search

sherlock-audit / 2023-12-flatmoney-judging

9 stars 8 forks source link

imkapadia - Lack of Sequencer Uptime Check in OracleModule #235

Closed sherlock-admin closed 5 months ago

sherlock-admin commented 5 months ago

imkapadia

medium

Lack of Sequencer Uptime Check in OracleModule

Summary

_getOnchainPrice() in OracleModule contract does not check the sequencer uptime.

Vulnerability Detail

The absence of a sequencer uptime check in OracleModule.sol breaks Chainlink's recommendations for ensuring data integrity and reliability in L2 oracle implementations. Without this check, price may become stale or inaccurate during sequencer downtime.

Impact

It is noted that flatmoney does not only relies on chainlink price it average out the oracle pyth price. But by implementing only one checks can give protocol extra security then why not.

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/OracleModule.sol#L145

Tool used

Manual Review

Recommendation

It is recommended to follow the code example of Chainlink: https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code

Duplicate of #27

sherlock-admin commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid