Stratax Contracts
First Flight #57
Beginner FriendlyDeFi
100 EXP
View all submissions
Previous Next
Submission Details
Impact: high
Likelihood: low

Missing L2 Sequencer uptime check

Author Revealed upon completion

Root + Impact

Description

  • The protocol intends to deploy on "All EVM-compatible chains", which includes Layer 2 solutions like Arbitrum and Optimism.

  • The StrataxOracle relies solely on Chainlink feeds but lacks a mechanism to check if the L2 Sequencer is active.

// @> Root cause: No validation of L2 Sequencer status before trusting price feeds.
function getPrice(address _token) public view returns (uint256 price) {
// ...

Risk

Likelihood:

  • L2 Sequencers occasionally go offline for maintenance or due to bugs.

Impact:

  • If the Sequencer goes down, Chainlink updates transaction execution halts, but the L2 state might still be readable/accessible via force inclusion (depending on the chain) or purely stale.

  • When the Sequencer comes back online, pending transactions are processed. Opportunistic traders can exploit the price difference between the stale L2 price and the real-world price before the Chainlink update transaction is processed.

Proof of Concept

.

Recommended Mitigation

Implement the Chainlink AggregatorV2V3Interface for the Sequencer Uptime Feed.

+ // Add interface and address for Sequencer Uptime Feed
+ function getPrice(address _token) public view returns (uint256 price) {
+ if (isL2) {
+ checkSequencerUptime();
+ }
+ // ... existing logic
+ }

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!