search

sherlock-audit / 2023-07-perennial-judging

2 stars 1 forks source link

shtesesamoubiq - _etherPrice() doesn't check If Arbitrum sequencer is down in Chainlink feeds #35

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

shtesesamoubiq

medium

_etherPrice() doesn't check If Arbitrum sequencer is down in Chainlink feeds

Summary

When utilizing Chainlink in L2 chains like Arbitrum, it's important to ensure that the prices provided are not falsely perceived as fresh, even when the sequencer is down. This vulnerability could potentially be exploited by malicious actors to gain an unfair advantage.

Vulnerability Detail

Not checking is the sequencer is down

Impact

could potentially be exploited by malicious actors to gain an unfair advantage.

Code Snippet

https://github.com/sherlock-audit/2023-07-perennial/blob/main/root/contracts/attribute/Kept.sol#L61-L65

Tool used

Manual Review

Recommendation

code example of Chainlink: https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code

Duplicate of #146

sherlock-admin commented 1 year ago

2 comment(s) were left on this issue during the judging contest.

141345 commented:

d

n33k commented:

no valid description of impact