defirisk.co
rubric v1.7.0

Chainlink aggregator min/max bound misconfig

Concrete's assessment for RD-F-060 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Concrete does not consume Chainlink aggregators. No minAnswer/maxAnswer misconfiguration risk in Concrete's own contracts. The 19 Chainlink feeds in data cache are consumed by external strategy protocols (Aave, Compound) — their aggregator configurations are a concern for those protocols' own risk assessments, not Concrete's.

Sources #

  • GitHub
    ConcreteStandardVaultImpl.sol — no Chainlinksrc/implementation/ConcreteStandardVaultImpl.sol — no Chainlink aggregator importretrieved 2026-05-17
  • Internal
    Concrete data cache — oracle field null00-data-cache.json §sources.defillama.oracle: null — pipeline confirmed no direct oracle consumptionretrieved 2026-05-17

Methodology #

Determine whether the Chainlink aggregator's `minAnswer` and `maxAnswer` circuit-breaker bounds are misconfigured (too wide or too narrow) for the asset class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol concrete factor RD-F-060 score green collected_at 2026-05-17 14:36:59