Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Chainlink Oracle doesn't check if L2 Sequencer is down

holydevoti0n

Summary

When utilizing Chainlink in L2 chains like (Arbitrum, OP, Base, Metis, Scroll, etc), it's important to ensure that the prices provided are not falsely perceived as fresh, even when the sequencer is down.

Vulnerability Details

LibChainlinkOracle has no check to verify whether the sequencer is down or not.

i.e:
function getPrice:

function getPrice(
address priceAggregatorAddress,
uint256 maxTimeout
) internal view returns (uint256 price) {
IChainlinkAggregator priceAggregator = IChainlinkAggregator(priceAggregatorAddress);
...
// Secondly, try to get latest price data:
try priceAggregator.latestRoundData() // @audit missing sequencer check
...

Functions impacted:

  • getTokenPrice

  • getPrice

  • getTwap

Impact

If the L2 sequencer goes down, the protocol will allow users to continue to operate at the previous (stale) rates.

Tools Used

Manual Review

Recommendations

Verify the sequencer before calling the Chainlink Price feed.

reference: https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

L2 Sequencer check

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.