Circuit breaker on price deviation
OpenEden's assessment for RD-F-057 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No vault-level circuit breaker on price deviation. The TBillPriceOracle itself has a 15% per-update deviation gate (comparing new price to closeNavPrice), but the vault has no independent circuit breaker checking the oracle price against any external reference. A corrupt price within ±15% of the prior NAV would be accepted unconditionally by the vault. Hacken Nov-2024 finding F-2024-7422 (oracle validation gap) was marked Fixed but the fix is input validation within the oracle, not an independent external cross-check or vault-level circuit breaker. No maxDeviationBps or priceGuard pattern found in vault source.
Sources #
- AuditHacken Nov-2024 OpenEden V4Impl AuditHacken Nov-2024 audit finding F-2024-7422 Possible Invalid Convert Rate from Lack of Oracle Validation — severity Medium, marked Fixed; fix is oracle-side input validation only, not vault-level circuit breakerretrieved 2026-05-16
- OpenEden Vault V4/V5 Implementation — EtherscanOpenEdenVaultV4Impl.sol ABI: no circuit breaker function exposed; TBillPriceOutdated is the only oracle-related error (staleness only)retrieved 2026-05-16
Methodology #
Determine whether the protocol halts or reverts if the oracle-reported price deviates by more than X% from a reference within Y blocks.
See the full factor methodology and distribution across all protocols →