There is no check in place, inside of the PriceOracle contract, that verifies that the L2 sequencer is not down.
Vulnerability Detail
When deploying smart contracts that use Chainlink's price feeds on some L2 chains, like Arbitrum or Optimism, it's important to ensure that there are checks in place, that verify whether the sequencer is up or not.
Impact
If the sequencer were to go down, the protocol will end up using stale prices, which can be detrimental in places where more volatile assets are used.
Create a separate implementation of the PriceOracle contract for deployment on Arbitrum and Optimism, that is going to use Chainlink's sequencer uptime feed to verify that the sequencer is not down. Here is an example of that from the Chainlink docs: https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code
Arabadzhiev
medium
Missing L2 sequencer outage checks
Summary
There is no check in place, inside of the PriceOracle contract, that verifies that the L2 sequencer is not down.
Vulnerability Detail
When deploying smart contracts that use Chainlink's price feeds on some L2 chains, like Arbitrum or Optimism, it's important to ensure that there are checks in place, that verify whether the sequencer is up or not.
Impact
If the sequencer were to go down, the protocol will end up using stale prices, which can be detrimental in places where more volatile assets are used.
Code Snippet
https://github.com/sherlock-audit/2023-05-ironbank/blob/9ebf1702b2163b55479624794ab7999392367d2a/ib-v2/src/protocol/oracle/PriceOracle.sol#L107
https://github.com/sherlock-audit/2023-05-ironbank/blob/9ebf1702b2163b55479624794ab7999392367d2a/ib-v2/src/protocol/oracle/PriceOracle.sol#L67
Tool used
Manual Review
Recommendation
Create a separate implementation of the PriceOracle contract for deployment on Arbitrum and Optimism, that is going to use Chainlink's sequencer uptime feed to verify that the sequencer is not down. Here is an example of that from the Chainlink docs: https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code
Duplicate of #440