defirisk.co
rubric v1.7.0

Oracle providers used

A oracle & external dependencies factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor enumerates the oracle providers used by the protocol — such as Chainlink, Pyth, Redstone, Uniswap TWAP, or in-house custom feeds — listing each provider per asset or market. Data is collected via on-chain reads and protocol documentation. This field serves as the dependency map foundation for the rest of the oracle category.

**Why it matters** Oracle provider diversity determines how concentrated a protocol's price-feed risk is. A protocol relying on a single provider for all assets has correlated failure modes: if that provider experiences downtime, data manipulation, or a governance incident, all markets are simultaneously affected. The synthesis dataset documents multiple exploits where thin-liquidity or single-source oracles were the root cause; knowing which providers are in use is the first step in assessing that risk. Protocols that mix aggregated off-chain feeds (Chainlink) with on-chain DEX-derived feeds introduce additional composability surface that must be mapped before downstream factors can be assessed.

**Green / Yellow / Red** Green is scored when the protocol uses one or more reputable aggregated providers (Chainlink, Pyth, Redstone) with documented source diversification per asset. Yellow is scored when the provider list is partially documented, includes at least one in-house or DEX-derived feed, or has material gaps between documented and observed on-chain feed calls. Red is scored when no reputable aggregated provider is in use and the oracle source is entirely in-house or spot-DEX derived.

**Common gray cases** Gray is applied when on-chain feed calls cannot be attributed to a specific provider (e.g., unverified aggregator contract or proxy with obfuscated source) or when the protocol has not yet listed any assets requiring external pricing.

**Notable historical examples** No cross-hacked incidents are currently linked in the database for this factor.

Measurement what to look for #

List all oracle providers used (Chainlink, Pyth, Redstone, Uniswap-TWAP, in-house, etc.) per asset/market pair in the protocol.

Data & output #

Data source
Protocol docs + Etherscan-verified source search for feed address imports + on-chain feed address registry reads
Output format
Green / Yellow / Red
Evidence artifact
JSON map of asset → oracle-provider-slug + feed contract addresses
Confidence signal
green = all assets use established push-oracle providers (Chainlink/Pyth/Redstone) with documented SLAs; yellow = mix of established and DEX-TWAP; red = any asset uses spot DEX price without TWAP; gray = oracle architecture not determinable from source

Scored protocols 80 carry this factor #

Protocol RD-F-048
Aave v3 ethereum green Across Protocol ethereum green Aerodrome Finance base green Axelar Network ethereum green Babylon Protocol bitcoin green Balancer (v2 + v3) ethereum green Beefy Finance ethereum green BENQI avalanche green BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum yellow Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum yellow Chainlink CCIP ethereum green Circle USYC binance yellow Compound V3 (Comet) ethereum green Concrete ethereum green Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum green deBridge ethereum green Dolomite ethereum green dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum green Ethena ethereum green ether.fi ethereum green Euler V2 ethereum green Falcon Finance ethereum green Fluid ethereum green Frax Finance ethereum green GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum green Hyperliquid arbitrum green Jito solana green Jupiter solana green Jupiter Perpetual Exchange solana green JustLend DAO tron green Kamino Lend solana green Kinetiq hyperliquid green Lido ethereum green Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum green Maple Finance ethereum green Marinade Finance solana green Meteora solana green mETH Protocol ethereum green Midas ethereum green Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum yellow Ondo Finance ethereum yellow OpenEden ethereum green Orca solana green PancakeSwap bsc green Pendle Finance ethereum green Polymarket polygon yellow QuickSwap polygon green Raydium solana green Rocket Pool ethereum yellow Sanctum solana green Save (formerly Solend) solana green Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar green Stake DAO ethereum green StakeWise v3 ethereum green Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid green SUNSwap (sun.io) tron green Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum not_applicable Synapse Protocol ethereum green Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron green Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum green Venus Protocol bsc green Wormhole ethereum gray Yearn Finance ethereum green
0 red · 7 yellow · 69 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-048 category 3 carried 80 critical no