Term Finance

July 9, 2025

Announcement

Update: tETH Remediation Complete — Oracle Safety Now Enforced via ChainCD

On April 26, 2025, Term experienced an incident caused by a silent decimal mismatch during a tETH price feed update. This led to unintended liquidations, affecting 18 users. At the time, we committed to three things:

1. Fully reimburse impacted users
2. Provide transparent, ongoing updates
3. Harden the infrastructure to ensure this never happens again

As of July 7, 2025, we’ve fulfilled that commitment.
‍

Remediation Now Complete

- All affected users fully reimbursed
- Final loss (164.5 ETH) absorbed by Term
- No lender losses or systemic market risk
- Core oracle pipeline now protected by enforced validation at every layer
‍

ChainCD Oracle Verification — Decimal Safety by Design

The root cause — a silent decimal error — is now structurally blocked through ChainCD: our secure oracle deployment and verification system. All price feeds now pass through two gated stages — each with automated enforcement and third-party signoff.
‍

Phase 1: Pre-Deployment (Blocking CI/CD)

Before any price feed hits mainnet, ChainCD runs a full suite of automated tests:

Decimal Safety Check:
- Oracle price is compared to reference data from CoinMarketCap (preferred) or 1inch (fallback)
- Any deviation outside threshold (e.g. from misconfigured decimals) fails the deployment

Token Address Validation:
- Cross-checked for consistency between config, symbol, and third-party listings

Feed Freshness:
- Timestamps validated against expected update frequencies

Dry-run Simulation:
- All changes simulated before approval

GitHub Review Requirement:
- Multi-party signoff required before deployment proceeds

If any check fails, deployment is blocked by default.
‍

Phase 2: Post-Deployment (Pre-Oracle Inclusion)

After deployment — but before the feed is added to the live oracle — a second round of checks is triggered:
- Same validation suite re-run against live contract output
- Collateralization safety confirmed
- Decimal and token checks enforced again

Only after automated checks pass, a third-party reviewer (external to Term) manually signs off. No oracle update can go live without this human validation layer.

Oracle Deployment Process

  flowchart TD
      Start([Start]) --> Phase1{{"🔒 PHASE 1: PRE-DEPLOYMENT VALIDATION"}}

      Phase1 --> DecimalCheck{{"⚙️ Decimal Safety Check
Compare to CoinMarketCap/1inch"}}
      DecimalCheck -->|Price diff > threshold
DECIMAL MISMATCH| Block1[❌ BLOCK DEPLOYMENT]
      DecimalCheck -->|Pass| TokenValidation{{"⚙️ Token Address Validation
• Internal consistency
• Symbol match
• CoinMarketCap lookup"}}

      TokenValidation -->|Any validation fails| Block2[❌ BLOCK DEPLOYMENT]
      TokenValidation -->|Pass| TimestampCheck{{"⚙️ Timestamp Freshness Check
Confirm recent feed updates"}}

      TimestampCheck -->|Stale data| Block3[❌ BLOCK DEPLOYMENT]
      TimestampCheck -->|Pass| SimulationTest{{"⚙️ Simulation Test
Dry-run contract logic"}}

      SimulationTest -->|Mismatch detected| Block4[❌ BLOCK DEPLOYMENT]
      SimulationTest -->|Pass| GitHubApproval{{"👥 Independent GitHub Approval
Multi-party code review"}}

      GitHubApproval -->|Rejected| Block5[❌ BLOCK DEPLOYMENT]
      GitHubApproval -->|Approved| DeployStaging[🚀 Deploy Oracle Feed to Staging]

      DeployStaging --> Phase2{{"🔍 PHASE 2: POST-DEPLOYMENT
PRE-ORACLE INCLUSION"}}

      Phase2 --> RevalidateAll{{"⚙️ Re-run All Validation Checks
Using live deployed data
• Decimal check
• Token validation
• Timestamp freshness"}}

      RevalidateAll -->|Any check fails| Halt1[⛔ HALT PROCESS]
      RevalidateAll -->|Pass| CollateralCheck{{"⚙️ Collateralization Safety Check
Ensure no unintended liquidations"}}

      CollateralCheck -->|Safety risk detected| Halt2[⛔ HALT PROCESS]
      CollateralCheck -->|Pass| GenerateReport[📊 Generate Automated Report]

      GenerateReport --> ExternalReview{{"👤 External Reviewer Approval
Third-party manual review"}}

      ExternalReview -->|Rejected| Escalate[🚨 HALT & ESCALATE]
      ExternalReview -->|Approved| GoLive[✅ Add Feed to Oracle Registry
GO LIVE]

      Block1 --> End([End])
      Block2 --> End
      Block3 --> End
      Block4 --> End
      Block5 --> End
      Halt1 --> End
      Halt2 --> End
      Escalate --> End
      GoLive --> End([End])

      %% Styling
      classDef automated fill:#e1f5fe,stroke:#0277bd,stroke-width:2px
      classDef human fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px
      classDef deployment fill:#e8f5e8,stroke:#388e3c,stroke-width:2px
      classDef blocking fill:#ffebee,stroke:#d32f2f,stroke-width:2px
      classDef phase fill:#fff3e0,stroke:#f57c00,stroke-width:3px

      class DecimalCheck,TokenValidation,TimestampCheck,SimulationTest,RevalidateAll,CollateralCheck,GenerateReport automated
      class GitHubApproval,ExternalReview human
      class DeployStaging,GoLive deployment
      class Block1,Block2,Block3,Block4,Block5,Halt1,Halt2,Escalate blocking
      class Phase1,Phase2 phase

_Source:_{https://claude.ai/public/artifacts/2b5ce33c-2d82-424f-bd57-a55891cda4b5}‍

Looking Forward

This closes the loop on the tETH incident — not just in words, but in process.

We’ve rebuilt the pipeline that failed. Decimal safety is now programmatically enforced. Third-party review is required. And every price feed is verified before it can affect user capital.

Thank you to our users and partners who held us to a high bar. Term is now operating on a stronger foundation.
‍

— The Term Team

‍