Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

if `sequencerUptimeFeed` is zero address the functions doesn't revert

Panthers

Github
https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/leaves/MarginCollateralConfiguration.sol#L73
https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/leaves/PerpMarket.sol#L77

Summary

The InvalidSequencerUptimeFeedReturn error is defined in Errors.sol and is thrown when the provided sequencerUptimeFeed is the zero address.

/// @notice Thrown when the provided `sequencerUptimeFeed` is the zero address.
error SequencerUptimeFeedNotDefined();

However, this error is not utilized anywhere in the code. Specifically, in the following two functions, when the sequencer uptime feed is fetched, it is not checked for a zero address:

/// @notice Returns the PerpMarket index price based on the price adapter.
/// @param self The PerpMarket storage pointer.
function getIndexPrice(Data storage self) internal view returns (UD60x18 indexPrice) {
address priceAdapter = self.configuration.priceAdapter;
uint32 priceFeedHeartbeatSeconds = self.configuration.priceFeedHeartbeatSeconds;
GlobalConfiguration.Data storage globalConfiguration = GlobalConfiguration.load();
address sequencerUptimeFeed = globalConfiguration.sequencerUptimeFeedByChainId[block.chainid];
if (priceAdapter == address(0)) {
revert Errors.PriceAdapterNotDefined(self.id);
}
indexPrice = ChainlinkUtil.getPrice(
IAggregatorV3(priceAdapter), priceFeedHeartbeatSeconds, IAggregatorV3(sequencerUptimeFeed)
);
}
/// @notice Returns the price of the given margin collateral type.
/// @param self The margin collateral type storage pointer.
/// @return price The price of the given margin collateral type.
function getPrice(Data storage self) internal view returns (UD60x18 price) {
address priceFeed = self.priceFeed;
uint32 priceFeedHeartbeatSeconds = self.priceFeedHeartbeatSeconds;
GlobalConfiguration.Data storage globalConfiguration = GlobalConfiguration.load();
address sequencerUptimeFeed = globalConfiguration.sequencerUptimeFeedByChainId[block.chainid];
if (priceFeed == address(0)) {
revert Errors.CollateralPriceFeedNotDefined();
}
price = ChainlinkUtil.getPrice(
IAggregatorV3(priceFeed), priceFeedHeartbeatSeconds, IAggregatorV3(sequencerUptimeFeed)
);
}

The zero address check for the sequencer uptime feed is only performed in ChainlinkUtil but SequencerUptimeFeedNotDefined is still not utilized.

Impact

The SequencerUptimeFeedNotDefined error is defined in Errors.sol but is not used anywhere in the codebase. Now if a feed is not defined and zero address is return which is normal, so it will not revert.

Recommendation

Whenever globalConfiguration.sequencerUptimeFeedByChainId is fetched, it should be checked for a zero address. If it is a zero address, the SequencerUptimeFeedNotDefined error should be thrown.

GlobalConfiguration.Data storage globalConfiguration = GlobalConfiguration.load();
address sequencerUptimeFeed = globalConfiguration.sequencerUptimeFeedByChainId[block.chainid];
if (sequencerUptimeFeed == address(0)) {
revert Errors.SequencerUptimeFeedNotDefined();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

`sequencerUptimeFeed` has not yet been configured

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.