This repository has been archived by the owner on Nov 5, 2023. It is now read-only.
tsvetanovv - Missing check for active Arbitrum Sequencer in ChainlinkAdapterOracle.sol
#57
Labels
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Comments
github-actions
bot
added
Medium
|
Escalate for 10 USDC This issue is duplicated on #142 |
You've created a valid escalation for 10 USDC! To remove the escalation from consideration: Delete your comment. You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final. |
|
Valid escalation |
|
Escalation accepted Valid duplicate of #142 |
This issue's escalations have been accepted! Contestants' payouts and scores will be updated according to the changes made on this issue. |
sherlock-admin
added
Escalation Resolved
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
tsvetanovv
medium
Missing check for active Arbitrum Sequencer in
ChainlinkAdapterOracle.solSummary
In Q&A we see:
You should always check for sequencer availability when using Chainlink's Arbitrum price feeds.
Vulnerability Detail
Optimistic rollup protocols move all execution of the layer 1 (L1) Ethereum chain, complete execution on a layer 2 (L2) chain, and return the results of the L2 execution back to the L1. These protocols have a sequencer that executes and rolls up the L2 transactions by batching multiple transactions into a single transaction.
If a sequencer becomes unavailable, it is impossible to access read/write APIs that consumers are using and applications on the L2 network will be down for most users without interacting directly through the L1 optimistic rollup contracts. The L2 has not stopped, but it would be unfair to continue providing service on your applications when only a few users can use them.
Reference
Impact
If the Arbitrum Sequencer goes down, oracle data will not be kept up to date, and thus could become stale.
Code Snippet
https://github.com/sherlock-audit/2023-04-blueberry/blob/main/blueberry-core/contracts/oracle/ChainlinkAdapterOracle.sol#L24
Tool used
Manual Review
Recommendation
Check this example -> https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code
Duplicate of #142
The text was updated successfully, but these errors were encountered: