Chainlink aggregator min/max bound misconfig

A oracle & external dependencies factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor checks whether the Chainlink price feed configuration for any asset uses `minAnswer` and `maxAnswer` bounds that are incorrectly set — either too wide (failing to catch extreme outliers) or too narrow (triggering false circuit-breaker activations for legitimate price moves). Chainlink feed configuration and on-chain reads of the aggregator contract are the data sources.

**Why it matters** Chainlink v2 aggregators include hardcoded min/max answer bounds. If an asset crashes below the `minAnswer` floor (as happened with several assets during the March 2020 and Terra 2022 market events), the aggregator continues to return the floor value rather than the actual price — creating a known-incorrect price that lending protocols accept. The ETH/USD feed's historical `minAnswer` of $1 (later updated) is the canonical example: a protocol that trusted the Chainlink-returned price without checking against its own circuit breaker would have priced ETH at $1 during any hypothetical sub-$1 crash. The T-01 evidence base links Chainlink min/max misconfig to approximately three protocols in the hack database.

**Green / Yellow / Red** Green is scored when min/max bounds are calibrated to realistic asset-class ranges and the protocol additionally implements its own circuit breaker independent of the Chainlink bounds. Yellow is scored when bounds appear reasonable but the protocol relies solely on Chainlink bounds without a secondary check. Red is scored when bounds are clearly misconfigured — e.g., `minAnswer = 1` for a volatile asset — or when bounds have not been reviewed since protocol deployment.

**Common gray cases** Gray is applied when the protocol uses a Chainlink feed via a third-party adapter whose bound configuration cannot be read from public on-chain sources.

**Notable historical examples** No cross-hacked incidents are currently linked in the database for this factor.

Measurement what to look for #

Determine whether the Chainlink aggregator's `minAnswer` and `maxAnswer` circuit-breaker bounds are misconfigured (too wide or too narrow) for the asset class.

Data & output #

Data source

Chainlink feed registry + `AggregatorV3Interface` `minAnswer()`/`maxAnswer()` via RPC; compare to asset historical price range

Output format

Green / Yellow / Red

Evidence artifact

Feed address + minAnswer + maxAnswer + asset historical range for comparison

Confidence signal

green = bounds are within ±50% of asset's realistic range; yellow = bounds wider than historical 2× swing (insufficient protection); red = bounds at Chainlink default (1/type(int192).max — effectively unlimited) for volatile asset; gray = protocol does not use Chainlink or feed does not expose these bounds

Scored protocols 80 carry this factor #

Protocol RD-F-060

Aave v3 ethereum yellow Across Protocol ethereum not_applicable Aerodrome Finance base not_applicable Axelar Network ethereum green Babylon Protocol bitcoin not_applicable Balancer (v2 + v3) ethereum yellow Beefy Finance ethereum yellow BENQI avalanche gray BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum yellow Centrifuge ethereum gray Chainlink CCIP ethereum green Circle USYC binance not_applicable Compound V3 (Comet) ethereum yellow Concrete ethereum green Convex Finance ethereum not_applicable crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum not_applicable deBridge ethereum not_applicable Dolomite ethereum yellow dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum green Ethena ethereum yellow ether.fi ethereum gray Euler V2 ethereum yellow Falcon Finance ethereum gray Fluid ethereum yellow Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum yellow Hyperlane ethereum gray Hyperliquid arbitrum gray Jito solana not_applicable Jupiter solana gray Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron gray Kamino Lend solana gray Kinetiq hyperliquid not_applicable Lido ethereum not_applicable Liquid Collective (LsETH) ethereum not_applicable Liquity V1 + V2 (LUSD / BOLD) ethereum yellow Lista DAO bsc yellow Lombard Finance ethereum yellow M^0 ethereum not_applicable Maple Finance ethereum yellow Marinade Finance solana not_applicable Meteora solana not_applicable mETH Protocol ethereum not_applicable Midas ethereum yellow Morpho V1 (Morpho Blue + MetaMorpho) ethereum yellow Multipli ethereum yellow Ondo Finance ethereum yellow OpenEden ethereum not_applicable Orca solana not_applicable PancakeSwap bsc yellow Pendle Finance ethereum gray Polymarket polygon green QuickSwap polygon green Raydium solana green Rocket Pool ethereum not_applicable Sanctum solana not_applicable Save (formerly Solend) solana not_applicable Sky Lending (formerly MakerDAO) ethereum gray Spark Protocol ethereum yellow Spiko stellar not_applicable Stake DAO ethereum yellow StakeWise v3 ethereum not_applicable Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid not_applicable SUNSwap (sun.io) tron not_applicable Superstate ethereum yellow Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum not_applicable Synapse Protocol ethereum not_applicable Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron gray Usual (USD0 / bUSD0 / USUAL) ethereum yellow Veda (BoringVault) ethereum gray Venus Protocol bsc yellow Wormhole ethereum gray Yearn Finance ethereum gray

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.

rubric_version v1.7.0 factor RD-F-060 category 3 carried 80 critical no