search

sherlock-audit / 2023-05-perennial-judging

12 stars 9 forks source link

ak1 - No validation to check the `arbitrum` sequencer is down #245

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

ak1

medium

No validation to check the arbitrum sequencer is down

Summary

There is no validation to ensure sequencer is down

Vulnerability Detail

function getLatestRound(ChainlinkAggregator self) internal view returns (ChainlinkRound memory) {
    (uint80 roundId, int256 answer, , uint256 updatedAt, ) =
        AggregatorProxyInterface(ChainlinkAggregator.unwrap(self)).latestRoundData();
    return ChainlinkRound({roundId: roundId, timestamp: updatedAt, answer: answer});
}

/**
 * @notice Returns a specific round's data for a specific feed
 * @param self Chainlink Feed Aggregator to operate on
 * @param roundId The specific round to fetch data for
 * @return Specific round's data
 */
function getRound(ChainlinkAggregator self, uint256 roundId) internal view returns (ChainlinkRound memory) {
    (, int256 answer, , uint256 updatedAt, ) =
        AggregatorProxyInterface(ChainlinkAggregator.unwrap(self)).getRoundData(uint80(roundId));
    return ChainlinkRound({roundId: roundId, timestamp: updatedAt, answer: answer});
}

Using Chainlink in L2 chains such as Arbitrum requires to check if the sequencer is down to avoid prices from looking like they are fresh although they are not.

The bug could be leveraged by malicious actors to take advantage of the sequencer downtime.

Impact

when sequencer is down, stale price is used for oracle and the borrow value and collateral value is calculated and the protocol can be forced to rebalance in a loss position

Code Snippet

https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial-oracle/contracts/types/ChainlinkAggregator.sol#L32-L48

Tool used

Manual Review

Recommendation

we recommend to add checks to ensure the sequencer is not down.

Duplicate of #13