OpenZeppelin conducted an audit of the Venus Protocol Oracles from May 8, 2023, to May 23, 2023. The audit focused on the
VenusProtocol/oracle repository, particularly the
TwapOracle contracts. These contracts are essential to the Venus Protocol as they are required to obtain current fair market prices for certain assets on the Binance Smart Chain.
OpenZeppelin did not identify any critical, high, or medium severity issues in the audited code. However, they identified two low severity issues:
ChainlinkOraclecontract was using an outdated Chainlink interface,
AggregatorV2V3Interface, instead of the recommended
AggregatorV3Interface. This was resolved in pull request #84 at commit ddd4b02.
- The audit found misleading documentation in several lines of code in the
TwapOraclecontracts. These discrepancies between the comments and the code’s intention were also resolved in pull request #84 at commit f4352f1.
In addition to the low severity issues, OpenZeppelin raised several notes and additional information:
TwapOracle.solfile included constants that did not use the
UPPER_CASEformat as recommended by the Solidity Style Guide. This was resolved in pull request #84 at commit 70a2211.
- The codebase did not follow the recommended layout as per the Solidity Style Guide. The Venus team acknowledged this but did not resolve it, stating that linting the
Pyth Interface, which was copied from the original project, would complicate the diff when updating.
- Unnecessary type casting was found in the
TwapOraclecontract, which was resolved in pull request #84 at commit 66707bd.
- Global namespace pollution was identified due to the definition of structs outside of the contracts in the
TwapOraclecontracts. This issue was resolved in pull request #84 at commit 28f4924.
The audit report provides additional details and insights into the operation of the Venus Protocol Oracles, including the functioning of the
ResilientOracle and the role of the
Overall, the audit reflects positively on the Venus Protocol Oracles, with most identified issues being low severity and subsequently resolved.
Read the full article HERE
To stay up to date with the latest developments and progress, you can visit the Venus Protocol Website and Dapp. For the latest news and events, we invite you to visit the Venus Community. To receive the latest updates, please follow us on Twitter and in our Telegram Announcement Group. We also invite you to join to our global community on Telegram for a broader discussion.