defirisk.co
rubric v1.7.0

Chainlink aggregator min/max bound misconfig

Frax Finance's assessment for RD-F-060 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cannot assess without on-chain read of minAnswer/maxAnswer for each Chainlink aggregator feed used by Fraxlend. Data-cache oracle_feeds identifies the Chainlink addresses but does not capture min/max bound configuration. The dual-oracle design provides partial protection (attacker must manipulate both feeds simultaneously), but bound misconfiguration remains possible on individual feeds. Requires on-chain call to each aggregator's minAnswer()/maxAnswer() functions.

Sources #

  • Internal
    Frax data-cache oracle_feedsC:\Users\abdul\OneDrive\Desktop\Memory\Memory\RiskProduct\risk-dashboard\.research\protocols\frax\00-data-cache.json §sources.oracle_feeds — Chainlink addresses identified but bounds not capturedretrieved 2026-05-17

Methodology #

Determine whether the Chainlink aggregator's `minAnswer` and `maxAnswer` circuit-breaker bounds are misconfigured (too wide or too narrow) for the asset class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol frax factor RD-F-060 score gray collected_at 2026-05-16 20:44:31