defirisk.co
rubric v1.7.0

Oracle-manipulation-proof borrow cap

Aave v3's assessment for RD-F-073 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Aave v3 uses Chainlink push-oracle feeds as the primary price source. The per-asset borrow-cap vs DEX-oracle-pool-depth manipulation framing is N/A because Chainlink is not a DEX TWAP. Borrow caps are set via governance AIP. Chainlink oracle manipulation cost is orders of magnitude higher than a DEX pool manipulation (requires compromising Chainlink nodes, not DEX pool liquidity). Green under the taxonomy's not-applicable clause for protocols not using spot DEX-TWAP oracles.

Sources #

  • URL
    Aave v3 Oracle Feed Configuration (Data Cache)Data cache oracle_feeds: ETH/USD Chainlink 1h heartbeat 0.5% deviation; USDC/USD 23h heartbeat 0.25% deviation; etc. — all Chainlink push-oracle, no DEX TWAPretrieved 2026-04-27

Methodology #

Determine whether the per-asset borrow cap is ≤ (oracle pool depth × manipulation-resistance multiplier).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-073 score green collected_at 2026-04-27 23:28:46