★ Immutable oracle address

Pendle Finance's assessment for RD-F-180 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ F180 CANDIDATE — tracked per T-12 PD-017; DO NOT count in 19-★ rubric total; flag for orchestrator T-14 tracking] PY-YT-LP Oracle (0x5542be50420E88dd7D5B4a3D488FA6ED82F6DAc2) is a TransparentUpgradeableProxy — the core oracle IS admin-replaceable via ProxyAdmin (0xA28c08f165116587D4F3E708743B4dEe155c5E64). HOWEVER: individual SY wrapper contracts per market have their rate-getter logic baked in bytecode; changing the rate source for a specific market requires deploying a new SY wrapper and migrating the market. This is partial-F180: main oracle contract is replaceable (proxy), but per-market SY oracle sources are functionally immutable without market redeploy. YELLOW not RED because blast radius is per-market bounded (not all Pendle TVL), PT value is bounded by maturity redemption, and new markets can be created with corrected SY wrappers.

Sources #

Etherscan
PY-YT-LP Oracle — TransparentUpgradeableProxyPY-YT-LP Oracle proxy 0x5542be50420E88dd7D5B4a3D488FA6ED82F6DAc2retrieved 2026-04-29
GitHub
Pendle Ethereum Deployment JSONPendle deployment JSON — ProxyAdmin addressretrieved 2026-04-29

Methodology #

Determine whether any collateral oracle address is marked `immutable` in protocol config with no admin-replaceable adapter wrapper, preventing the protocol from repricing when the upstream asset depegs.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-180 score yellow collected_at 2026-04-28 21:09:40