[Question][Discussion] Oracle Feeder security

Based on the docs the Oracle Feeder uses Band for mAssets prices. Even Band has it’s own security mechanisms this is a single point of failure within the Mirror protocol. A bug or a hack on Band data feeds can be fatal for Mirror.

I think Mirror should use 2 different oracles for each data feed (e.g. Band and Chainlink)

One oracle will be the main data feed. The second oracle will only be used to detect anomalies in the price. If the price provided by the 2 oracles differs in more than X% (e.g. 10%) Mirror will halt the market and liquidations until the 2 oracles show a reasonable difference in price.

P.S. this is based on my conclusions after reading the docs. There may already be this or other security practices in place

1 Like

I believe there is work on getting a second oracle up, but as for integrating a dual-feed to detect anomolies, I think it’s a brilliant idea! That should definitely be part of v3. I’m not sure how that would integrate into the existing contracts or if that is even possible as once contracts are deployed it’s hard to update / enhance if it is not building strictly ontop of.

I asked in the discord and they advised they have multiple data sources. But 100% agree there need to be significant redundancies. Not to mention we just need another oracle integration so that we’re not stuck constantly waiting for Band to expand their assets (RWM was whitelisted almost a month ago and no word on an Oracle feed)