This repository has been archived by the owner on Nov 12, 2023. It is now read-only.
yixxas - Sequence uptime should be checked #375
Labels
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
Medium
sherlock-admin
added
Non-Reward
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
yixxas
medium
Sequence uptime should be checked
Summary
Chainlink recommends that all Optimistic L2 oracles consult the Sequencer Uptime Feed to ensure that the sequencer is live before trusting the data returned by the oracle. This check is missing in
getMarkPrice().Vulnerability Detail
If the Arbitrum Sequencer goes down, oracle data will not be kept up to date, and thus could become stale. However, users are able to continue to interact with the protocol directly through the L1 optimistic rollup contract.
This causes many issues as the price quoted by
getMarkPrice()may not neccessarily be correct.Impact
If the Arbitrum sequencer goes down, the protocol will continue to operate at the previous (stale) price.
Code Snippet
https://github.com/sherlock-audit/2023-04-jojo/blob/main/smart-contract-EVM/contracts/adaptor/chainlinkAdaptor.sol#L43-L56
Tool used
Manual Review
Recommendation
Consider adding the recommended check by chainlink in their docs here.
Duplicate of #101
The text was updated successfully, but these errors were encountered: