Oracle staleness check present

Midas's assessment for RD-F-059 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Mixed — DataFeed.sol (wrapping Chainlink IB01/USD) has a staleness check (_HEALTHY_DIFF = 3 days), but Sherlock judging 2024-05 issue #110 flagged this as too long vs. actual Chainlink heartbeat (Sponsor Confirmed, Will Fix). MTBillCustomAggregatorFeed (the primary mToken NAV oracle at 0x056339C044055819E8Db84E71f5f2E1F536b2E5b) was found to have NO staleness mechanism per Sherlock 2024-08 review ('The contract lacks timestamp validation. It simply returns the updatedAt value from stored round data without checking freshness'). Hacken Dec 2023 F-2023-0288 (missing oracle refresh checks, Fixed) appears to have targeted DataFeed.sol only. Net: primary mToken NAV oracle lacks staleness check.

Sources #

Audit
Hacken Midas Vault Audit Dec 2023Hacken Dec 2023 F-2023-0288: Missing oracle refresh checks, marked Fixedretrieved 2026-05-16
GitHub
Sherlock Judging 2024-05 Issue #110 — DataFeed Stalenesssherlock-audit/2024-05-midas-judging issue #110: DataFeed.sol staleness check 3 days flagged as too long; Sponsor Confirmed Will Fixretrieved 2026-05-16

Methodology #

Determine whether the protocol rejects oracle reads older than a declared maximum age (i.e., checks `updatedAt > block.timestamp - maxStaleness`).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-059 score yellow collected_at 2026-05-16 09:34:55