Open steve0xp opened 1 year ago
Notes from past discussion on restrictions to ChainlinkPriceFeed.sol
:
Deemed not necessary since a DDOS attack would be very costly to an attacker, and really it's just going to delay our calls to the PriceFeed.sol - that said, open to Dave's thoughts on this for sure.
Challenge: Price manipulation is a common attack vector within DeFi. The protocol would benefit from having a contingency plan for every scenario that we can think of for the
ChainlinkPriceFeed
failing.Context:
uints
vsints
fromchainlink pricefeeds
and if that could mess us up. Especially if it could be negative, what does that mean for us? For now we are implementing arequire(price >= 0 && updatedAt!= 0 && answeredInRound >= roundID, "Invalid chainlink price");
similar to FraxUseful links to other contingency plans include: