MIP10c9-SP8: Whitelist DDEX on WBTCUSD Oracle

MIP10c9: Subproposal to Whitelist Oracle Access

Preamble

MIP10c9-SP#: 8
Author(s): Scott Winges
Contributors: Nik Kunkel
Type: Process Component
Status:
Date Proposed: <2020-09-09>
Date Ratified: <yyyy-mm-dd>

Specification

Introduction

DDEX used the Maker medianizer oracle v1 for WBTC/USD price info prior to deprecation. The price is primarily used for determining the collateral status of loans, but is also used for several other information fields on the application. DDEX would use the v2 medianizer for the same purposes.

Oracle Name

  • WBTC/USD

Customer(s)

Whitelist

- DDEX - 0x4935B1188EB940C39e22172cc5fe595E267706a1 - Medianizer

Requirements

For each customer address to be whitelisted:

  • Is the contract source code verified on etherscan? yes
  • Is the Oracle data used in a permissioned manner that would prevent parasitic behavior? no
  • Is Oracle data written to storage? no
  • If Oracle data is stored, is it stored in a private variable? no
  • If Oracle data is stored, is the value accessible on-chain exclusively by the protocol? no

Fee

2 Likes
function getPrice(
        address _asset
    )
        external
        view
        returns (uint256)
    {
        require(_asset == asset, "ASSET_NOT_MATCH");

        (bytes32 value, bool has) = IMakerDaoOracle(makerDaoOracle).peek();

        if (has) {
            return uint256(value) * (10 ** (18 - decimals));
        } else {
            require(block.number - sparePriceBlockNumber <= 3600, "ORACLE_OFFLINE");
            return sparePrice;
        }
    }

I’ve looked through the code and noticed that the method that is calling the Medianizer contract is publically acessible. This goes against one of our requirements as it would enable 3rd parties who aren’t whitelisted to get access to the Oracle data. If you were to make that function accessible only by your contracts then we can move this proposal forward.

1 Like

Hey Nik - modified the code a bit, new addresses are below (will edit the originals too)

Let me know if these solve the issue!

Eth: 0xf39cCf729F6C8082ee1Ae598Fc757647c3ebddf0
Wbtc: 0x4935B1188EB940C39e22172cc5fe595E267706a1

Have reviewed the code. This looks good and I think we can move forward with this.

2 Likes