Chainlink aggregator min/max bound misconfig

Cap (cUSD / stcUSD)'s assessment for RD-F-060 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cannot confirm minAnswer/maxAnswer configuration without on-chain RPC reads of each Chainlink aggregator. Major feeds (ETH/USD, BTC/USD) are well-established and historically have minAnswer set to avoid zero but not at exploitable floors. AVAX/USD 86400s heartbeat + 2% deviation is the widest threshold combination and warrants specific min/maxAnswer verification. No audit findings on min/maxAnswer misconfiguration found in Zellic, Trail of Bits, Spearbit, or Sherlock audit summaries.

Sources #

Etherscan
Chainlink AVAX/USD feedChainlink AVAX/USD feed 0xFF3EEb22B5E3dE6e705b44749C2559d704923FD7 — minAnswer/maxAnswer not confirmed without on-chain readretrieved 2026-05-17
Internal
00-data-cache.json AVAX feed parametersData cache oracle_feeds: AVAX/USD heartbeat 86400s deviation 2% — widest combination needing verificationretrieved 2026-05-17

Methodology #

Determine whether the Chainlink aggregator's `minAnswer` and `maxAnswer` circuit-breaker bounds are misconfigured (too wide or too narrow) for the asset class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol cap factor RD-F-060 score yellow collected_at 2026-05-17 10:56:24