Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Sequencer status is not implemented correctly, possibly resulting in stale prices

Cryptor

Summary

No check for startedAt = 0, can result in stale prices reported by the chainlink oracle

Vulnerability Details

The protocol attemps to protect itself from stale price feeds from Chainlink using the following the following code

https://github.com/Cyfrin/2024-07-zaros/blob/35b344033dbf37de76a53783de4d74187f88c3e7/src/external/chainlink/ChainlinkUtil.sol#L41-L57

if (address(sequencerUptimeFeed) != address(0)) {

try sequencerUptimeFeed.latestRoundData() returns (

uint80, int256 answer, uint256 startedAt, uint256, uint80

) {

bool isSequencerUp = answer == 0;

if (!isSequencerUp) {

revert Errors.OracleSequencerUptimeFeedIsDown(address(sequencerUptimeFeed));

}

uint256 timeSinceUp = block.timestamp - startedAt;

if (timeSinceUp <= Constants.SEQUENCER_GRACE_PERIOD_TIME) {

revert Errors.GracePeriodNotOver();

}

} catch {

revert Errors.InvalidSequencerUptimeFeedReturn();

}

The problem here is that there is no check that startedAt = 0. According to the chainlink docs, if the sequencer is down, both startedAt and answer are equal to 0. However there is only a check that the answer is equal to 0. This means that in the situation that the both startedAt and the answer are equal to 0, the function getPrice should revert, but in this case it will not since block.timestamp - 0 (startedAt), will always be greater that the default grace period time which is 3600. See the except below

![chainlink] (https://cdn.discordapp.com/attachments/1165340854853042200/1267641765029085184/image.png?ex=66a986e4&is=66a83564&hm=48c7b42d0398578bfddc19c9392cc164f2dde0adedefad82b204c3df644faa63&)

Impact

The current implementation of the chainlink sequencer checks will not wokr properly causing the function getprice to pass during sitautions where the sequencer is offline, resulting in unexpected results

Tools Used

Manual Review

Recommendations

Add a check to revert if startedAt = 0.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Inadequate implementation of sequencer check

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!