Multiple price oracles and safetynet

This morning 2 september around 08:00 UTC some mAsset prices were off due to wrong oracle prices. In this specific case the mAssets were priced at 50% of real value, so the LTV of short farm was way above the recommended 200%. Everything is fixed now, awaiting a statement from devs.

But for alle we know, it could have been the other way around and YOU EASILY COULD GET LIQUIDATED.

So my proposal is to fetch more than one prices from different oracles and make a weighted oracle price to prevent liquidation in case of an oracle failure. Technically an odd number of oracles where the mayority is leading.

Also i propose a safety maeasure where liquidations will be cancelled when oracle prices are changing more than x% in a certain amount of time.

I would like to hear your opinion and feedback on this.

The additional Oracles is in the works (pending Link getting on Cosmos) but yes, that seem like it should be one of the highest priorities – one of the fastest things that could kill Mirror would be “false” liquidations.

The safety measure idea might be tough – as we expand assets to smaller companies or more crypto, sometimes overnight movements of 50%+ are possible. One possibility would be to look at the last 10 years of data and say a price movement largest than the single greatest daily move ever would trigger a 1 hour liquidation suspension. But what happens if it’s legitimate and the price keeps rising? Under collateralized short positions could be a nightmare given that Mirror doesn’t have an insurance fund.

I think you can tackle the legit price rising as follows: You have an odd number of different oracles and the majority of prices (with a small deviation) is the leading one.

Oracle 1: price = 235
Oracle 2: price = 230
Oracle 3: price is 540

So in this case the oracle price would be (235+230)/2=232.5

The incorrect pricing was caused by a convention used by the oracle that is NOT a good convention for pre-market and post-market hours in equities markets (oracle price = avg(bid,ask)

This convention can fail when either bid or ask is not available, so avg ends up being 1/2 the number actually presented. They are fixing it by using last price instead.

It is NOT possible for any failure in this convention to result in an oracle price that is 2x the actual price instead of half the actual price. So no, it could not have been the other way around.

The only liquidation risks from these failures would be mints that used the mAsset as collateral instead of UST or aUST. Ideally traders using unconventional collateral would be more aware of the potential risks around their choices.

Edit: since I correctly described the cause of the oracle failure 13 hours before the fix was announced, I think you can be satisfied that I have an understanding of what pricing misprints could result from it.

Thank you for your clear explanation. It is clear to me now and I am not worried anymore.

1 Like

The hard part is getting 3 Oracles

the multi-oracle system described is basically how Link works, so we could just switch to Link and use Band as fallback and it would accomplish the same thing (as soon as Link releases for Cosmos)