Fallback behavior on oracle failure

Kinetiq's assessment for RD-F-051 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No fallback oracle exists for any component. DefaultOracle has no secondary data source — if Operator stops submitting, stale metrics persist indefinitely. OracleManager's MAX_ORACLE_STALENESS filter skips stale adapter data but provides no substitute source. StakingAccountant exchange rate has no independent staleness guard or fallback. Protocol does not automatically pause on oracle silence; manual PauserRegistry activation required (SENTINEL_ROLE). DefaultOracle source confirms: 'No fallback exists. The contract provides getValidatorMetrics() returns stored data or zeros if a validator hasn't been updated. If the operator fails to update metrics within the MIN_UPDATE_INTERVAL, stale data remains accessible indefinitely with no alternative data source or circuit breaker.'

Sources #

Etherscan
DefaultOracle/OracleAdapter — HyperEVMScanDefaultOracle/OracleAdapter 0xefbcCc6E33DA1C1ef638cBc0F044968D0f590fED — no fallback mechanism in source; stale data persists if operator haltsretrieved 2026-05-17
GitHub
Kinetiq OracleManager.sol — Code4rena audit repoOracleManager.sol: OracleDataStale event emitted on stale detection but no substitute source triggered; no auto-pause on full adapter stalenessretrieved 2026-05-17

Methodology #

Identify the declared fallback behavior (pause, secondary source, last-known-price, revert) when the primary oracle reverts or reports a stale value.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol kinetiq factor RD-F-051 score red collected_at 2026-05-17 15:29:57