Price Validation
Staleness detection, zero/negative price rejection, and incomplete round
checks via answeredInRound < roundId. Three conditions that the
standard integration example skips entirely.
Overview
Integrating a Chainlink price feed looks simple:
(, int256 price, , , ) = priceFeed.latestRoundData();That single line has been at the center of several high-profile exploits. Compound lost 89M USD to an outlier DAI price in 2021. Venus Protocol and Inverse Finance followed with similar patterns. Each time, the contract trusted the feed unconditionally. No mechanism existed to reject a bad round.
This repository exists because that one-liner is not enough.
What this covers
Deviation Guard
Compares each round against a stored baseline in basis points. A 34% DAI deviation (what triggered the Compound incident) would never pass a 5% guard.
L2 Sequencer Uptime
Checks the Chainlink Sequencer Uptime Feed before accepting any price. Includes a one-hour grace period after sequencer restarts. Most integrations on Arbitrum and Optimism skip this entirely.
Test Suite
Foundry tests using MockV3Aggregator. Abstract base contract, separate
L2 test class, deployment integration tests, and fuzz coverage across
256+ random price inputs.
Exploits this prevents
| Incident | Year | Loss | Guard |
|---|---|---|---|
| Compound DAI liquidations | 2021 | $89M | Deviation guard |
| Venus Protocol XVS | 2021 | $208M | Staleness + deviation |
| Inverse Finance | 2022 | $15M | Deviation guard |
| L2 sequencer downtime | Ongoing | Variable | Sequencer uptime check |
Related
This implementation is a companion to Oracle Trust Models: A Bitcoin Perspective, specifically the Failure Modes and Tradeoffs section, which covers how oracle failure modes differ across EVM aggregation systems and Bitcoin attestation-based constructions.
Source
github.com/rxbryan/chainlink-feed-consumer