search

sherlock-audit / 2024-02-smilee-finance-judging

2 stars 1 forks source link

Chad0 - The protocol is not checking the status of the L2 sequencer #116

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 9 months ago

Chad0

medium

The protocol is not checking the status of the L2 sequencer

Summary

The protocol is not checking the status of the L2 sequencer

Vulnerability Detail

As a protocol to be deployed on Etheruem L2s, the contracts are not checking the status of the sequencer.

Impact

If the sequencer is down, the submitted transactions will have to wait for execution, and the data feed to be used maybe also stale, leading to unpredictable states for some state variables of the contract.

Code Snippet

https://github.com/sherlock-audit/2024-02-smilee-finance/blob/main/smilee-v2-contracts/src/IG.sol#L18

Tool used

Manual Review

Recommendation

Check the suggestion from Chainlink's docs about this: Link to Chainlink Docs

sherlock-admin4 commented 8 months ago

3 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, sequencer issues are invalid in sherlock, besides the underlying DEX price will prevent the usage of outdated oracle price

tsvetanovv commented:

According to Smilee Readme and Sherlock documentation this issue type is invalid

takarez commented:

invalid