Venus Stars
In the rapidly evolving world of blockchain technology, ensuring the security and integrity of smart contracts is paramount. Recognizing this, Venus Protocol has demonstrated an unwavering commitment to security by engaging top-tier auditing firms in the crypto sector, such as CertiK, PeckShield, and Hacken, to conduct comprehensive security audits of their updated multi-oracle system.
Venus Protocol, a key player in the Binance Smart Chain (BSC) ecosystem, is updating its oracle system to interact with multiple third-party protocols. This significant update includes interactions with Chainlink Oracle, Binance Oracle, PythOracle, and Automated Market Makers (AMMs) like PancakeSwap. Given the potential risks associated with third-party interactions, Venus Protocol has taken the recommendation of constant monitoring of these third parties to heart, aiming to mitigate any side effects that may occur when unexpected changes are introduced.
The updated oracle system of Venus Protocol includes several key contracts:
ResilientOracle: This is an oracle aggregator which includes functionality for setting, updating oracle configurations for various tokens, pausing and unpausing the contract, and retrieving prices from different sets of oracles for tokens. This contract also interacts with three separate oracles for each asset. One oracle will be the main oracle, which will be the first choice for price. The second oracle will be the pivot oracle, whose price is used for comparison. The third oracle is the fallback oracle, whose price will be used in certain cases.
BinanceOracle: This contract fetches prices of assets from Binance oracle. It interacts safely with the Binance Oracle, checks that the returned price is not too old, chooses the correct asset for the underlying of vTokens or VAI, and returns the normalized price.
BoundValidator: This contract is used to validate prices from two different sources, according to the upper and lower bound ratios config for each vToken in this contract. It is designed to set bounds on the ratio of two reported prices for an asset and checks that the ratio of these prices lies within the specified bounds.
ChainlinkOracle: This contract fetches prices of assets from Chainlink oracle. It interacts safely with the Chainlink Oracle, checks that the returned price is not too old, chooses the correct asset for the underlying of vTokens or VAI, and returns the normalized price. It also adds functionality to add direct prices.
PythOracle: This contract fetches prices of assets from Pyth oracle. It interacts safely with the Pyth Oracle, checks that the returned price is not too old, chooses the correct asset for the underlying of vTokens or VAI, and returns the normalized price.
TwapOracle: This contract fetches prices of assets from PancakeSwap oracle. It interacts with PancakeSwap to fetch the cumulative prices and update them to the current block.timestamp to calculate the time-weighted average price (TWAP).
CertiK, a leader in Web3.0 security, was the first to conduct an extensive audit of Venus Protocol’s updated oracle system. The audit was conducted using a combination of manual review techniques and static analysis, setting a high standard for security from the outset.
Following the CertiK audit, PeckShield conducted another audit on Venus Protocol’s updated oracle system. The PeckShield audit found that the smart contracts were well-designed and engineered, though the implementation could be improved by resolving identified issues. This proactive approach to identifying and addressing potential vulnerabilities underscores Venus Protocol’s dedication to maintaining a secure system.
Most recently, Hacken conducted a security review and analysis of the Venus Protocol’s updated oracle system. The review affirmed the robustness of the system, highlighting the effective useof third-party oracles and the successful implementation of upgradable contracts. The report commended Venus Protocol’s attention to detail in setting up oracle addresses and managing access roles, further emphasizing the platform’s commitment to security.
Venus Protocol is making history by being the first protocol to implement resilient price feed oracles. With the upcoming V4 Upgrade and the introduction of the VIP-123 proposal, Venus Protocol is set to enhance its price feed system and mitigate the risks associated with single points of failure. These advancements underline Venus Protocol’s commitment to providing a secure and reliable DeFi platform for its growing community.
The introduction of oracle redundancy brings several key benefits to the platform and its users:
Increased Reliability: Redundancy measures minimize the impact of individual Oracle failures, ensuring a more reliable and uninterrupted flow of data within the protocol. Users can confidently rely on accurate information for their lending, borrowing, and investment decisions.
Enhanced Security: By diversifying oracle sources and leveraging decentralized oracle networks, Venus Protocol strengthens its overall security. The redundancy measures make it more challenging for malicious actors to manipulate data or disrupt the platform’s operations.
Continuity and Resilience: Oracle redundancy measures ensure the continuity of data feeds, even in the event of individual oracle outages. This resilience contributes to the stability of Venus Protocol and minimizes the potential for disruptions or downtime.
The VIP-123 proposal, a key part of this upgrade, replaces the previous price provider with the Resilient Price Feeds and grants governance permissions to configure them. This empowers the community with greater control over the platform’s price feed system and optimizes the price feeds for markets in the Venus Core pool.
In conclusion, the Resilient Price Feed update and the VIP-123 proposal mark a significant step forward for Venus Protocol. By embracing oracle redundancy and multiple oracle integrations, Venus Protocol sets new standards for reliability and resilience in the DeFi ecosystem. As the protocol continues to evolve, Venus Protocol remains at the forefront of innovation, reinforcing its position as a leading player in the industry. These advancements pave the way for a resilient and trustworthy future for decentralized finance.
Audit reports
Deployed contracts on main net:
References
- Repository
- Simulation pre/post upgrade
- Deployment on testnet
- Community post about Venus V4, introducing Resilient Price Feeds
- Venus Stars blog post about Binance Oracle
- Community discussion about Pyth Oracle
To closely follow the progress and updates of this exciting V4 proposal, Venus Protocol will be by your side through its website, and the Dapp. For the latest news and events, you can visit Venus Community. For the latest updates, you can visit our Twitter and our Telegram Announcement Group. We also have a global community on Telegram and Discord.