PatrickAlphaC
commented
1 year ago I think the impact here is medium. Moving to low.
Open codehawks-bot opened 1 year ago
PatrickAlphaC
commented
1 year ago I think the impact here is medium. Moving to low.
Interest calculation error if L2 sequencer go down
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Lender.sol#L720-L727
Summary
Beedle Interest calculation depend on L2 sequencer, which will cause the interest calculation error if L2 sequencer go down.
Vulnerability Details
In the current implementation, some functions includes
borrow,refinanceandbuyLoan, etc. depend onblock.timestampto calculate the interest andauction.startTimestamp.However, it's vulnerable when l2 sequencer go down cause that
block.timestampis unuseable. L2 chains like arbitrum and optimism upgrade their sequencer occasional, such as the recent optimism bedrock upgrade cause the sequencer can't be able to process transactions for several hours. Or l2 sequencer bug could also cause transactions in stuck, such as arbitrum sequencer bug. So it's necessary to implement an mechanism to handle this issue in some abnormal conditions.Impact
Some related functions will not work normal when l2 sequencer go down.
Tools Used
vscode, Manual Review
Recommendations
Use chainlink sequencer up feed, consider integrate the up time feed and give contract extra time when l2 sequencer go down.