Introduction
Ojo Network is an on-chain data-provision platform focused on price-oracle services for emerging DeFi primitives. Their Smart Oracle architecture (the subject of this review) targets derivative assets such as Pendle PT and Spectra PT tokens, supplying lending markets with manipulation-resistant prices by combining multiple feeds and selecting the safer, lower value.
Why Did They Need an Audit?
Before integrating the new Ojo PT Feed contract into partner lending protocols, Ojo wanted an external review to be sure the up-gradable clone was free of critical flaws that could corrupt prices or allow hostile re-configuration, risking user funds and partner liquidity.
Scope of the Engagement
What Was Audited: One Solidity file, src/OjoPTFeed.sol
(≈ 58 nSLOC). The contract:
- Stores two underlying Chainlink-style feeds (
FEED_1
,FEED_2
); - Exposes
latestRoundData
andgetRoundData
that always return the lower of the two prices.
Audit Timeline: 14 March 2025 (single-day deep dive) – 0.2 person-weeks.
Key Objectives:
- Identify vulnerabilities that could alter or withhold price data.
- Confirm the two-feed decision mechanism is functionally correct.
- Benchmark gas usage and upgradeability patterns against best practice.
- Verify compliance with Chainlink AggregatorV3 interface expectations.
Audit Date: 2025-03-14
Language: Solidity
Type: Code Audit