The Standard

The Standard
DeFiHardhat
20,000 USDC
View results
Submission Details
Severity: medium
Invalid

Missing checks for whether Arbitrum Sequencer is active

Summary

When the Arbitrum sequencer is down and then comes back up, all Chainlink price updates will become available on Arbitrum within a very short time.

This leaves users no time to react to the price changes which can lead to unfair reward distribution.

Vulnerability Details

The protocol intends to deploy to arbtrium as well!
So Using Chainlink in L2 chains such as Arbitrum requires to check if the sequencer is down to avoid prices from looking like they are fresh although they are not.

The bug could be leveraged by malicious actors to take advantage of the sequencer downtime.

Impact

The price recorded by latestRoundData will be inaccurate since the true price won't be reported to the chain due to the sequence being down. This could lead to users being reported an outdated price

Tools Used

Manual Review

Recommendations

It is recommended to follow the code example of Chainlink:

https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Arbitrum-sequncer

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

Arbitrum-sequncer

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.