Oracle Failure & Manipulation Testing

[UlyanaAndrukhiv]

Closes: #149

Note: this PR should be merged after

• Multiple Collateral Types & Cross-Asset Operations Testing #165

Description

Adds comprehensive test coverage for oracle failure modes, extreme price scenarios, and DEX/oracle price deviation circuit breaker to ensure the protocol maintains security when price data is compromised, unavailable, or manipulated.

Tests added (fork_oracle_edge_cases_test.cdc)

Price Feed Failures

• test_oracle_nil_price — oracle returns nil for FLOW; any operation requiring pricing (health check) must revert due to force-unwrap panic

Invalid Price Data

• test_oracle_zero_price — oracle price set to 0.0; position creation fails with PriceOracle must return a price greater than 0.0 if available postcondition
• test_oracle_near_zero_price_extreme_health — FLOW price set to $0.00000001; health drops to near-zero (0.000000016), position becomes liquidatable
• test_oracle_very_large_price_no_overflow — WETH price set to UFix64.max; verifies no overflow in UFix128 math, health returns CEILING_HEALTH, available balance unchanged

DEX/Oracle Price Deviation & Circuit Breaker

• test_dex_oracle_deviation_boundary_exact_threshold — boundary tests for dexOraclePriceDeviationInRange helper at exactly 300 bps, 301 bps, both directions, and equal prices
• test_dex_oracle_deviation_blocks_liquidation — DEX price deviates 16.7% from oracle; liquidation blocked with DEX/oracle price deviation too large
• test_dex_oracle_within_threshold_liquidation_succeeds — DEX price within 3% of oracle; liquidation proceeds normally
• test_governance_tightens_dex_deviation_threshold — governance tightens threshold from 300 bps to 100 bps; previously allowed 2.19% deviation now blocked

Extreme Price Scenarios

• test_flash_crash_triggers_liquidation — FLOW drops 50% ($1.00 → $0.50) in single block; health drops from 1.33 to 0.67, position becomes liquidatable, full liquidation flow executed and verified
• test_flash_pump_increase_doubles_health — FLOW doubles ($1.00 → $2.00); health jumps from 1.6 to 3.2, user borrows at inflated price, price corrects back demonstrating pump-and-dump risk

[jordanschalm]

I didn't notice this test making use of any deployed Mainnet state. If so, we can just make this a standard Cadence test.

[Kay-Zee]

i think it uses the mainnet tokens, like MOET. I'm kinda okay with keeping this forked, as ideally, we'd ALSO add oracle failure cases with the band oracle, rather than just the mock oracle.

[Kay-Zee]

Generally looks good.

Only comments for me are that we should also try to do some of these tests with the existing on chain oracles, like the band or pyth oracle.

That shouldn't block this PR, since i think testing with the mock is still useful, but would love to just show that the real oracles would also behave in the same way. (even though the assumption is that they will, due to the interface behaviour)

[Kay-Zee]

i think it uses the mainnet tokens, like MOET. I'm kinda okay with keeping this forked, as ideally, we'd ALSO add oracle failure cases with the band oracle, rather than just the mock oracle.