Breakage analysis per dependency

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-052 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Breakage analysis: (1) Chainlink feed goes stale AND updateExchangeRate not called before borrow → Kashi borrow uses stale cached rate → insolvency / bad-debt (demonstrated Nov 2022, ~$120K loss). (2) Stargate/LayerZero halts → SushiXSwap cross-chain routing fails; users cannot complete cross-chain swaps; funds in transit may be temporarily frozen. No documented fallback routing path. (3) AMM core: no material external dep to break. Impact is bounded by Kashi near-deprecation and the isolation of SushiXSwap routing from core AMM solvency.

Sources #

URL
L2Beat: Stargate v2 bridge projectL2Beat Stargate v2 — Stargate architecture and risk surfaceretrieved 2026-05-17
URL
BlockSec: Kashi KashiPairMediumRiskV1 logic bugBlockSec Kashi exploit — demonstrates consequence of oracle dep failureretrieved 2026-05-17

Methodology #

Produce a short per-dependency text describing which protocol functions halt or degrade and impact severity if each declared dependency fails.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-052 score yellow collected_at 2026-05-16 19:50:37