2-sequencer-uptime-feeds
Impact
In cases where the Arbitrum sequencer is down, the system will allow users to continue their transactions using the last known (albeit stale) exchange rates. This approach helps ensure continuity of operations during such outages.
Tools Used
Manual Review
Recommendations
Check out an example of how to address this here:
https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code
Or you can implement something like below.
Lead Judging Commences
Arbitrum-sequncer
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.