Part 2

Summary

The Zaros perpetuals DEX relies on a Chainlink Sequencer Uptime Feed to determine whether the Arbitrum sequencer is online. This introduces a security risk because the sequencer uptime feed can be manipulated or report incorrect downtime, leading to

• Trading disruption

• Liquidation Issues

• Market exploitation
  This issue directly affects the integrity of the price feed, which is fundamental for security and fairness of perpetual trading.

Vulnerability Details

Since the PriceAdapter contract relies on the Chainlink Sequencer Uptime Feed, attackers can manipulate or exploit downtime in multiple ways:-

SCENARIO 1:

• Attack Vector: If the sequencer falsely reports downtime, the getPrice() function will stop returning updated prices, halting price-dependent actions such as:-

• Order Execution

• Liquidations

• Funding rate calculations

• Exploitation: Attackers can pause trading at key moments to prevent liquidations or delay price updates, allowing them to:

  • Avoid losing money on a bad trade.

  • Keep leveraged positions open artificially.

  • Disrupt the market to cause instability

Scenario 2:

• Attack Vector: If the uptime feed incorrectly marks the sequencer as online when it's actually down, the last known price is used instead of a fresh update.
  EXPLOITATION

• Attackers can manipulate off-chain movements to devalue collateral while keeping on-chain prices stale and incorrect.

• if liquidations occur based on old prices, traders could be unfairly liquidated due to incorrect data.

Scenario 3:
If the sequencer downtime blocks updates, but an attacker knows the real price from off-chain data, they can execute profitable trades before prices updates.
EXPLOITATION

• If the price updates suddenly resume, attackers can front-run price changes and execute free trades

Impact

• Traders position may fail to liquidate in time or get liquidated unfairly due to stale data.

• Market Makers (ZLP Liquidity Providers ): They could experience unfair drawdowns if prices don't reflect the actual market state.

• Trading disruption affects Zaro's reputation and reliability, discouraging LPs and traders from participating.

Likelihood

• Attackers can use external disruptions (DDos, gas spikes, network instability) to trigger false downtime reports.

Tools Used

Manual Review, Old Report Attack Books

Recommendations

Implement a fallback Price Oracle

• Introduce an additional off-chain or decentralized on-chain price feed (e.g., Uniswap TWAP or Pyth) as a backup

• Modify the getPrice() function to fallback to a secondary source when Chainlink's sequencer is offline.
  Time Based Failover Logic

• If the sequencer feed reports downtime for too long (e.g., > 10 minutes), pause liquidations & price-dependent trades to prevent unfair actions.