No Check for L2 Sequencer Downtime in Oracle Price Feeds
Summary
The protocol retrieves price data from an oracle but does not check if the L2 sequencer is down. When deployed on Base (Chain ID: 8453), failing to verify sequencer status can result in stale price data being misinterpreted as fresh, leading to incorrect collateral valuations and potential exploitation.
Vulnerability Details
The protocol fetches NFT prices from an oracle using the following function:
Although the function retrieves a timestamp, it does not verify whether the sequencer is operational . On Base (or any other OP Stack L2), a sequencer outage can freeze price updates, causing outdated values to be used as if they were current.
Impact
Collateral mispricing: Borrowers could take out larger loans than warranted or avoid liquidations unfairly.
Market manipulation: Attackers could exploit stale prices during sequencer downtime to manipulate positions.
Financial risk: The lending system may rely on outdated oracle data, leading to miscalculated interest rates or improper liquidations.
Recommendation
Add a check to verify the sequencer status and ensure the retrieved price is recent. Chainlink provides an example implementation:
https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code
Lead Judging Commences
Protocol lacks L2 sequencer status checks, allowing transactions to execute at a lower price after downtime in Dutch auctions, or consuming stale prices
Protocol lacks L2 sequencer status checks, allowing transactions to execute at a lower price after downtime in Dutch auctions, or consuming stale prices
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.