Closed c4-bot-8 closed 5 months ago
https://github.com/revert-finance/lend/blob/dcfa79924c0e0ba009b21697e5d42d938ad9e5e3/src/V3Oracle.sol#L360
ADD-02: Missing L2 sequencer checks for Chainlink oracle
V3Oracle.sol did not implement sequencer uptime checks for the Chainlink oracle on L2
V3Oracle.sol
PR-27 does not implement properly the sequencer uptime check
The sequencer uptime check is not implemented properly and as a result fetching prices on L2 will always revert.
ChainLink docs as well as the comments in the code describe the statuses the uptime feed returns:
answer
0
UP
1
DOWN
However the check is implemented in reverse:
https://github.com/revert-finance/lend/blob/audit/src/V3Oracle.sol#L360-L361
// Answer == 0: Sequencer is up // Answer == 1: Sequencer is down if (sequencerAnswer == 0) { revert SequencerDown(); }
This means that the function will revert while the sequencer is UP (is 0), while it should be other way around.
Update the check to revert when the sequrncer is DOWN (is 1)
// Answer == 0: Sequencer is up // Answer == 1: Sequencer is down if (sequencerAnswer == 1) { revert SequencerDown(); }
Not Mitigated
Invalid Validation
jhsagd76 marked the issue as new finding
jhsagd76 marked the issue as satisfactory
jhsagd76 marked the issue as duplicate of #5
jhsagd76 changed the severity to 2 (Med Risk)
Lines of code
https://github.com/revert-finance/lend/blob/dcfa79924c0e0ba009b21697e5d42d938ad9e5e3/src/V3Oracle.sol#L360
Vulnerability details
C4 Issue
ADD-02: Missing L2 sequencer checks for Chainlink oracle
Original Issue Details
V3Oracle.sol
did not implement sequencer uptime checks for the Chainlink oracle on L2Mitigation
PR-27 does not implement properly the sequencer uptime check
New Vulnerability Details
The sequencer uptime check is not implemented properly and as a result fetching prices on L2 will always revert.
ChainLink docs as well as the comments in the code describe the statuses the uptime feed returns:
answer
is0
it means the sequencer isUP
answer
is1
it means the sequencer isDOWN
However the check is implemented in reverse:
https://github.com/revert-finance/lend/blob/audit/src/V3Oracle.sol#L360-L361
This means that the function will revert while the sequencer is
UP
(is0
), while it should be other way around.Recommended Mitigation
Update the check to revert when the sequrncer is
DOWN
(is1
)Conclusion
Not Mitigated
Assessed type
Invalid Validation