No check for Arbitrum Sequencer being down means stale prices may be accepted
Summary
Because of how Arbitrum Enqueues TXs while the sequencer is down, TXs with an older timestamp may be accepted, allowing the usage of stale prices
Vulnerability Detail
In lack of checks, the transaction will be queued, resulting in the ability to use older prices as the timestamp from L1 will be the one of the original submission and not the one of the time of processing.
This is because Arbitrum will enqueue the TX and store the original Timestamp from L1 at the time of original submission and not processing
Impact
Stable prices may be used after the sequence comes back online
GalloDaSballo
medium
No check for Arbitrum Sequencer being down means stale prices may be accepted
Summary
Because of how Arbitrum Enqueues TXs while the sequencer is down, TXs with an older timestamp may be accepted, allowing the usage of stale prices
Vulnerability Detail
In lack of checks, the transaction will be queued, resulting in the ability to use older prices as the timestamp from L1 will be the one of the original submission and not the one of the time of processing.
This is because Arbitrum will enqueue the TX and store the original Timestamp from L1 at the time of original submission and not processing
Impact
Stable prices may be used after the sequence comes back online
Code Snippet
https://github.com/sherlock-audit/2023-04-jojo/blob/main/smart-contract-EVM/contracts/adaptor/chainlinkAdaptor.sol#L43-L55
Tool used
Manual Review
Recommendation
https://docs.chain.link/data-feeds/l2-sequencer-feeds#arbitrum
See the queue system here: https://docs.chain.link/data-feeds/l2-sequencer-feeds/
Remediation Steps Consider reverting if the Sequencer is offline.
Check the Chainlink Documentation for a full example: https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code
Duplicate of #101