Chainlink aggregator min/max bound misconfig

Fluid's assessment for RD-F-060 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Chainlink aggregators have configurable minAnswer/maxAnswer circuit breakers built into the aggregator contracts (this is Chainlink's standard). The ChainlinkOracleImpl does NOT read minAnswer/maxAnswer from the aggregator — it only reads the answer (second return from latestRoundData). If a Chainlink feed returns a price at its minAnswer floor during a crash event (e.g., ETH/USD floor during a severe crash), Fluid would use that floored price as valid without detecting it is at the circuit breaker limit. This is the well-known 'ETH/USD floor-bug class' vulnerability. However: (1) Chainlink has been moving away from minAnswer/maxAnswer bounds on major feeds, and (2) the StateMind audit noted this as accepted risk. Yellow because the risk exists but most major Chainlink feeds for ETH/USD, BTC/USD have broad or no effective bounds.

Sources #

GitHub
ChainlinkOracleImpl — no bounds checkInstadapp/fluid-contracts-public/contracts/oracle/implementations/chainlinkOracleImpl.sol — no minAnswer/maxAnswer checkretrieved 2026-04-29
Audit
StateMind Audit — Oracle Accepted RiskStateMind Fluid Audit — oracle checks accepted riskretrieved 2026-04-29

Methodology #

Determine whether the Chainlink aggregator's `minAnswer` and `maxAnswer` circuit-breaker bounds are misconfigured (too wide or too narrow) for the asset class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol fluid factor RD-F-060 score yellow collected_at 2026-04-29 10:35:01