Single-pool oracle (no medianization)

Save (formerly Solend)'s assessment for RD-F-056 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Main pool and team-curated isolated pools: medianized/aggregated — Pyth aggregates from multiple institutional providers; Switchboard aggregates from multiple configured sources. Not single-pool. Permissionless pools: structurally vulnerable — creator-supplied Switchboard feeds may use a single DEX venue (confirmed by 2022 USDH exploit using Saber pool as sole source). Score yellow: main pool architecture is sound (multi-source); permissionless pool tier has confirmed single-source vulnerability.

Sources #

Docs
Save Finance — Switchboard V2 Guidedocs.save.finance/permissionless-pools/switchboard-v2-guide — creators can configure from single CEX or single DEX venueretrieved 2026-05-17
URL
2022 Solana Hacks Explained: Solend — single-pool oracleAckee Blockchain 2022 Solend hack — Switchboard oracle for USDH drawn solely from Saber pool (single venue, no medianization)retrieved 2026-05-17

Methodology #

Determine whether the oracle reads from a single DEX venue with no medianization across multiple pools or venues.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-056 score yellow collected_at 2026-05-17 15:20:15