Github username: @Madalad
Submission hash (on-chain): 0xda97a3d8551eed1d796f4d56316b8b840b1b39686e5ae0cddf1891842ae031bb
Severity: medium
Description:Description\
When utilizing Chainlink in L2 chains like Arbitrum or Optimism, it's important to ensure that the prices provided are not falsely perceived as fresh, even when the sequencer is down. This vulnerability could potentially be exploited by malicious actors to gain an unfair advantage.
Github username: @Madalad Submission hash (on-chain): 0xda97a3d8551eed1d796f4d56316b8b840b1b39686e5ae0cddf1891842ae031bb Severity: medium
Description: Description\ When utilizing Chainlink in L2 chains like Arbitrum or Optimism, it's important to ensure that the prices provided are not falsely perceived as fresh, even when the sequencer is down. This vulnerability could potentially be exploited by malicious actors to gain an unfair advantage.
See Chainlink's docs for more information.
Link to relevant line(s) of code: https://github.com/Cvg-Finance/hats-audit/blob/main/contracts/Oracles/CvgOracle.sol#L203
Attack Scenario\ Inaccurate oracle prices can be exploited by malicious actors to open undercollateralized positions, or execute unfair liquidations.
Recommendation
Implement a sequencer check in CvgOracle.sol as shown here: https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code