Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

L2 Sequencer Uptime Feeds are not supported in Avalanche

0xstuart

Summary

The KeeperProxy contract utilizes the Chainlink sequencer uptime feeds to ensure that the fed prices had come from a valid L2 sequencer.

However, since L2 Sequencer Uptime Feeds are not available on Avalanche, the KeeperProxy::_validatePrice() function will always revert with failure.

Vulnerability Details

The KeeperProxy::_validatePrice() function validates sequencer uptime prior to getting prices via GMX reader.

function _validatePrice(address perpVault, MarketPrices memory prices) internal view {
// L2 Sequencer check
(
/*uint80 roundID*/,
int256 answer,
uint256 startedAt,
/*uint256 updatedAt*/,
/*uint80 answeredInRound*/
) = AggregatorV2V3Interface(sequencerUptimeFeed).latestRoundData();
bool isSequencerUp = answer == 0;
require(isSequencerUp, "sequencer is down");
// Make sure the grace period has passed after the sequencer is back up.
uint256 timeSinceUp = block.timestamp - startedAt;
require(timeSinceUp > GRACE_PERIOD_TIME, "Grace period is not over");
... ...
}

However, according to this Chainlink documentation, Avalanche doesn't support the L2 sequencer uptime feeds.

Impact

The KeeperProxy won't work at all on Avalanche Network.

Tools Used

Manual Review

Recommendations

The _validatePrice() function should not check L2 sequencer uptime on Avalanche.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_Avalanche_has_no_sequencer

Likelihood: High, run and runNextAction will revert. Impact: Low, any deposit will be retrieve thanks to cancelFlow.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!