Author Topic: an important security enhance (Read 1003 times)

sudo

Quote from: alt on December 09, 2015, 12:30:46 pm

now, don't know why, several witness publish feed price double
for CNY, the normal price is 0.025, but some witness publish 0.049.

this can be a very serious security problem.
if more witness give wrong price, we will get a final feed price at 0.049,
users can borrow CNY at price 0.049, the collatereal is not enough, a black swan will happe.

I don't want to talk about why they give a wrong feed price, maybe it's a bug of feed script,
maybe an exchange return a wrong price

the more important thing is we should avoid this happen even if the witness give a wrong feed price.
so I ask for a new limit at the borrow logic

currently when we borrow from the wallet, the collatereal's price is the feed price.
we should get it from min(feed price, highest bid price)

alt · « *Last Edit: December 09, 2015, 12:39:49 pm by alt* »

now, don't know why, several witness publish feed price double
for CNY, the normal price is 0.025, but some witness publish 0.049.

this can be a very serious security problem.
if more witness give wrong price, we will get a final feed price at 0.049,
users can borrow CNY at price 0.049, the collatereal is not enough, a black swan will happe.

I don't want to talk about why they give a wrong feed price, maybe it's a bug of feed script,
maybe an exchange return a wrong price

the more important thing is we should avoid this happen even if the witness give a wrong feed price.
so I ask for a new limit at the borrow logic

currently when we borrow from the wallet, the collatereal's price is the feed price.
we should get it from min(feed price, highest bid price)

Author Topic: an important security enhance (Read 1003 times)

sudo

Re: an important security enhance

alt

an important security enhance