Check timestamp sanity of individual beacons in beacon set update
aquarat opened this issue · comments
Refer to Slack thread here.
Currently, the DapiServer contract uses averaging to determine the output timestamp across a set of input beacon values when updating a beacon set. The problem with this approach is that a malicious Airnode could misreport the timestamp of their data, (eg. they could double the timestamp value). This would greatly increase the average timestamp value across the beaconset, causing the isValidTimestamp
check to reject the value and the entire beacon set failing to update.
An interim solution is to do a check within Airseeker to confirm that the timestamp values are sane. A longer-term solution is to make the DapIServer using median instead of averaging for calculating the output timestamp.
@aquarat I guess this issue is no longer relevant https://api3workspace.slack.com/archives/C037NLX1R8T/p1676541600224609?thread_ts=1675433240.760419&cid=C037NLX1R8T
Closed by #358