Overview
TheOracle contract is responsible for secure and configurable price reporting for supported assets. It is tightly coupled with a vault module (implementing IShareModule) and provides price validation, deviation tracking, and rate-limited report submission.
It enforces strong assumptions around data integrity, report timing, and trust minimization through roles and deviation thresholds. This oracle ensures consistent pricing across all queue, share, and vault-related computations.
Key Responsibilities
- Report Submission: Allows trusted accounts to submit price updates
- Deviation Analysis: Compares new prices against the last report for suspicious behavior
- Timestamp-based Rate Limiting: Prevents frequent or premature reports
- Asset Management: Controls which tokens are supported by the oracle
- Oracle Price Validation: Used by other modules (e.g.,
SignatureQueue) to verify incoming prices
Roles
SecurityParameters
- Absolute Deviation: Hard limits on price delta in price units
- Relative Deviation: Tolerance as a percentage (e.g., 5% = 0.05e18)
- Timeout: Minimum time between valid reports (ignored if the previous report is suspicious)
- depositInterval: Minimum age required for a deposit to be processed
- redeemInterval: Same, but for redemptions
Reports
Key Functions
View
Mutable
Reporting Logic
When callingsubmitReports(...):
- Each asset is checked for support
- The previous report is evaluated:
- If
timeouthas not passed, and the report is not suspicious → revertTooEarly
- If
- Price is compared against previous:
- Too far off → revert
InvalidPrice - Moderately off → flagged
isSuspicious
- Too far off → revert
- If the report is accepted:
- Triggers
vault.handleReport(...)with adjusted deposit and redeem timestamps - Emits
ReportsSubmitted
- Triggers
Validation Logic
Prices are validated by:- Calculating absolute deviation
- Calculating relative deviation
- Comparing against
maxandsuspiciousthresholds
- Rejected if either deviation exceeds max
- Accepted but suspicious if above suspicious threshold
- Accepted as normal if within all limits
SignatureDepositQueue,SignatureRedeemQueue,DepositQueueandRedeemQueuecontracts- Vault’s limit accounting (RiskManager)
Events
Security Considerations
- Only trusted roles can push prices
- Suspicious reports cannot be accepted without explicit approval
- No pricing logic oracles trust external feeds — price validation is local
- Prevents manipulation by enforcing absolute & relative deviation constraints