Calls to the Well can return staled price on L2
Summary
Beanstalk relies on Basin(Pump/Well) to read the prices and provide it to different components for instance: SeasonFacet, PipelineConvertFacet, LibWellBdv, LibWellMinting, LibDeltaB, etc.
The pump functions are based on the time-weighted price, returning the time-weighted average. For instance:
-
readInstantaneousReserves
-
readTwaReserves
-
readCappedReserves
In the event that an L2's sequencer goes down, the time-weighted price when it comes back online will be the extrapolated previous price. This will create an opportunity to push through transactions at the old price before it is updated.
Impact
Even when the new price is read from the Pump, it will be assumed by the sequencer that the previous price held up until the moment it came back online, which will result in a slow, time-weighted adjustment back to the current price.
Reference of a similar issue: https://solodit.xyz/issues/h-01-univ3-oracle-unsafe-on-l2s-in-event-of-sequencer-downtime-zachobront-none-splits-oracle-markdown
Tools Used
Manual Review
Recommendations
Use the Chainlink Sequencer check before consuming the price from the Well/Pump.
https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code
Lead Judging Commences
L2 Sequencer check
Appeal created
L2 Sequencer check
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.