Implement configurable per-market oracle deviation bound to reject anomalous Reflector prices

[greatest0fallt1me]

Description

To resist oracle manipulation, markets should be able to reject a Reflector price that deviates beyond a configured percentage from a recent reference (TWAP or prior reading) before it is used in fetch_oracle_result. This adds a deviation guard on top of the existing staleness/confidence checks in the oracle resolution path.

Requirements and Context

• Add a max_deviation_bps field to the per-market/global oracle validation config in contracts/predictify-hybrid/src/oracles.rs/config.rs.
• In OracleResolutionManager::fetch_oracle_result, compare the fetched price against a reference and reject out-of-bound readings with a typed Error.
• Integrate with the existing set_oracle_val_cfg_global/set_oracle_val_cfg_event entrypoints.
• Must be secure, tested, and documented
• Should be efficient and easy to review

Suggested Execution

1. Fork the repo and create a branch

   git checkout -b feature/oracle-deviation-bound

2. Implement changes
   • contracts/predictify-hybrid/src/resolution.rs, contracts/predictify-hybrid/src/oracles.rs, contracts/predictify-hybrid/src/config.rs
3. Test and commit
   • cargo test -p predictify-hybrid -- oracle
   • Cover edge cases: spike beyond bound, exactly-at-bound reading, no reference yet
   • Include test output and notes in the PR

Example commit message

feat: add oracle price deviation bound to resolution path

Acceptance Criteria

• Deviation bound is configurable globally and per market
• Out-of-bound prices are rejected with a typed error
• First-reading (no reference) behavior is defined and tested

Guidelines

• Minimum 95% coverage on touched code, validate oracle manipulation resistance
• Clear documentation and inline comments
• Timeframe: 96 hours

[Vvictor-commits]

@Vvictor-commits has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

please assign this issue to me

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Vvictor-commits to this issue.

[drips-wave]

Congratulations, @Vvictor-commits! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @Vvictor-commits: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊