Skip to content

Discussion - PHOTWAPOracle Contingency Plans #45

@steve0xp

Description

@steve0xp

Challenge: Price manipulation is a common attack vector within DeFi. The protocol would benefit from having a contingency plan for every scenario that we can think of for the PHOTWAPOracle failing.

Possible, not exhaustive, list of risks within the PHOTON protocol right now include:

  • PHOTWAPOracle risk:
    • price manipulation with current TWAP setup
    • normalizing pricefeeds breaking, a definition we need to define.
      Also, when protocol upgrades to a Chainlink or other dependable pricefeed instead of TWAP, former risk will be gone but we will need to have contingency plans for if/when pricefeeds break or price varies by too much.

Jump-Off Points for Discussion to Solutions:

  • What to do when priceBPSChange > priceUpdateThreshold:
    - Currently just reverts and returns last price before it, as well as triggering a bool indicating threshold exceeded.
    Could try:
    • Comparing against another oracle? If both oracles are reporting similar, not-in-range prices, keep last USDPHOPrice?
      • What are the ramifications of keeping the last USDPHOPrice vs changing it to the new USDPHOPrice that has high variance? PriceController is the only thing using PHOTWAPOracle right now, so perhaps it is paused when a variance this large is seen?
        • This would mean we need a pause function in the PriceController

Useful links to other contingency plans include:

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions