You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 17, 2023. It is now read-only.
sherlock-admin opened this issue
Jun 11, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
getPriceFromChainlink function in PriceOracle.sol does not check if the L2 sequencer is down.
Summary
When using Chainlink in L2 like arbitrum or optimism, it is important to make sure that prices are not falsly assumed fresh when the sequencer is down. This vulnerability could potentially be exploited by malicious users to gain unfair advantage.
Vulnerability Detail
No check here.
function getPriceFromChainlink(addressbase, addressquote) internalviewreturns (uint256) {
(, int256price,,,) = registry.latestRoundData(base, quote);
require(price >0, "invalid price");
// Extend the decimals to 1e18.returnuint256(price) *10** (18-uint256(registry.decimals(base, quote)));
}
The mitigation is to use the sequencer uptime feed to monitor the sequencer's online status and prevent consumption of price when the sequencer is offline.
Code from official chainlink docs:
constructor() {
dataFeed =AggregatorV2V3Interface(
0xC16679B963CeB52089aD2d95312A5b85E318e9d2
);
sequencerUptimeFeed =AggregatorV2V3Interface(
0x4C4814aa04433e0FB31310379a4D6946D5e1D353
);
}
// Check the sequencer status and return the latest datafunction getLatestData() publicviewreturns (int) {
// prettier-ignore
(
/*uint80 roundID*/,
int256answer,
uint256startedAt,
/*uint256 updatedAt*/,
/*uint80 answeredInRound*/
) = sequencerUptimeFeed.latestRoundData();
// Answer == 0: Sequencer is up// Answer == 1: Sequencer is downbool isSequencerUp = answer ==0;
if (!isSequencerUp) {
revertSequencerDown();
}
// Make sure the grace period has passed after the// sequencer is back up.uint256 timeSinceUp =block.timestamp- startedAt;
if (timeSinceUp <= GRACE_PERIOD_TIME) {
revertGracePeriodNotOver();
}
// prettier-ignore
(
/*uint80 roundID*/,
intdata,
/*uint startedAt*/,
/*uint timeStamp*/,
/*uint80 answeredInRound*/
) = dataFeed.latestRoundData();
return data;
}
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
sl1
medium
getPriceFromChainlink function in PriceOracle.sol does not check if the L2 sequencer is down.
Summary
When using Chainlink in L2 like arbitrum or optimism, it is important to make sure that prices are not falsly assumed fresh when the sequencer is down. This vulnerability could potentially be exploited by malicious users to gain unfair advantage.
Vulnerability Detail
No check here.
Impact
Could potentially be exploited.
Code Snippet
https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/oracle/PriceOracle.sol#L66-L72
Tool used
Manual Review
Recommendation
The mitigation is to use the sequencer uptime feed to monitor the sequencer's online status and prevent consumption of price when the sequencer is offline.
Code from official chainlink docs:
https://docs.chain.link/data-feeds/l2-sequencer-feeds#example-code
Duplicate of #440
The text was updated successfully, but these errors were encountered: