Chainlink aggregator min/max bound misconfig

Euler V2's assessment for RD-F-060 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

ChainlinkOracle reads latestRoundData() and extracts the answer, but does NOT read or validate the aggregator's minAnswer or maxAnswer circuit-breaker bounds. If the underlying Chainlink aggregator's minAnswer floor is triggered during a market crash (e.g., ETH drops below the floor), ChainlinkOracle returns the clamped minAnswer value without any error signal — allowing over-valuation of crashed collateral. This is the Venus/Compound ETH/USD floor-bug class. Scored yellow (not red) because: (a) Chainlink's minAnswer values for major assets like ETH/USD are set very conservatively (effectively $0.01 floor), limiting realistic exploitation; (b) the scenario requires an extreme market crash to a price below Chainlink's floor.

Sources #

GitHub
ChainlinkOracle — Missing minAnswer/maxAnswer CheckChainlinkOracle.sol _getQuote(): reads latestRoundData() answer without minAnswer/maxAnswer validationretrieved 2026-05-04

Methodology #

Determine whether the Chainlink aggregator's `minAnswer` and `maxAnswer` circuit-breaker bounds are misconfigured (too wide or too narrow) for the asset class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol euler-v2 factor RD-F-060 score yellow collected_at 2026-05-04 19:56:06