Omniscia Tren Finance Audit
SfrxEth2EthPriceAggregator Manual Review Findings
SfrxEth2EthPriceAggregator Manual Review Findings
SEE-01M: Unconfirmed Oracle Implementations
Type | Severity | Location |
---|---|---|
Logical Fault | SfrxEth2EthPriceAggregator.sol:L18-L19, L20-L21 |
Description:
The referenced oracle implementations have not validated their source code and do not appear to be sanctioned by Chainlink despite what their interface implies.
Example:
contracts/Pricing/SfrxEth2EthPriceAggregator.sol
18AggregatorV3Interface public constant sfrxEth2FrxEthAggregator =19 AggregatorV3Interface(0x98E5a52fB741347199C08a7a3fcF017364284431);20AggregatorV3Interface public constant frxEth2EthAggregator =21 AggregatorV3Interface(0x5C3e80763862CB777Aa07BDDBcCE0123104e1c34);
Recommendation:
The Frax oracle system is highly peculiar and may report prices that are up to 24 hours stale.
We strongly advise additional documentation to be introduced in relation to the oracles integrated by the SfrxEth2EthPriceAggregator
contract to validate that the integration has been properly performed.
Alleviation (f6f1ad0b8f24a96ade345db1dd05a1878eb0f761):
The Tren Finance team evaluated this exhibit and opted to remove the implementation entirely, thereby alleviating this exhibit indirectly.