Due to Arbitrum Sequencer, `LiquidationPool::pendingStake` Deadline Can Be Less Than 1 Day, Leading to Anticipated Vault Liquidation
Description
On Arbitrum, a sequencer is utilized for block.timestamp, and it can deviate by up to 24 hours earlier or 1 hour in the future compared to real-time (Arbitrum docs).
In the provided code, only a 1-day window is considered, which is risky on Arbitrum:
Impact
A validator could exploit this behavior by anticipating the pendingStake delay, monitoring vaults for potential liquidation, and strategically adding stake with a block.timestamp 24 hours earlier. By validating the liquidation with the real timestamp or 1 hour in the future, the validator could potentially earn the largest share of the vault. While the finding is medium due to the difficulty and non-deterministic nature of anticipation, the validator's ability to recover stakes quickly allows for repeated attempts until successful.
Recommended Mitigation
For the Arbitrum deployment, it is recommended to increase the deadline for pendingStake to 2 days.
Lead Judging Commences
Arbitrum-sequncer
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.