Arbitrum Sequencer is not checked for uptime
Severity: Medium
Difficulty: Medium
Type: Data Validation
Target: contracts/feeds/chainlink/OverlayV1ChainlinkPriceFeed.sol
Description
PR #162 adds checks to ensure that the price data is not stale. However, there is no check that the Arbitrum sequencer is up. If the arbitrum sequencer were to be down, then prices could still be stale for several rounds.
Exploit Scenario
During a flash crash, the arbitrum sequencer goes down temporarily. Because a contract lacks a sequencer liveness check, any users are then able to create positions at the accepted stale price. When the sequencer resumes, these users are instantly liquidated.
Recommendations
Short term, validate that the arbitrum sequencer is online before accepting any price updates.
Long term, keep up to date with the documentation around both Arbitrum and Chainlink. Chainlink's documentation provides an example implementation of how to check for sequencer uptime.
Arbitrum Sequencer is not checked for uptime
Severity: Medium
Difficulty: Medium
Type: Data Validation
Target: contracts/feeds/chainlink/OverlayV1ChainlinkPriceFeed.sol
Description
PR #162 adds checks to ensure that the price data is not stale. However, there is no check that the Arbitrum sequencer is up. If the arbitrum sequencer were to be down, then prices could still be stale for several rounds.
Exploit Scenario
During a flash crash, the arbitrum sequencer goes down temporarily. Because a contract lacks a sequencer liveness check, any users are then able to create positions at the accepted stale price. When the sequencer resumes, these users are instantly liquidated.
Recommendations
Short term, validate that the arbitrum sequencer is online before accepting any price updates.
Long term, keep up to date with the documentation around both Arbitrum and Chainlink. Chainlink's documentation provides an example implementation of how to check for sequencer uptime.