Preamble
Name: Upgrade Compound v2 Oracle To Disable UAV
Author(s): Michael - Chainlink Labs (@CL_Michael)
Status: Idea
Type: Protocol Enhancement
Created: 2023-10-17
Abstract
This proposal aims to reduce risks around the operation of Compound v2 by disabling the UniswapAnchoredView (UAV) by upgrading to a PriceOracle contract that directly consumes data from Chainlink Feeds Prices, similar to Compound III. The proposal also includes a configuration update to use the relevant Chainlink Price Feeds for stablecoin valuations, similar to Compound III, instead of using the hardcoded âFixedPriceâ values.
Motivation
Compound v2 fetches market data about supported tokens from Chainlink Price Feeds. Before data is ingested, the UAV is used as a reference anchor mechanism, where updates from Chainlink feeds are rejected if the reported value differs by a predefined percentage compared to the reported value by a Uniswap v3 TWAP oracle.
In times of market volatility, the UAV has caused several problems by blocking accurate price data from Chainlink Price Feeds from being ingested into the protocol due to the high latency and delayed pricing from Uniswap v3 TWAP oracles.
For example, below we showcase an incident where the UAV caused data from Chainlink Price Feeds regarding the SUSHI/USD exchange rate to be rejected in the Compound v2 protocol, despite data from the Chainlink feed closely tracking highly liquid exchanges.
Key:
- Green Dots: successful Compound v2 Price Oracle updates
- Blue Dots: Reporter - Chainlink SUSHI/USD Price Feed updates
- Red Dots: Anchor - Uniswap v3 TWAP
- Control: Grey Line - historic Coinbase/Binance âcloseâ price for SUSHI/USD
In this example, the Uniswap V3 TWAP oracle fell out of sync with spot market pricing during a sharp price drop around ~4:23 AM on June 10, 2023. After a sudden drop, the reporter (Chainlink Price Feed) was in the $0.50 - $0.59 range closely tracking the controls, but the TWAP anchor was above the $0.70 range.
Here is an example transaction during the PriceGuarded event at 04:33 AM:
reporterPrice: 569140 = $0.569anchorPrice: 735443 = $0.735
The result was that updates to the Price Oracle were blocked, and Compound v2 was stuck with stale, inaccurate prices for nearly 15 hours.
Other instances of this have happened with tokens such as BAT, ZRX, and COMP in the past. Although there have been initiatives to reduce these risks by pausing the supply of specific markets, operating the UAV is an overall detriment to the protocol regarding efficiency and safety. This proposal aims to remedy these pitfalls at the source by disabling the UAV.
Proposal Details
To mitigate the above issues that are a result of the UAVâs underperformance, this proposal defines a migration path for Compound v2 to use an upgraded PriceOracle contract that directly consumes market data from Chainlink Price Feeds. Note that this method of directly consuming data from Chainlink Price Feeds is comparable to how Compound III has operated since its original deployment without issue.
With this proposal, Chainlink Labs will write and deploy an upgraded version of the PriceOracle contract.
-
Store mapping of cToken assets to respective Chainlink Price Feeds for all pairs.
-
Store
baseUnitconfig for each asset -
Write the
getUnderlyingPricefunction to retrieve prices directly from Chainlink Price Feeds. Documentation
3A. CalllatestRoundDataon the Chainlink Price Feed for the specific pair to retrieve the price
3B. Readdecimalsfrom the Chainlink Price Feed to use when formatting the data
3C. Convert the price into the expected format. Example- Comptroller needs prices in the format:
${raw price} * 1e36 / baseUnit. The baseUnit of an asset is the amount of the smallest denomination of that asset per whole. For example, the baseUnit of ETH is 1e18. Since the price in the ETH Feed has 8 decimals, we must scale them by1e(36 - 8) / baseUnit
- Comptroller needs prices in the format:
-
Write methods to update configs on the PriceOracle contracts to allow the Compound community to update or add new feeds without a contract redeployment.
After community vote, an approval will result in disabling the Compound v2 UAV by replacing the contract with the new version of the PriceOracle in the Comptroller. No changes are needed in how the Comptroller works. It will interact with the upgraded PriceOracle the same way it did with the UAV.
Rationale
We have seen that the Compound community is increasingly inclined to shift users over to Compound III as it offers better efficiency and safety. To learn more about these efforts, @Gauntlet has posted about Compound v2 Deprecation Strategy. Disabling the UAV can be seen as another way to reduce existing issues and overhead with Compound v2 for those still using the protocol. Compound III has been operating using Chainlink Price Feeds directly without a UAV since its original deployment due to Chainlinkâs proven historical reliability and accuracy, even during extreme network congestion and market volatility.
As an additional risk mitigation move for Compound v2, this proposal includes an updated config that uses the relevant Chainlink Price Feeds for the valuation of stablecoins, similar to Compound III, as opposed to the current hardcoded âFixedPriceâ values (which can become inaccurate and introduce protocol risk during stablecoin depeg events).
Another noteworthy benefit, the upgraded PriceOracle contract will include methods that make it significantly easier for the Compound community to update or add new feeds to the PriceOracle, as a redeployment from Chainlink Labs would no longer be required.
Expected Impact
The architecture has been intentionally designed to be a low-lift change. If the on-chain vote approves the proposal, Uniswap V3 TWAP prices will be disabled in the reference anchor immediately without downtime or changing the Comptroller.
Security Considerations
To replace a critical component in the Compound v2 protocol, it is crucial to prioritize security. Therefore, Chainlink Labs will partner with OpenZeppelin, Compoundâs security service provider, to ensure a seamless upgrade process.
One of the essential steps involves meeting the testing standards established by the Compound community, as described in OpenZeppelinâs process:
- Proposal Simulations - comprehensive simulation testing before being submitted for a governance vote.
- Change management - ensure that code deployed on-chain always matches the versions of the Compound protocol repository to maintain high quality and readability.
OpenZeppelin will perform an audit, and we will collaborate on any necessary changes resulting from their findings.
The community will also have the opportunity to test the new oracle contract themselves by using the framework in the oracle repo and following the instructions provided (we encourage you to do so!). After completing the required coding work, Chainlink Labs will monitor the performance on mainnet before the community vote.
Next Steps
- Chainlink Labs will begin development on the new PriceOracle based on community feedback
- OpenZeppelin to conduct an audit on the PriceOracle
- Test and monitor the new PriceOracle on mainnet
- Share the results with the community for review and feedback before going to an on-chain vote
We welcome the Compound community to share their thoughts and feedback regarding this proposed upgrade to Compound v2âs oracle architecture.
Disclaimer
Chainlink Labsâ development work is offered âas isâ without representations, guarantees, or warranties of any kind, on a commercially feasible basis and subject to the Compound DAOâs acceptance of the Chainlink Labs terms of service (available at Terms of Use â Chainlink Labs). The benefits are solely being made available to the Compound Protocol and not to any other party, including the Compound DAO.
Copyright and related rights waived via CC0.