ArdanaLabs / audit

0 stars 0 forks source link

["pile"] datastream #12

Open quinn-dougherty opened 3 years ago

quinn-dougherty commented 3 years ago

Description

draft report

Threatmodels

third parties compromised
edge case behavior of model
positive feedback loop

In chat, Morgan said we would not be moving forward with datastream for DeX subpool size limits. The oracle bot on the stablecoin & governance side still plans to have a datastream though.

quinn-dougherty commented 3 years ago

File src/considerations/datastream.md is too long, should be cut down and specialized to the application that the stablecoin team is doing / cut out the mention of the DeX team using thirdparty data.

If stablecoin team is no longer relying on third party oracles, whole section will be deleted.

quinn-dougherty commented 3 years ago

File longreports/datastream.md is where this lives now--- it is out of the audit draft because Danaswap decided against third party data and ~~ardana-dollar's oracle is "1st party"~~ (UPDATE: this was a misunderstanding due to waiting for someone to respond on discord)

quinn-dougherty commented 3 years ago

I will be rewriting this section to follow up on our physical and ops security section.

measures the stablecoin team is taking (the obvious: ensuring against man-in-the-middle attacks)
measures to prevent downstream impact if say a coinbase employee tried to wiggle our beliefs by putting malicious data in the stream (correlating multiple sources, decentralizing oracle as quickly as possible after launch)

a brief comment about "the chaos theory thing"