Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Arbitrum Sequencer is not checked for uptime #179

Open
bsamuels453 opened this issue Feb 9, 2024 · 0 comments
Open

Arbitrum Sequencer is not checked for uptime #179

bsamuels453 opened this issue Feb 9, 2024 · 0 comments
Assignees
@magnetto90

Comments

@bsamuels453
Copy link

Arbitrum Sequencer is not checked for uptime

Severity: Medium
Difficulty: Medium
Type: Data Validation
Target: contracts/feeds/chainlink/OverlayV1ChainlinkPriceFeed.sol

Description

PR #162 adds checks to ensure that the price data is not stale. However, there is no check that the Arbitrum sequencer is up. If the arbitrum sequencer were to be down, then prices could still be stale for several rounds.

Exploit Scenario

During a flash crash, the arbitrum sequencer goes down temporarily. Because a contract lacks a sequencer liveness check, any users are then able to create positions at the accepted stale price. When the sequencer resumes, these users are instantly liquidated.

Recommendations

Short term, validate that the arbitrum sequencer is online before accepting any price updates.

Long term, keep up to date with the documentation around both Arbitrum and Chainlink. Chainlink's documentation provides an example implementation of how to check for sequencer uptime.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@magnetto90 magnetto90

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bsamuels453 @magnetto90