Huge Tiger Pike
Medium
Price feed networks often provide price data accompanied by a measure of uncertainty, typically expressed as a confidence interval. This interval serves as an indicator of the reliability of the reported price values. Best practices for Pyth oracles suggest utilizing this confidence interval to enhance the security of financial protocols. Incorporating these confidence intervals as recommended in the documentation could significantly reduce the risk of users exploiting inaccurate price data.
In PythOracle.getThePrice() the confidence interval of the price is ignored
No response
- an asset is highly volatile at a particular point in time
- user waits for the oracle to provide a price with low confidence
- calls matchOffers with a borrow order leveraging oracles, fully aware that they will receive advantageous terms
Lenders are not maximizing their potential, because they could have received additional collateral for the principles they supplied.
No response
require(priceData.price > 0, "Invalid price");
+ if(priceData.conf > 0) { // when == 0, confidence is 100%
+ require(priceData.price / int64(priceData.conf) < MIN_CONFIDENCE, "Price confidence too low");
+ }
return priceData.price;