Inadequate validation of `Sequencer` and `sequencerUptimeFeed` in the `ChainlinkUtil.getPrice` function
Summary
The ChainlinkUtil.getPrice() function fails to properly manage cases whereby the sequencerUptimeFeed reports a round that is invalid characterized by a startedAt value of 0. This will allow price to be retrieved even when the status of the sequencer is not reported correctly.
Vulnerability details
Looking at the getPrice function, there are checks incorporated in the priceFeed for the sequencerUptimeFeed to confirm the operational status of an L2 sequencer. However, these checks are not correctly implemented.
The code above will not apply during an "invalid round" which is when the startedAt time is 0 because when startedAt is 0, the calculationwill always yields a value exceeding SEQUENCER_GRACE_PERIOD_TIME which is set to 3600, thus preventing the code from reverting as intended in a scenario where the block.timestamp > 3600.
Impact
The inadequate validation can lead to the getPrice function not reverting even when the sequencer uptime feed is outdated or called during an invalid round. This could result in the use of potentially inaccurate or outdated price data.
Tools Used
Manual code review
Recommended mitigation steps
Implement an additional check in the ChainlinkUtil.getPrice() function to revert if the startedAt value returned by the sequencer uptime feed is 0. This will ensure that the function does not proceed with price fetching when the sequencer status is not reported correctly
Lead Judging Commences
Inadequate implementation of sequencer check
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.