Description:

Arbitrium, as a layer 2 rollup network, moves all execution off the layer 1 (L1) Ethereum chain, completes execution on its chain, and returns the results of the L2 execution back to the L1. This protocol has a sequencer that executes and rolls up the L2 transactions by batching multiple transactions into a single transaction.

If a sequencer becomes unavailable, it is impossible to access read APIs, such as the Chainlink oracle price feed. This could throw off the price-reliant functions in the contract, for example, LiquidationPool::distributeAssets().

Impact:

The roll-up sequencer can become offline, potentially leading to vulnerabilities due to stale prices.

Tools Used:

• Manual review

Recommended Mitigation Steps:

To identify when the sequencer is unavailable, you can use a data feed that tracks the last known status of the sequencer at a given point in time. See here