bigbick123456789000 - Lack of Sequencer Uptime Feed Consultation in Arbitrum Chainlink Oracle

[sherlock-admin4]

bigbick123456789000

medium

Lack of Sequencer Uptime Feed Consultation in Arbitrum Chainlink Oracle

Summary

see bellow

Vulnerability Detail

The provided contracts, lacks an implementation for consulting the Sequencer Uptime Feed as recommended by Chainlink for Optimistic L2 oracles. The absence of this crucial check exposes the oracle to potential manipulation or inaccurate data reporting when the sequencer is not live or experiencing downtime.

The Sequencer Uptime Feed is recommended by Chainlink to ensure the availability and reliability of the sequencer before trusting the data returned by the oracle. Without consulting this feed, the oracle may inadvertently provide erroneous data during periods when the sequencer is offline or malfunctioning.

Impact

The vulnerability exposes the smart contract to the risk of providing inaccurate or manipulated data to users, undermining the reliability and integrity of the oracle service. This could lead to incorrect decisions, financial losses, or exploitation of smart contracts relying on the oracle's data.

Code Snippet

#L1-L81 #L1-L40

Tool used

Manual Review

Recommendation

Implement functionality within the contracts to consult the Sequencer Uptime Feed and verify the uptime of the sequencer before trusting the data returned by the oracle.

[sherlock-admin4]

2 comment(s) were left on this issue during the judging contest.

panprog commented:

sequencer issues are invalid in sherlock

takarez commented:

this is invalid according to sherlock rules and the readme.

[nevillehuang]

Invalid, known issue:

Flywheel being down due to external downtime - sequencer downtime does not have special case handling.