This repository has been archived by the owner on Oct 20, 2024. It is now read-only.
0xG0P1 - Missing checks for whether Optimism Sequencer is active #107
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
the
Excluded
sherlock-admin4
changed the title
|
@Hash01011122 This issue should be a duplicate of #14. Kindly escalate this. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
0xG0P1
medium
Missing checks for whether Optimism Sequencer is active
Summary
Missing checks for whether Optimism Sequencer is active
Vulnerability Detail
the protocol intends to deploy to Optimism
Chainlink recommends that users using price oracles, check whether the Optimism sequencer is active
https://docs.chain.link/data-feeds#l2-sequencer-uptime-feeds
https://docs.chain.link/data-feeds/l2-sequencer-feeds#optimism-base-metis-and-scroll
If the sequencer goes down, the index oracles may have stale prices, since L2-submitted transactions (i.e. by the aggregating oracles) will not be processed.
Impact
Stale prices, while fetching the price through
getExpectedExchangedue to sequencer is down the function returns stale price which affects theminimumAmountOutinclaimAndDonateRewardsCode Snippet
https://github.com/sherlock-audit/2024-04-alchemix/blob/main/v2-foundry/src/utils/collectors/OptimismRewardCollector.sol#L57
https://github.com/sherlock-audit/2024-04-alchemix/blob/main/v2-foundry/src/utils/collectors/OptimismRewardCollector.sol#L91-L143
https://github.com/sherlock-audit/2024-04-alchemix/blob/main/v2-foundry/src/utils/RewardRouter.sol#L55
Tool used
Manual Review
Recommendation
Use sequencer oracle to determine whether the sequencer is offline or not
The text was updated successfully, but these errors were encountered: