OpenZeppelin’s Security Team has read through PR 780, which aims to add MaticX as collateral on Compound’s Polygon USDC market. The goal of our analysis was not to provide a full security audit but rather to ensure that the data being used and the protocol interaction is accurate. We checked:
- that the cited contract addresses for MaticX and the Chainlink price feed are correct
- that the deployment strategy (of adding an asset and then redeploying the market’s implementation) is correct
- that the configuration data for the new collateral asset matches the “aggressive” parameters found in Gauntlet’s analysis
- that the proposed price feed today has a healthy amount of operators (fifteen)