Oracle staleness check present

Aave v3's assessment for RD-F-059 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Pool contract does not implement an inline staleness check on oracle reads. AaveOracle.getAssetPrice() calls latestAnswer() without a require(updatedAt > block.timestamp - maxStaleness) guard. Staleness protection is delegated to Chainlink heartbeat mechanism. For stablecoin feeds, heartbeats of 23-24 hours (USDC 82800s, USDT 86400s, AVAX 86400s from data cache) create a substantial window where a stale price would be accepted without Pool-level rejection.

Sources #

URL
AaveOracle Chainlink feed heartbeats00-data-cache.json oracle_feeds — USDC heartbeat_seconds: 82800, USDT heartbeat_seconds: 86400retrieved 2026-04-27
Internal
T-10 Aave v3 F059 findingT-10 §2.3.2 Cat 3 F059 yellow (no inline staleness check in Pool — AaveOracle delegates to Chainlink heartbeat only)retrieved 2026-04-27

Methodology #

Determine whether the protocol rejects oracle reads older than a declared maximum age (i.e., checks `updatedAt > block.timestamp - maxStaleness`).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-059 score yellow collected_at 2026-04-27 23:28:46