No check for active arbitrum sequencer could result in the wrong
Summary
No check for the arbitrum sequencer could result in the wrong amount of assets distributed
Vulnerability Details
Observe the following code
https://github.com/Cyfrin/2023-12-the-standard/blob/91132936cb09ef9bf82f38ab1106346e2ad60f91/contracts/LiquidationPool.sol#L207
https://github.com/Cyfrin/2023-12-the-standard/blob/91132936cb09ef9bf82f38ab1106346e2ad60f91/contracts/LiquidationPool.sol#L207
The function distributeAssets uses chainlink price feeds to calculate the amount of assets to be distributed to holders shown here
The critical issue here is the absence of a mechanism to verify the current status of the Arbitrum sequencer. Arbitrum, being a Layer 2 solution, relies on a sequencer for ordering transactions before they are batched and posted to Ethereum. When the Arbitrum sequencer is offline or experiencing delays, the data relayed to the Layer 1 Ethereum blockchain can become outdated or incorrect.
This gap in the implementation leads to a significant risk: if the sequencer is down, the Chainlink price feeds may relay stale or inaccurate price data. Since the distributeAssets function directly uses this data to calculate the distribution of assets to stakeholders, any incorrect price information directly impacts the fairness and accuracy of the distribution process.
Impact
User can receive the wrong amount of rewards based on stale chainlink feeds
Tools Used
manual review
Recommendations
Check for whether the arbitrum sequencer is active
Lead Judging Commences
Arbitrum-sequncer
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.