Open Price Feed Proposal Development

In order to migrate to the Open Price Feed, the community should be convinced that it’s a good idea, or discover reasons why it’s not. This topic exists to discuss and publicly review the technical merits of the proposal. This project has been developed 100% transparently in this public repository on GitHub.

We view this oracle change as a final milestone in decentralization the protocol, by removing the permissioned poster role. The current mechanics are designed for an off-chain reporter anchored to an on-chain price. The prices coming from Coinbase off-chain must agree within a 20% tolerance of the prices coming from Uniswap on-chain, otherwise they will be rejected.

A full specification for the proposed oracle can be found here.

Source Code

The branch for active development of the Uniswap Anchored Coinbase Reporter View can be found in this GitHub pull request.

Coinbase Reporter

The Coinbase Reporter reads from the Coinbase Price Oracle.

In an extreme circumstance in which Coinbase believes their reporter key may have been compromised, the reporter also has the ability to sign an ‘invalidation’ message. Anyone may post this message to the chain, and the Open Price Feed will fall back to only using the Uniswap anchor prices, until a new oracle can be chosen.

Uniswap Anchor

A certain amount of time (anchor period) is elapsed before the contract is fully initialized. From that point on, whenever prices are posted, the Uniswap price accumulators are read, and updated if a new anchor epoch is possible. The time-weighted average price (TWAP) is the difference in the current and epoch forming accumulators, divided by the amount of time elapsed. In this way, we guarantee the accumulators are at least a certain distance apart, and thus the TWAP is taken over a long enough period of time.

In practice, we expect 30 minutes to be long enough to make Uniswap price manipulation attacks prohibitively expensive, however this also comes with some assumptions about the size of the market that must be considered. See also this discussion of oracle integrity and this analysis of price manipulation.

Adding New Tokens

The oracle is designed to support pricing tokens before or after they have a cToken wrapping them. Listing new tokens requires deploying a new view contract however, as all configuration variables are immutable. We also intend to post prices for a few more tokens which have reported prices, and which can thus be added to the protocol without changing oracles again.

What kind of quality assurance has been done?

Fundamental Tests

We are still in the process of testing this code, which involves rigorously writing unit and integration level tests.

Open Zeppelin Audit

The code is currently being audited, we expect to have an initial report by the end of this week. The code can then be adjusted as needed based on feedback, and with additional testing.

Protocol Forking Simulations

We are working on creating hypothetical simulations demonstrating that the proposed new oracle, if elected, continues to operate successfully within the protocol.

Formal Verification

We are working with Certora to formally specify and check properties of the contracts. We are still integrating feedback based on their analyses and findings. See the pull request in the GitHub repository for tracking changes.

Where are the proposed deployments?

Kovan

Coming soon

Ropsten

Coming soon

Mainnet

TBD

1 Like

The audit report from Open Zeppelin is now available. The report details a number of improvements, and a few issues that were already obsoleted by fixes made after submitting to the auditors. We have reviewed and addressed the remaining feedback here.

We are now primarily focused on launching the testnet implementations, and testing the oracle under conditions more similar to mainnet. More updates here to follow.

1 Like

Testnets have been deployed:

Kovan: https://kovan.etherscan.io/address/0xbBdE93962Ca9fe39537eeA7380550ca6845F8db7
Ropsten: https://ropsten.etherscan.io/address/0xbef4e076a995c784be6094a432b9ca99b7431a3f

See Geoff’s post for more details.

Certora has finished preparing their report of the analysis they performed on the Open Price Feed contracts:

Thanks to Certora for helping catching several early bugs and for improvements in code clarity.

1 Like

We have a verified implementation on mainnet that we’ve started posting to here. The prices can also be seen any time on the Compound website.

We’ve also put together this notebook to help track deviations, and to simplify manual price posting in any event where anyone feels the desire to update prices immediately.