Chainlink aggregator min/max bound misconfig

JustLend DAO's assessment for RD-F-060 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Chainlink publishes minAnswer/maxAnswer bounds on aggregator contracts. However, JustLend's pushed-price oracle architecture bypasses the Chainlink aggregator min/max guard at the contract layer — prices are submitted directly to SimplePriceOracle mapping by the poster, not read directly from Chainlink's AggregatorV3Interface. Whether the poster's off-chain logic enforces min/max bounds is unknown. Tronscan API returned empty for both oracle contract addresses; Tronscan HTML returned 403. Cannot verify TRON-deployed Chainlink aggregator min/max configuration.

Sources #

Etherscan
PriceOracleProxy on TronscanTronscan API attempt for PriceOracleProxy TCKp2AzuhzV4B4Ahx1ej4mvQgHZ1kH7F7k — returned empty dataretrieved 2026-05-17
GitHub
JustLend SimplePriceOracle.sol raw sourceSimplePriceOracle.sol: setPrice() accepts any uint value with no min/max bounds checkretrieved 2026-05-17

Methodology #

Determine whether the Chainlink aggregator's `minAnswer` and `maxAnswer` circuit-breaker bounds are misconfigured (too wide or too narrow) for the asset class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol justlend factor RD-F-060 score gray collected_at 2026-05-17 10:25:32