Wonderful Chartreuse Cat
Medium
The integration with API3 has an issue arising from how price feeds are maintained. API3 itself only maintains the freshness of data when the given price feed is sponsored.
Even in given situation where the Mach in the brief file mentions that the Mach protocol will sponsor feeds for supported assets, this is not guaranteed to be the case for the liveness of the deployed contract itself.
As such, it is better to reject transactions with stale prices (in the case of API3, the heartbeat is always 24 hours) than to use outdated prices. In case of an emergency, any user will be able to sponsor the given API3 price feed if it affects their position.
The API3 integration contract does not perform a staleness check and does not switch to a fallback oracle in such situations. It only verifies that the price is > 0 (here), which is insufficient.
None.
- API3 sponsored price feed expires.
- A borrower position can become liquidated based on the outdated price feed, or they can borrow more than they should.
- Enforce a staleness check in the API3 integration contract.