walk-on-me
commented
1 year ago Hello, Thanks a lot for your attention.
We don't plan to deploy Convergence bonds on L2 at all
We have to so to consider the issue as Invalid
Open hats-bug-reporter[bot] opened 1 year ago
walk-on-me
commented
1 year ago Hello, Thanks a lot for your attention.
We don't plan to deploy Convergence bonds on L2 at all
We have to so to consider the issue as Invalid
Github username: @Madalad Submission hash (on-chain): 0xda97a3d8551eed1d796f4d56316b8b840b1b39686e5ae0cddf1891842ae031bb Severity: medium
Description: Description\ When utilizing Chainlink in L2 chains like Arbitrum or Optimism, it's important to ensure that the prices provided are not falsely perceived as fresh, even when the sequencer is down. This vulnerability could potentially be exploited by malicious actors to gain an unfair advantage.
See Chainlink's docs for more information.
Link to relevant line(s) of code: https://github.com/Cvg-Finance/hats-audit/blob/main/contracts/Oracles/CvgOracle.sol#L203
Attack Scenario\ Inaccurate oracle prices can be exploited by malicious actors to open undercollateralized positions, or execute unfair liquidations.
Recommendation
Implement a sequencer check in CvgOracle.sol as shown here: https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code