Omniscia Tren Finance Audit

SfrxEth2EthPriceAggregator Manual Review Findings

SfrxEth2EthPriceAggregator Manual Review Findings

SEE-01M: Unconfirmed Oracle Implementations

Description:

The referenced oracle implementations have not validated their source code and do not appear to be sanctioned by Chainlink despite what their interface implies.

Example:

contracts/Pricing/SfrxEth2EthPriceAggregator.sol
18AggregatorV3Interface public constant sfrxEth2FrxEthAggregator =
19 AggregatorV3Interface(0x98E5a52fB741347199C08a7a3fcF017364284431);
20AggregatorV3Interface public constant frxEth2EthAggregator =
21 AggregatorV3Interface(0x5C3e80763862CB777Aa07BDDBcCE0123104e1c34);

Recommendation:

The Frax oracle system is highly peculiar and may report prices that are up to 24 hours stale.

We strongly advise additional documentation to be introduced in relation to the oracles integrated by the SfrxEth2EthPriceAggregator contract to validate that the integration has been properly performed.

Alleviation (f6f1ad0b8f24a96ade345db1dd05a1878eb0f761):

The Tren Finance team evaluated this exhibit and opted to remove the implementation entirely, thereby alleviating this exhibit indirectly.