๐ฎChainlink Price Feeds
Exactly Protocol uses Chainlink's data feeds to get reliable, up-to-date, and secure asset prices to calculate users' lending power and health factor.
OP Mainnet
Asset | Price Feed |
---|---|
esEXA | |
EXA | |
OP | |
USDC | |
WBTC | |
WETH | |
wstETH |
Ethereum Mainnet
Asset | Price Feed |
---|---|
DAI | |
ETH | |
USDC | |
WBTC | |
wstETH |
Chainlink
Chainlink is the most used data provider in the industry. It provides secure pricing feeds and is the DeFi standard Oracle network with over six trillion transactions value enabled. No liveness checks are performed while retrieving Oracle data. Chainlink offers robust and historically stable price feeds, even more on Mainnet for high-liquid assets such as WBTC, ETH, and DAI. Also, avoiding this check can lower the gas consumption of the involved transactions. The following contracts depend directly on Chainlink's price feed: Auditor, Price Feed Wrapper, and Price Feed Double.
Uniswap TWAPs
Other sources, such as Uniswap's TWAPs, have been considered but finally discarded.
After Ethereum's upgrade from proof of work to proof of stake, block proposers are chosen deterministically before they validate blocks. This feature creates new challenges for decentralized price oracles, like those provided by Uniswap V3, because they open up more significant potential for inter-block price manipulation, as detailed below.
Block proposers are alerted when they are selected to propose a block. This gives them a unique opportunity to carry out oracle manipulation attacks. If they are chosen to propose block n, they can attempt to manipulate the spot price on block n-1, knowing that they will be free to arbitrage their price manipulation on the next block (and censor any other attempts at arbitrage).
It is hard to estimate how many block proposers will view oracle manipulation attacks as a legitimate way to increase their income. It seems likely many will not take the risk of carrying out these kinds of attacks. However, as long as the number is non-zero, it is clear there is some reduced cost for carrying out these possible attacks.
Price Denominations
All asset prices, including stablecoins, are accurately reflected by querying them from live, and regularly updated price feeds. This approach avoids hardcoded values, providing users with reliable and up-to-date pricing information.
On Mainnet, the Auditor obtains and uses prices to calculate accounts' collateral and debt values in ETH denomination. In this way, an extra call (ETH-USD) is saved, which translates to a reduction in gas consumption for liquidity checks.
On Optimism, prices are currently retrieved and used in USD denomination due to lower availability in price feeds offered by Chainlink.
It's important to notice that this difference is only spotted at a smart contract level and does not imply any variation in the result of the health factor calculation. The web app shows prices in USD denominations for a better understanding from a user's perspective.
Deprecated Chainlink interface
Exactly's smart contracts are fetching asset prices through a deprecated interface provided by Chainlink.
In a previous audit by Coinspect (EXA-36), we already acknowledged this decision in the spirit of transparency. We assured our users that we have assessed and taken appropriate measures to mitigate the associated risks.
Our choice to continue using this deprecated interface is based on several factors. We have implemented a low minimum timelock delay (1 day) and an upgradable Auditor, which enable us to respond swiftly if prices are not being updated accurately.
We have confidence in the robustness and historical stability of Chainlink's price feeds, particularly for highly liquid assets, the only ones enabled as Markets.
It is worth noting that another difference with checking liveness is that transactions would revert in case of outdated updateTimes
but as a downfall this may potentially hinder liquidations. We have carefully weighed the trade-offs and decided to assume the associated risks while focusing on reducing gas costs for our users.
We remain committed to the security and reliability of our protocol and will continue to monitor and evaluate any third-party integrations.
Last updated