_getOnchainPrice() in OracleModule contract does not check the sequencer uptime.
Vulnerability Detail
The absence of a sequencer uptime check in OracleModule.sol breaks Chainlink's recommendations for ensuring data integrity and reliability in L2 oracle implementations. Without this check, price may become stale or inaccurate during sequencer downtime.
Impact
It is noted that flatmoney does not only relies on chainlink price it average out the oracle pyth price. But by implementing only one checks can give protocol extra security then why not.
imkapadia
medium
Lack of Sequencer Uptime Check in OracleModule
Summary
_getOnchainPrice()
in OracleModule contract does not check the sequencer uptime.Vulnerability Detail
The absence of a sequencer uptime check in OracleModule.sol breaks Chainlink's recommendations for ensuring data integrity and reliability in L2 oracle implementations. Without this check, price may become stale or inaccurate during sequencer downtime.
Impact
It is noted that flatmoney does not only relies on chainlink price it average out the oracle pyth price. But by implementing only one checks can give protocol extra security then why not.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/OracleModule.sol#L145
Tool used
Manual Review
Recommendation
It is recommended to follow the code example of Chainlink: https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code
Duplicate of #27