Zaros Part 1

Summary

Errors in isSequencerUpcheck and if the answer from sequencer uptime feed is negative

Vulnerability Details

The condition for isSequencerUp is incorrect. It assumes that the sequencer is up when the answer is 0, which is the opposite of how Chainlink's Sequencer Uptime Feed typically works.

In Chainlink's Sequencer Uptime Feed:

• A value of 0 typically indicates that the sequencer is down or offline.

• A value of 1 typically indicates that the sequencer is up and running.

Additionally, there are a few other points to note:

1. The function doesn't check if the answer from the sequencer uptime feed is negative, which could lead to unexpected behavior.

2. The price feed check doesn't verify if the answer is positive, which is typically expected for price data.

3. The conversion of answer to UD60x18 assumes it's always positive, which might not be true for all price feeds.

Impact

This error could lead to the function incorrectly determining the sequencer's status, potentially allowing operations when the sequencer is actually down, or preventing operations when the sequencer is up.

Tools Used

Manual Review

Recommendations

bool isSequencerUp = answer == 1;````if (!isSequencerUp) {````revert Errors.OracleSequencerUptimeFeedIsDown(address(sequencerUptimeFeed));````}

`if (answer < 0) {
revert Errors.InvalidSequencerUptimeFeedReturn();
}
bool isSequencerUp = answer == 1;

// In the price feed section:
if (answer <= 0) {
revert Errors.InvalidOracleReturn();
}`