Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Chainlink Sequencer validation can lead to DoS

crmx_lom

Summary

The KeeperProxy contract uses Chainlink L2 Sequencer Uptime Feed and data feed.

function initialize() external initializer {
__Ownable2Step_init();
sequencerUptimeFeed = AggregatorV2V3Interface(0xFdB631F5EE196F0ed6FAa767959853A9F217697D);
}

The _validatePrice function validates the market prices against the Chainlink data feed.

function _validatePrice(address perpVault, MarketPrices memory prices) internal view {
// L2 Sequencer check
(
/*uint80 roundID*/
,
int256 answer,
uint256 startedAt,
/*uint256 updatedAt*/
,
/*uint80 answeredInRound*/
) = AggregatorV2V3Interface(sequencerUptimeFeed).latestRoundData();
bool isSequencerUp = answer == 0;
require(isSequencerUp, "sequencer is down");
// Make sure the grace period has passed after the sequencer is back up.
uint256 timeSinceUp = block.timestamp - startedAt;
require(timeSinceUp > GRACE_PERIOD_TIME, "Grace period is not over");
...

In the description of the Gamma(Liquidity Management):

Compatibilities: Blockchains: - Arbitrum / Avalanche

Vulnerability Details

The problem is that the Avalanche chain does not use "L2 Sequencer Uptime Feeds" and there is no feed at this address. It follows that the operation of functions run and runNextAction will be broken.

Impact

When a contract is deployed Avalanche chain, the operation of functions run and runNextAction will be broken.

Tools Used

Manual review

Recommendations

Updates

Lead Judging Commences

n0kto Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_Avalanche_has_no_sequencer

Likelihood: High, run and runNextAction will revert. Impact: Low, any deposit will be retrieve thanks to cancelFlow.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.