SUB005
Aave V3 Sequencer Down Liq
Aave V3 L2 liquidates during sequencer downtime without grace period check.
HIGH CUT-OFF LOW Aave · $1.5M ← SSAF
N6 Kill Chain
✓ Q1 Direct
PASS
✓ Q2 Contract
PASS
✓ Q3 Prod
PASS
✓ Q4 Material
PASS
✓ Q5 Novel
PASS
✓ Q6 Welical
PASS
VECTOR
BOWER
IMPACT
PoC
DETECT
FINDINGS
Attack Vector
Grace period after sequencer restart creates unfair liquidation window. Liquidators front-run with stale oracle prices before borrowers can react.
Kill Chain
1L2 sequencer goes down.
2Prices move adversely during downtime.
3Sequencer restarts.
4Liquidators front-run during 3600s grace period before oracle updates.
Impact HIGH
Mass liquidations at stale prices. Borrowers cannot protect during downtime. Liquidators extract collateral at discount. Severity HIGH — systemic during outage events.
Severity
HIGH — systemic during sequencer outage events on Arbitrum/Optimism.
Proof of Concept
1Monitor Arbitrum sequencer uptime feed.
2On downtime detected: prepare liquidation txs.
3On restart: submit during 3600s grace period before oracle updates.
Caveat
Exact financial impact depends on market conditions during specific outage — cannot pre-compute.
Detection Signals
Track sequencer uptime oracle 0x4da69F028a5790fA447...
Alert on downtime >5 min.
Monitor Aave liquidation spike within 60s of restart. Cross-reference oracle staleness.
Findings
NP-SUB005-001 HIGH 3600s grace period too long.
NP-SUB005-002 STRONG Liquidation bots demonstrably front-run sequencer restarts historically.
NP-SUB005-003 OPEN Grace period is governance parameter — not immutable.
Sorry
Exact financial impact depends on market conditions during specific outage — cannot pre-compute.
BOWERBOUNTY · 6 STAGES
discovery (vuln surface)
placement (attack vector)
materials (PoC code)
lighting (CLO brief)
validation (programme match)
packaging (filed)
BOWER SCORE
67/100 · 5/6 stages complete
🍀 HIGH · N6 ALL PASS · PENDING CLO
γ₁ = 14.134725141734693