★ Immutable oracle address

Across Protocol's assessment for RD-F-180 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CANDIDATE — held per PD-017] YELLOW-CANDIDATE: HubPool stores Finder as immutable FinderInterface finder. OO address IS resolved at runtime via finder.getImplementationAddress(OracleInterfaces.SkinnyOptimisticOracle), so address IS replaceable. However: Finder owner is UMA Deployer EOA (0x2baaa41d155ad8a4126184950b31f50a1513ce25) — a standard EOA (not multisig) with NO timelock on implementation changes. Across protocol has no control over Finder. If Finder EOA key compromised, oracle can be swapped instantly with no governance delay.

Sources #

Etherscan
https://etherscan.io/address/0x40f941E48A552bF496B154Af6bf55725f18D77c3retrieved 2026-04-28
GitHub
https://github.com/across-protocol/contractsretrieved 2026-04-28
Etherscan
https://etherscan.io/address/0x2baaa41d155ad8a4126184950b31f50a1513ce25retrieved 2026-04-28

Methodology #

Determine whether any collateral oracle address is marked `immutable` in protocol config with no admin-replaceable adapter wrapper, preventing the protocol from repricing when the upstream asset depegs.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol across-protocol factor RD-F-180 score yellow collected_at 2026-04-30 21:19:18