Discussion - PHOTWAPOracle Contingency Plans

[steve0xp]

Challenge: Price manipulation is a common attack vector within DeFi. The protocol would benefit from having a contingency plan for every scenario that we can think of for the PHOTWAPOracle failing.

Possible, not exhaustive, list of risks within the PHOTON protocol right now include:

• PHOTWAPOracle risk:
  • price manipulation with current TWAP setup
  • normalizing pricefeeds breaking, a definition we need to define.
    Also, when protocol upgrades to a Chainlink or other dependable pricefeed instead of TWAP, former risk will be gone but we will need to have contingency plans for if/when pricefeeds break or price varies by too much.

Jump-Off Points for Discussion to Solutions:

• What to do when priceBPSChange > priceUpdateThreshold:
  - Currently just reverts and returns last price before it, as well as triggering a bool indicating threshold exceeded.
  Could try:
  • Comparing against another oracle? If both oracles are reporting similar, not-in-range prices, keep last USDPHOPrice?
    • What are the ramifications of keeping the last USDPHOPrice vs changing it to the new USDPHOPrice that has high variance? PriceController is the only thing using PHOTWAPOracle right now, so perhaps it is paused when a variance this large is seen?
      • This would mean we need a pause function in the PriceController

Useful links to other contingency plans include:

• Liquity - good detailed outline on scenarios and how they manage things: https://docs.google.com/spreadsheets/d/18fdtTUoqgmsK3Mb6LBO-6na0oK-Y9LWBqnPCJRp5Hsg/edit#gid=0
• MakerDAO contingency: https://developer.makerdao.com/feeds/
• Inverse Finance ($DOLA) inspired contingencies to mitigate hacks: price ceiling, daily borrow cap, etc.: https://www.inverse.finance/blog/posts/en-US/securing-the-frontier
• Understanding curve vs uniswap: https://members.delphidigital.io/reports/uniswap-vs-curve-which-is-the-best-dex