Smooth Ultraviolet Turkey
Medium
Method currentValue() in OracleRelay ignores sequencer uptime check while accessing chainlink data feed
As per Chainlink docs, For the L2s it is important to check the sequencer uptime prior to fetching the price feed for any token. We should first access the sequencerUptimeFeed. If the sequencer is up then we should proceed with fetching the price feed.
https://docs.chain.link/data-feeds/l2-sequencer-feeds
No prior validation before calling latestAnswer() method.
https://github.com/sherlock-audit/2024-11-oku/blob/main/oku-custom-order-types/contracts/oracle/External/OracleRelay.sol#L19
No response
No response
If the sequencer goes down. The contract will stay operational leading to monetary loss.
If the sequencer is down the contract will fetch the stale prices. All the functionality dependant on prices will be impacted. The liquidations won't happen and people will be trading on stale prices until the sequencer comes up.
No response
First validate the sequencerUptimeFeed then proceed with fetching the feed data.
(
/*uint80 roundID*/,
int256 answer,
uint256 startedAt,
/*uint256 updatedAt*/,
/*uint80 answeredInRound*/
) = sequencerUptimeFeed.latestRoundData();
// Answer == 0: Sequencer is up
// Answer == 1: Sequencer is down
bool isSequencerUp = answer == 0;
if (!isSequencerUp) {
revert SequencerDown();
}
// Make sure the grace period has passed after the
// sequencer is back up.
uint256 timeSinceUp = block.timestamp - startedAt;
if (timeSinceUp <= GRACE_PERIOD_TIME) {
revert GracePeriodNotOver();
}