defirisk.co
rubric v1.7.0

Oracle-manipulation-proof borrow cap

Lista DAO's assessment for RD-F-073 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

First-party Lista Lending vaults use multi-oracle aggregation (Chainlink + Binance Oracle + Redstone + API3), providing meaningful manipulation resistance for established markets. CDP component uses Chainlink + HelioOracle aggregation. However, permissionless third-party market creation allows any oracle specification — a malicious market could use a thin DEX TWAP oracle with a borrow cap set near oracle pool depth. Per-asset borrow caps not enumerable without RPC. Yellow: first-party markets likely safe; permissionless market oracle risk unverifiable.

Sources #

  • URL
    DefiLlama — Lista Lending protocol pageDefiLlama lista-lending: oracle sources listed as Chainlink (Primary), Binance Oracle, RedStone, API3 (Secondary) for first-party vaultsretrieved 2026-05-12
  • Internal
    00-profile.md — §7 Key External Dependencies (oracle table)Profile §7 oracle table: 14 Chainlink feeds confirmed; documentation mentions Binance Oracle + Redstone + API3 as secondary oracles for Lista Lendingretrieved 2026-05-12

Methodology #

Determine whether the per-asset borrow cap is ≤ (oracle pool depth × manipulation-resistance multiplier).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lista-dao factor RD-F-073 score yellow collected_at 2026-05-12 17:54:05