From 7e9cb58866c3140fa417c2a7d2b46e619d9769d2 Mon Sep 17 00:00:00 2001
From: Chris and Dimitar <132391251+CDSecurity@users.noreply.github.com>
Date: Thu, 7 Sep 2023 16:07:43 +0300
Subject: [PATCH 1/2] Update 0x303-I3-Oracle.md

Added 7 security considerations related to Chainlink Oracle as well as a link to the article which explains these problems more in depth.
---
 2.0/0x300-Integrations/0x303-I3-Oracle.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/2.0/0x300-Integrations/0x303-I3-Oracle.md b/2.0/0x300-Integrations/0x303-I3-Oracle.md
index 98f45c3..f34c434 100644
--- a/2.0/0x300-Integrations/0x303-I3-Oracle.md
+++ b/2.0/0x300-Integrations/0x303-I3-Oracle.md
@@ -21,6 +21,13 @@ Category “I3” lists requirements related to the Oracle smart contract as one
 | **I3.4** | Verify that, when using Uniswap V3 TWAP as price oracle, liquidity is high enough and is distributed widely across most of the price range. |
 | **I3.5** | Verify that, the use a decentralized off-chain oracles unsusceptible to on-chain price manipulation attacks (e.g. Chainlink) is considered for low liquidity asset, ideally combining it with on-chain oracles to detect malicious values. |
 | **I3.6** | Verify that the value you are using has had enough time to be reported as invalid and has not been. |
+| **I3.7** | Verify that there is a check for stale prices when using Chainlink Oracle |
+| **I3.8** | Verify that there is a check for down l2 sequencer when using Chainlink Oracle  |
+| **I3.9** | Verify that NOT the same heartbeat is used for multiple price feeds when using Chainlink Oracle |
+| **I3.10** | Verify that the code deals with different price feeds having different decimal precision when using Chainlink Oracle  |
+| **I3.11** | Verify that the price feed address wherever it is located(hardcoded, deployment script) is pointing to the correct oracle price feed |
+| **I3.12** | Verify that the code handles calls to the oracle if they potentially revert when using Chainlink Oracle |
+| **I3.13** | Verify that the code handles the situation when oracle returns incorrect price during flash crashes when using Chainlink Oracle |
 
 ## References
 
@@ -32,3 +39,4 @@ For more information, see also:
 * [So you want to use a price oracle](https://samczsun.com/so-you-want-to-use-a-price-oracle/)
 * [Pricing LP tokens | Warp Finance hack](https://cmichel.io/pricing-lp-tokens/)
 * [Uniswap V3 tick price manipulation](https://medium.com/@hacxyk/we-rescued-4m-from-rari-capital-but-was-it-worth-it-39366d4d1812)
+* [Chainlink Oracle Considerations](https://medium.com/cyfrin/chainlink-oracle-defi-attacks-93b6cb6541bf)

From 4ebcdf5e3b875f0019687a54f1d1b648c51f7501 Mon Sep 17 00:00:00 2001
From: Chris and Dimitar <132391251+CDSecurity@users.noreply.github.com>
Date: Fri, 8 Sep 2023 17:02:15 +0300
Subject: [PATCH 2/2] Update 2.0/0x300-Integrations/0x303-I3-Oracle.md

Co-authored-by: Damian Rusinek <damian.rusinek@gmail.com>
---
 2.0/0x300-Integrations/0x303-I3-Oracle.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/2.0/0x300-Integrations/0x303-I3-Oracle.md b/2.0/0x300-Integrations/0x303-I3-Oracle.md
index f34c434..c33f5ba 100644
--- a/2.0/0x300-Integrations/0x303-I3-Oracle.md
+++ b/2.0/0x300-Integrations/0x303-I3-Oracle.md
@@ -22,7 +22,7 @@ Category “I3” lists requirements related to the Oracle smart contract as one
 | **I3.5** | Verify that, the use a decentralized off-chain oracles unsusceptible to on-chain price manipulation attacks (e.g. Chainlink) is considered for low liquidity asset, ideally combining it with on-chain oracles to detect malicious values. |
 | **I3.6** | Verify that the value you are using has had enough time to be reported as invalid and has not been. |
 | **I3.7** | Verify that there is a check for stale prices when using Chainlink Oracle |
-| **I3.8** | Verify that there is a check for down l2 sequencer when using Chainlink Oracle  |
+| **I3.8** | Verify that there is a check for down L2 sequencer when using Chainlink Oracle.  |
 | **I3.9** | Verify that NOT the same heartbeat is used for multiple price feeds when using Chainlink Oracle |
 | **I3.10** | Verify that the code deals with different price feeds having different decimal precision when using Chainlink Oracle  |
 | **I3.11** | Verify that the price feed address wherever it is located(hardcoded, deployment script) is pointing to the correct oracle price feed |