Skip to main content

3 posts tagged with "defi"

View All Tags

· 6 min read
Rahul Saxena

Bullet-proof your PriceFeedManager contracts

Gm developers and fellow auditors!!

In almost any decentralised application in the domain of decentralised finance, one of the most critical components of the protocol is to fetch the prices of assets on-chain. This is mostly enabled by on-chain oracles.

Oracles are data feeds that bring data from off the blockchain (off-chain) data sources and puts it on the blockchain (on-chain) for smart contracts to use. This is necessary because smart contracts running on Ethereum cannot access information stored outside the blockchain network.

Unsurprisingly, protocols introduce a LOT OF bugs when implementing their contracts that interact with such oracles. This is mostly because it is quite hard to account for all the attack vectors due to the somewhat hybrid (off-chain and on-chain) nature of oracle interactions.

Hopefully, this article will help you to bid farewell to all the most common price feed contract bugs from your protocol. Read this thread and bid goodbye to all your price feed contract bugs.

This thread will be focused on the Chainlink oracles and how to deal with them, since they are one of the most popular choices. Other popular oracles are the Uniswap v3 Oracles, MakerDAO Oracle, etc.

Grab some popcorn, this is gonna be fun. Time for my top 10 tips:


Let's begin our journey through these tips

Grab some Cola, cause these tips' delivery can get a bit spicy.

1. Backup Oracles are a must

As a degen, hedging risks must be a completely alien concept to you, but do not let that affect your dev life.

Consider implementing a back-up oracle in case your primary oracle goes down or does not support a specific token.


· 16 min read
Rahul Saxena


Note: You can also watch a phenomenal short video as an introduction to derivaties. This is recommended for people who already have a bit of understanding in this regard.

Derivative: A financial contract, whose value depends on it's underlying assets.

For example, an apple pie is a derivative of an apple as it is derived from the apple and the price of the apple pie is determined by the quality and quantity of the apples used to make it (among other things).

Similarly, the price of a financial contract that is derived from some underlying assets such as shares of stock is determined by the quality,quantity and current price of the underlying asset and is known as a derivative.

Derivative are of 4 types:

  • Options
  • Futures
  • Swaps
  • Forwards

· 14 min read
Rahul Saxena

The International Testing Standard (TITS) for DeFi

Declaration Tweet.

Mission Statement

I believe that protocols need to be held to a higher standard of testing. Web3 protocols are decentralised, therefore there are no centralised authorities, and subsequently there is no regulatory pressure on the protocols to do quality checks on their protocols.

Is this an issue?
Is this a big issue?


Well, because, speaking strictly from an economic perspective, it makes much more sense for a protocol to use its time and developer resources on shipping a v2 of their protocol once the initial set of smart contracts are coded rather than spending it on testing their protocol. The protocols presently, try to, conviniently shift the burden of testing and quality assurance on the auditing firms and sometimes on insurance firms. However, Auditing + Insurance is still not enough to offer the level of peace of mind that people should have on software that handles their money.

Therefore, the development team, that is the most intimately familar with the code base, must make it a sacred duty of theirs (just like doctors take the Hippocratic Oath) to test their code to the best of knowledge and ability.