Omniscia Alliance Block Audit
USDTTKNPriceOracle Manual Review Findings
USDTTKNPriceOracle Manual Review Findings
USD-01M: Inexplicable Centralization of Oracle Management
| Type | Severity | Location |
|---|---|---|
| Centralization Concern |  | USDTTKNPriceOracle.sol:L45-L52 |
Description:
The USDTTKNPriceOracle contract permits its owner to change the oracle utilized. According to the documentation, the owner should renounce ownership once the final oracle has been set, however, we do not see this flow properly observed thus causing a potentially centralized oracle contract to be deemed as safe to use.
Impact:
A centralized feed accepted as a proper oracle for price calculations allows the owner to manipulate the prices reported by the oracle at will.
Example:
38/// @param priceFeed_ Address of the Chainlink price feed.39constructor(address priceFeed_) {40 require(priceFeed_ != address(0), "USDTTKNPriceOracle: 0_PRICE_FEED");41 priceFeed = AggregatorV3Interface(priceFeed_);42 emit PriceFeedChanged(msg.sender, priceFeed_);43}44
45/// Update the price feed. Only owner of the contract can update the price,46/// once the final feed is set, owner should renounce the contract ownership.47/// @param priceFeed_ Address of the Chainlink price feed.48function updatePriceFeed(address priceFeed_) external onlyOwner {49 require(priceFeed_ != address(0), "USDTTKNPriceOracle: 0_PRICE_FEED");50 priceFeed = AggregatorV3Interface(priceFeed_);51 emit PriceFeedChanged(msg.sender, priceFeed_);52}Recommendation:
We advise either the setter function and ownership of the contract to be omitted given that the oracle should be known during deployment time or the calculateUSDTtoTKN function to revert execution if the ownership of the contract is non-zero, either of which we consider an adequate resolution to this exhibit. As an additional note, the former solution would permit the variable of the oracle to be set as immutable further optimizing the gas cost of the codebase.
Alleviation:
The Alliance Block team stated that the blockchain they wish to deploy the system to does not have a Chainlink oracle set up yet and as such a degree of centralization is mandatory. Given that the Alliance Block stated and indicates in the documentation that ownership will be renounced once the final feed has been set, we consider this exhibit sufficiently addressed as long as users apply proper due diligence to ensure that the oracle is in a finalized state before interacting with the protocol.