Bullet-proof your PriceFeedManager contracts
Gm developers and fellow auditors!!
In almost any decentralised application in the domain of decentralised finance, one of the most critical components of the protocol is to fetch the prices of assets on-chain. This is mostly enabled by on-chain oracles.
Oracles are data feeds that bring data from off the blockchain (off-chain) data sources and puts it on the blockchain (on-chain) for smart contracts to use. This is necessary because smart contracts running on Ethereum cannot access information stored outside the blockchain network.
Unsurprisingly, protocols introduce a LOT OF bugs when implementing their contracts that interact with such oracles. This is mostly because it is quite hard to account for all the attack vectors due to the somewhat hybrid (off-chain and on-chain) nature of oracle interactions.
Hopefully, this article will help you to bid farewell to all the most common price feed contract bugs from your protocol. Read this thread and bid goodbye to all your price feed contract bugs.
This thread will be focused on the Chainlink oracles and how to deal with them, since they are one of the most popular choices. Other popular oracles are the Uniswap v3 Oracles, MakerDAO Oracle, etc.
Grab some popcorn, this is gonna be fun. Time for my top 10 tips:
Let's begin our journey through these tips
Grab some Cola, cause these tips' delivery can get a bit spicy.
1. Backup Oracles are a must
As a degen, hedging risks must be a completely alien concept to you, but do not let that affect your dev life.
Consider implementing a back-up oracle in case your primary oracle goes down or does not support a specific token.