Protocol is not compatible with `Avalanche`
Summary
The KeeperProxy contract is incompatible with the Avalanche blockchain due to its reliance on Chainlink’s L2 sequencer uptime feed, which is not supported on Avalanche. Additionally, the contract hardcodes the Arbitrum sequencer address, further limiting its deployment scope.
Vulnerability Details
The contract initializes sequencerUptimeFeed with an Arbitrum-specific Chainlink feed address, which is not compatible with Avalanche. Since Avalanche lacks Chainlink's L2 sequencer uptime feed, any functionality dependent on this feed will fail.
Impact
The contract cannot function on Avalanche, restricting its usability to networks where the Chainlink L2 sequencer uptime feed exists.
Any automated operations relying on
sequencerUptimeFeedwill fail on Avalanche, leading to potential disruptions in contract execution.Deployment flexibility is reduced, limiting multi-chain operability.
Tools Used
Manual review
Recommendations
Use a configurable sequencer uptime feed:
Store the feed address in an immutable constructor argument or an upgradeable setter function, rather than hardcoding it.
Example:
function setSequencerUptimeFeed(address _feed) external onlyOwner {sequencerUptimeFeed = AggregatorV2V3Interface(_feed);}
And use it only on chains where sequencer exists.
Lead Judging Commences
finding_Avalanche_has_no_sequencer
Likelihood: High, run and runNextAction will revert. Impact: Low, any deposit will be retrieve thanks to cancelFlow.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.