This repository has been archived by the owner on Nov 12, 2023. It is now read-only.
immeas - sequencer uptime is not validated in ChainlinkOracle #316
Labels
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
Medium
sherlock-admin
added
Non-Reward
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
immeas
medium
sequencer uptime is not validated in ChainlinkOracle
Summary
Lack of validation if the Arbitrum sequencer is up in Chainlink oracle
Vulnerability Detail
It is best practice to verify that not only the price is up to date but also that the sequencer is up on L2 chains:
https://docs.chain.link/data-feeds/l2-sequencer-feeds
See this:
sherlock-audit/2023-04-blueberry-judging#142
Impact
Over-borrowing
JUSDor unwanted liquidations can happen due to outdated prices.Code Snippet
https://github.com/sherlock-audit/2023-04-jojo/blob/main/smart-contract-EVM/contracts/adaptor/chainlinkAdaptor.sol#L43-L55
https://github.com/sherlock-audit/2023-04-jojo/blob/main/JUSDV1/src/oracle/JOJOOracleAdaptor.sol#L26-L35
Tool used
Manual Review
Recommendation
https://docs.chain.link/data-feeds/l2-sequencer-feeds
Duplicate of #101
The text was updated successfully, but these errors were encountered: