Oracle-manipulation-proof borrow cap
Compound V3 (Comet)'s assessment for RD-F-073 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Chainlink feeds (not DEX TWAPs) mitigate classic oracle-manipulation borrow-cap attack. Supply caps = 0 (uncapped) in cUSDCv3 configuration — governance must set caps explicitly. AVAX/USD feed has widest deviation (2%) and longest heartbeat (86400s). April 2026 rsETH event shows uncapped collateral risk materializing via bridge exploit.
Detail #
Compound V3 uses Chainlink aggregator feeds (not DEX TWAPs), so the classic flash-loan oracle-manipulation borrow-cap attack is less applicable. However: (1) cUSDCv3 configuration.json shows supplyCap: 0 for all collateral assets at deployment — governance must set caps separately via Configurator; (2) AVAX/USD Chainlink feed has the widest deviation threshold (2%) and longest heartbeat (86400s) in the oracle set, creating the largest potential stale-price window; (3) the April 2026 rsETH event is evidence that uncapped collateral risk can materialize via bridge exploit (rsETH not oracle-manipulated, but effectively worthless — the economic outcome is equivalent). Yellow: Chainlink mitigates DEX-TWAP manipulation risk but uncapped supply and slow AVAX feed are structural concerns.
Sources #
- Partner feedChainlink AVAX/USD feed parametersData cache oracle_feeds: AVAX/USD 0xFF3EEb22B5E3dE6e705b44749C2559d704923FD7, heartbeat 86400s, deviation 2%retrieved 2026-04-27
- cUSDCv3 collateral supply capsdeployments/mainnet/usdc/configuration.json — supplyCap: 0 for WETH, WBTC, COMP, UNI, LINKretrieved 2026-04-27
- DeFiScan Compound V3 assessmentDeFiScan: system relies on Chainlink price feeds without fallback mechanisms or price validation beyond zero-checksretrieved 2026-04-27
Methodology #
Determine whether the per-asset borrow cap is ≤ (oracle pool depth × manipulation-resistance multiplier).
See the full factor methodology and distribution across all protocols →