★ Immutable oracle address

Aave v3's assessment for RD-F-180 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

AaveOracle.setAssetSources(address[] calldata assets, address[] calldata sources) is callable by POOL_ADMIN or ASSET_LISTING_ADMIN. These roles are controlled by Aave Governance with 1-day or 7-day timelock. Oracle price source addresses are NOT EVM immutable — they are stored in a governance-replaceable mapping. The March 2026 wstETH CAPO oracle update and the April 2026 rsETH response both confirmed governance can update oracle adapter configurations. AaveOracle contract is owned by governance. Factor definition (oracle source address not replaceable without full binary upgrade) is definitively not triggered.

Sources #

Docs
AaveOracle documentation — setAssetSources functionAaveOracle setAssetSources() — callable by POOL_ADMIN or ASSET_LISTING_ADMINretrieved 2026-04-27
URL
Direct to AIP: wstETH borrow cap restoration — confirms oracle governance-replaceabilityCAPO wstETH oracle configuration updated via governance post-March 2026 incidentretrieved 2026-04-27

Methodology #

Determine whether any collateral oracle address is marked `immutable` in protocol config with no admin-replaceable adapter wrapper, preventing the protocol from repricing when the upstream asset depegs.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-180 score green collected_at 2026-04-27 23:28:46