The protocol intends to deploy to optimism & arbtrium as well apart from Ethereum.
Chainlink recommends that users using price oracles, check whether the L2 sequencer is active
https://docs.chain.link/data-feeds#l2-sequencer-uptime-feeds
If the sequencer goes down, the index oracles may have stale prices, since L2-submitted transactions (i.e. by the aggregating oracles) will not be processed.
Impact
Stale prices, e.g. if USDC were to de-peg while the sequencer is offline, stale price is used and can result in false liquidation or over-borrowing.
Angry_Mustache_Man
medium
Missing checks for whether L2 Sequencer is active
Summary
Missing checks for whether L2 Sequencer is active
Vulnerability Detail
The protocol intends to deploy to optimism & arbtrium as well apart from Ethereum. Chainlink recommends that users using price oracles, check whether the L2 sequencer is active https://docs.chain.link/data-feeds#l2-sequencer-uptime-feeds If the sequencer goes down, the index oracles may have stale prices, since L2-submitted transactions (i.e. by the aggregating oracles) will not be processed.
Impact
Stale prices, e.g. if USDC were to de-peg while the sequencer is offline, stale price is used and can result in false liquidation or over-borrowing.
Code Snippet
https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/oracle/PriceOracle.sol#L67-#L68
https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/oracle/PriceOracle.sol#L107-#L108
Tool used
Manual Review
Recommendation
Use sequencer oracle to determine whether the sequencer is offline or not, and don't allow orders to be executed while the sequencer is offline.
Duplicate of #440