Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Palmy Finance>Discussion>Oracle risks
GeneralOverview
Findings
High (5)
Medium (3)
Low (1)
Informational (2)
DiscussionTest suiteOracle risksUnused codeTypos
Threat ModelWhat are threat models?FeeDistributor.solLeverager.solVoter.solVotingEscrow.sol
Audit ResultsSummary

Oracle risks

The oracle mechanism is essential to Palmy Finance for evaluating the value of assets, and the correctness of the provided price information is critical for the safety of the protocol. Unlike Aave, which utilizes Chainlink oracle, Palmy Finance utilizes the oracle provided by Chainsight. It is worth mentioning the security implications of this change.

Chainlink oracle aggregates answers from multiple independent oracle operators. Because of this aggregating mechanism, an attacker has to compromise a number of oracle operators in order to manipulate the aggregated answer from the oracle.

On the other hand, Chainsight oracle receives an answer from the given address and provides the answer as is. In this case, an attacker has to compromise the single address of the oracle operator in order to manipulate the aggregated answer from the oracle.

It is recommended for users to consider the security practice of the oracle provider for assessing the risk of the protocol.

Zellic © 2025Back to top ↑