defirisk.co
rubric v1.7.0

Chainlink aggregator min/max bound misconfig

Chainlink CCIP's assessment for RD-F-060 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Chainlink price feeds used by FeeQuoter are CCIP's own infrastructure feeds (e.g., LINK/USD 0x2c1d072e956AFFC0D435Cb7AC38EF18d24d9127c, 3600s heartbeat, 0.5% deviation; ETH/USD 0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419, 3600s, 0.5%). These power fee estimation only, not collateral safety. MinAnswer/maxAnswer misconfig causes fee mispricing, not fund loss. Standard well-established feeds.

Sources #

  • Internal
    Chainlink CCIP 00-data-cache.json oracle_feedsData-cache oracle_feeds array: LINK/USD 0x2c1d072e956AFFC0D435Cb7AC38EF18d24d9127c (3600s, 0.5%), ETH/USD 0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419 (3600s, 0.5%)retrieved 2026-05-16
  • URL
    Chainlink LINK/USD Price Feed RegistryChainlink data feeds registry - LINK/USD Ethereum mainnet feed standard parametersretrieved 2026-05-16

Methodology #

Determine whether the Chainlink aggregator's `minAnswer` and `maxAnswer` circuit-breaker bounds are misconfigured (too wide or too narrow) for the asset class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol chainlink-ccip factor RD-F-060 score green collected_at 2026-05-16 01:55:09