Missing Sequencer Uptime Feed check can cause unfair liquidations on Arbitrum
Summary
This deployment of this proctocol on Arbitrum brings about the need for a Sequencer check as the sequencer could be down.
When the arbitrum sequencer is down and comes back up, all chainlink price updates will become availaable on on Arbitrum within a very short time. Leaving users no time to react to the price changes which can lead to unfair liquidations
Users can get fairly unliquidated because they cannot react to price movements when the sequencer is down and when the sequencer comes back up, all price updates will immediately become available
Malicious actors could take advantage of the sequencer downtime.
Users can avoid liquidations if the price is below the actual price
okolicodes
medium
Missing Sequencer Uptime Feed check can cause unfair liquidations on Arbitrum
Summary
This deployment of this proctocol on Arbitrum brings about the need for a Sequencer check as the sequencer could be down. When the arbitrum sequencer is down and comes back up, all chainlink price updates will become availaable on on Arbitrum within a very short time. Leaving users no time to react to the price changes which can lead to unfair liquidations
Vulnerability Detail
In the
Kept.sol
contract, you can see that there is no check that the sequencer is down https://github.com/sherlock-audit/2023-07-perennial/blob/main/root/contracts/attribute/Kept.sol#L61C2-L65C2Impact
Code Snippet
The
Kept.sol
contract do not make use of the sequencer uptime feed to check the status of the sequencer https://github.com/sherlock-audit/2023-07-perennial/blob/main/root/contracts/attribute/Kept.sol#L61C2-L65C2Tool used
Manual Review
Recommendation
The Chainlink documentation contains an example for how to check the sequencer status: https://docs.chain.link/data-feeds/l2-sequencer-feeds
There can be a grace period when the sequencer comes back up for users to act on their collateral (increase collateral to avoid liquidation). More explanations on this can be found here https://github.com/aave/aave-v3-core/blob/master/techpaper/Aave_V3_Technical_Paper.pdf (section 4.6)
Duplicate of #146