Closed sherlock-admin closed 1 year ago
sakshamguruji
medium
Missing checks for whether Arbitrum Sequencer is active
It has been made clear that perennial will be deployed on arbitrum as well,
Chainlink recommends that users using price oracles, check whether the Arbitrum sequencer is active
https://docs.chain.link/data-feeds#l2-sequencer-uptime-feeds
If the sequencer goes down, the index oracles may have stale prices, since L2-submitted transactions (i.e. by the aggregating oracles) will not be processed.
https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial-oracle/contracts/types/ChainlinkAggregator.sol#L32-L48
Manual Review
Use sequencer oracle to determine whether the sequencer is offline or not, and don't allow orders to be executed while the sequencer is offline.
Duplicate of #13
sakshamguruji
medium
Missing checks for whether Arbitrum Sequencer is active
Summary
Missing checks for whether Arbitrum Sequencer is active
Vulnerability Detail
It has been made clear that perennial will be deployed on arbitrum as well,
Chainlink recommends that users using price oracles, check whether the Arbitrum sequencer is active
https://docs.chain.link/data-feeds#l2-sequencer-uptime-feeds
If the sequencer goes down, the index oracles may have stale prices, since L2-submitted transactions (i.e. by the aggregating oracles) will not be processed.
Impact
Code Snippet
https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial-oracle/contracts/types/ChainlinkAggregator.sol#L32-L48
Tool used
Manual Review
Recommendation
Use sequencer oracle to determine whether the sequencer is offline or not, and don't allow orders to be executed while the sequencer is offline.
Duplicate of #13