This repository has been archived by the owner on Nov 12, 2023. It is now read-only.
AlexCzm - No check for active Arbitrum Sequencer #400
Labels
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
Medium
sherlock-admin
added
Non-Reward
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
AlexCzm
medium
No check for active Arbitrum Sequencer
Summary
Chainlink recommends that all Optimistic L2 oracles consult the Sequencer Uptime Feed to ensure that the sequencer is live before trusting the data returned by the oracle.
Vulnerability Detail
If the Arbitrum Sequencer goes down, oracle data will not be kept up to date, and thus could become stale. However, users are able to continue to interact with the protocol directly through the L1 optimistic rollup contract.
Even if there is a backup uniswap price feed if no problem is detected, the back up probably will not be used.
As a result, users may be able to use the protocol while oracle feeds are stale.
Impact
If the Arbitrum sequencer goes down, the protocol will allow users to continue to operate at the previous (stale) rates.
Code Snippet
https://github.com/sherlock-audit/2023-04-jojo/blob/6090fef68932b5577abf6b5aa26eb1e579353c57/smart-contract-EVM/contracts/adaptor/chainlinkAdaptor.sol#L43-L55
Tool used
Manual Review
Recommendation
Follow the Chainlink recomandations and use a sequencer uptime feed.
Duplicate of #101
The text was updated successfully, but these errors were encountered: