Oracle With Validation
The Oracle With Validation Check is a custom oracle contract that validates prices from a primary oracle against a secondary validation oracle. It conforms to the Morpho Blue IOracle interface and provides protection against oracle price feed malfunctions (e.g., incorrect prices reported for a short time period or prices out of line with market conditions) by ensuring that two independent oracle sources agree within a specified deviation threshold.
The contract adds redundancy and additional levels of certainty to price feeds. It always returns the primary oracle's price, but reverts if the deviation from the validation oracle exceeds the configured maximum threshold. This design is only used for liquid markets where multiple oracle providers or onchain sources track prices with high fidelity.
Trade-off: The risk of this oracle is that price calls will revert if both price feeds are not within the deviation limit, which will prevent liquidations from being executed. In practice, the deviation can be set to be relatively wide (typically 1-LLTV), which is the threshold where an oracle price discrepancy can start impacting the market's solvency.
How It Works
1. Dual Oracle Architecture
The contract uses two independent oracle sources:
Primary Oracle:
- The main price source (e.g., Chainlink)
- Price is always returned to callers
- Must return non-zero prices
Validation Oracle:
- Secondary price source for validation (e.g., TWAP, Chronicle, Redstone)
- Used to detect price manipulation or oracle failures
- Deviation is checked against primary oracle
Deviation Calculation:
- Absolute deviation:
|primary - validation| - Maximum allowed deviation:
primary × MAX_ORACLE_DEVIATION - If absolute deviation exceeds maximum, the price call reverts
2. Price Validation
When price() is called, the contract performs the following checks:
Validation steps:
- Fetches price from primary oracle
- Validates primary price is not zero
- If validation check is paused, returns primary price immediately
- If validation check is enabled, fetches price from validation oracle
- Calculates absolute deviation between the two prices
- Compares deviation against
MAX_ORACLE_DEVIATIONthreshold - Reverts if deviation exceeds threshold, otherwise returns primary price
Deviation threshold:
- Configured as
MAX_ORACLE_DEVIATION(18 decimals, e.g., 5e16 = 5%) - Should be set wide enough to account for natural oracle deviations
- Typically set below (1 - Liquidation LTV)
- Immutable after deployment
3. Guardian Controls
If a guardian is set, they can pause/unpause the validation check:
Pause validation check:
- Callable by guardian via
pauseValidationCheck() - When paused, only primary oracle is used (no deviation check)
- Useful if validation oracle fails or becomes unreliable
Unpause validation check:
- Callable by guardian via
unpauseValidationCheck() - Re-enables deviation checking
Guardian management:
- Owner can update guardian address via
setGuardian() - Owner can permanently abdicate the ability to change guardian via
abdicateSetGuardian() - Once abdicated, guardian becomes immutable
- Uses OpenZeppelin's
Ownable2Stepfor safe ownership transfers
Key Parameters
- PRIMARY_ORACLE: Address of the primary oracle (immutable)
- VALIDATION_ORACLE: Address of the validation oracle (immutable)
- MAX_ORACLE_DEVIATION: Maximum allowed deviation between oracles in 18 decimals (immutable, must be < 100%)
- guardian: Address that can pause/unpause validation checks (mutable unless abdicated)
- validationCheckPaused: Whether validation check is currently paused (default: false)
- setGuardianAbdicated: Whether the ability to change guardian has been permanently removed (default: false)
Considerations
- Primary oracle always used for price, ensuring consistency
- Reverts on excessive deviation
- Prevents liquidations or trades when the deviation between the two oracles exceeds the configured threshold
- Can set a guardian if necessary to pause the validation check. Guardian can be immutable or not.
Benefits
- Can be used as the oracle for any Morpho V1 or V2 market
- Provides additional security layer for high-value markets
- Deviation threshold can be tuned based on market characteristics