Skip to content

Update 0x303-I3-Oracle.md #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
CDSecurity wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update 0x303-I3-Oracle.md #11

CDSecurity wants to merge 2 commits into from

Conversation

@CDSecurity
Copy link

@CDSecurity CDSecurity commented Sep 7, 2023

Added 7 security considerations related to Chainlink Oracle as well as a link to the article which explains these problems more in depth.

@CDSecurity
Update 0x303-I3-Oracle.md
7e9cb58 
Added 7 security considerations related to Chainlink Oracle as well as a link to the article which explains these problems more in depth.
damianrusinek
damianrusinek requested changes Sep 7, 2023
View reviewed changes
damianrusinek added a commit to damianrusinek/SCSVS that referenced this pull request Sep 8, 2023
@damianrusinek
Merge pull request ComposableSecurity#11 from ComposableSecurity/cate…
7786b48 
…gory/nft

Category/nft
@CDSecurity @damianrusinek
Update 2.0/0x300-Integrations/0x303-I3-Oracle.md
4ebcdf5 
Co-authored-by: Damian Rusinek <damian.rusinek@gmail.com>
damianrusinek
damianrusinek reviewed Sep 12, 2023
View reviewed changes
damianrusinek
damianrusinek reviewed Sep 12, 2023
View reviewed changes
damianrusinek
damianrusinek reviewed Sep 12, 2023
View reviewed changes
2.0/0x300-Integrations/0x303-I3-Oracle.md
| **I3.9** | Verify that NOT the same heartbeat is used for multiple price feeds when using Chainlink Oracle |
| **I3.10** | Verify that the code deals with different price feeds having different decimal precision when using Chainlink Oracle |
| **I3.11** | Verify that the price feed address wherever it is located(hardcoded, deployment script) is pointing to the correct oracle price feed |
| **I3.12** | Verify that the code handles calls to the oracle if they potentially revert when using Chainlink Oracle |
Copy link
Contributor

@damianrusinek damianrusinek Sep 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean a situation when call to price feed reverts? If so, what is the risk? The whole tx would revert right?

Copy link
Contributor

@damianrusinek damianrusinek Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @CDSecurity, just a quick reminder. Can you elaborate on that?

damianrusinek
damianrusinek reviewed Sep 12, 2023
View reviewed changes
@damianrusinek
Copy link
Contributor

damianrusinek commented Sep 12, 2023

Thanks @CDSecurity for update. I have addressed your comments.

We are also thinking about how to present the checks for specific protocols (like Chainlink). One option is to separate them as I proposed here: https://github.com/ComposableSecurity/SCSVS/pull/12/files, but that is not yet decided.

I am mentioning that because if we decide to separate them, these check will also have to be re-organized.

@pashov pashov mentioned this pull request Sep 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@damianrusinek damianrusinek damianrusinek requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CDSecurity @damianrusinek