The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Arbitrum Sequencer Check

favelanky

Summary

To ensure accurate price data, it is crucial to incorporate a verification mechanism for the status of the Arbitrum Sequencer when using Chainlink oracles. In the event of sequencer downtime, Chainlink oracles may provide outdated prices until a new L2 OCR transaction is processed.

Vulnerability Details

LiquidationPool.sol

207: (,int256 priceEurUsd,,,) = Chainlink.AggregatorV3Interface(eurUsd).latestRoundData();
218: (,int256 assetPriceUsd,,,) = Chainlink.AggregatorV3Interface(asset.token.clAddr).latestRoundData();

Impact

The absence of a sequencer status check could lead to stale prices in the event of sequencer downtime. This scenario may result in false liquidations or over-borrowing, especially if prices deviate while the sequencer is offline.

Tools Used

Manual review

Recommendations

To mitigate potential exploits arising from outdated prices during transactions submitted through the L1 Delayed Inbox mechanism, it is advised to utilize a Chainlink oracle to determine the availability of the sequencer and prevent operations from occurring while the sequencer is offline.

(
/*uint80 roundID*/,
int256 answer,
uint256 startedAt,
/*uint256 updatedAt*/,
/*uint80 answeredInRound*/
) = sequencerUptimeFeed.latestRoundData();
// Answer == 0: Sequencer is up
// Answer == 1: Sequencer is down
bool isSequencerUp = answer == 0;
if (!isSequencerUp) {
revert SequencerDown();
}
Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Arbitrum-sequncer

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

Arbitrum-sequncer

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.