okolicodes - Missing Sequencer Uptime Feed check can cause unfair liquidations on Arbitrum

[sherlock-admin]

okolicodes

medium

Missing Sequencer Uptime Feed check can cause unfair liquidations on Arbitrum

Summary

This deployment of this proctocol on Arbitrum brings about the need for a Sequencer check as the sequencer could be down. When the arbitrum sequencer is down and comes back up, all chainlink price updates will become availaable on on Arbitrum within a very short time. Leaving users no time to react to the price changes which can lead to unfair liquidations

Vulnerability Detail

In the Kept.sol contract, you can see that there is no check that the sequencer is down https://github.com/sherlock-audit/2023-07-perennial/blob/main/root/contracts/attribute/Kept.sol#L61C2-L65C2

Impact

1. Users can get fairly unliquidated because they cannot react to price movements when the sequencer is down and when the sequencer comes back up, all price updates will immediately become available
2. Malicious actors could take advantage of the sequencer downtime.
3. Users can avoid liquidations if the price is below the actual price

Code Snippet

The Kept.sol contract do not make use of the sequencer uptime feed to check the status of the sequencer https://github.com/sherlock-audit/2023-07-perennial/blob/main/root/contracts/attribute/Kept.sol#L61C2-L65C2

Tool used

Manual Review

Recommendation

The Chainlink documentation contains an example for how to check the sequencer status: https://docs.chain.link/data-feeds/l2-sequencer-feeds

There can be a grace period when the sequencer comes back up for users to act on their collateral (increase collateral to avoid liquidation). More explanations on this can be found here https://github.com/aave/aave-v3-core/blob/master/techpaper/Aave_V3_Technical_Paper.pdf (section 4.6)

Duplicate of #146

[sherlock-admin]

1 comment(s) were left on this issue during the judging contest.

141345 commented:

d