Missing checks for whether L2 sequences is active

Summary

The project will be deployed on Ethereum Layer 2 networks such as Arbitrum and uses Chainlink Oracles for price feeds. However, there is no checks if the L2 sequencer is active.

Vulnerability Detail

If the sequencer is not checked for activity and it goes down, this will result in the index oracles potentially having stale prices, as the L2-submitted transactions will not be processed.

Chainlink recommends that users using price oracles, check whether the Arbitrum sequencer is active. See details on sequencer feeds here -> https://docs.chain.link/data-feeds/l2-sequencer-feeds#arbitrum See details on sequencer uptime feeds here -> https://docs.chain.link/data-feeds#l2-sequencer-uptime-feeds See example Sherlock audit report with similar issues -> https://github.com/sherlock-audit/2023-04-blueberry-judging/issues/142

Impact

This results in stale prices being provided for price of ETH in terms of the keeper token as these may be outdated prices prior to the downtime. These stale prices can hinder the keeper incentives which are crucial to well functioning of the project

Code Snippet

/// @notice Returns the price of ETH in terms of the keeper token
    /// @return The price of ETH in terms of the keeper token
    function _etherPrice() private view returns (UFixed18) {
        (, int256 answer, , ,) = ethTokenOracleFeed().latestRoundData();
        return UFixed18Lib.from(Fixed18Lib.ratio(answer, 1e8)); // chainlink eth-usd feed uses 8 decimals
    }

https://github.com/sherlock-audit/2023-07-perennial/blob/main/root/contracts/attribute/Kept.sol#L62

Tool used

Manual Review

Recommendation

It is recommended to use sequencer oracle to determine whether the sequencer is offline or not by monitoring the status of the Arbitrum Sequencer, and don't allow transactions during these periods of inactivity.

Duplicate of #146

sherlock-audit / 2023-07-perennial-judging

MatricksDeCoder - Missing checks for whether L2 sequences is active #116