defirisk.co
rubric v1.7.0

Single-pool oracle (no medianization)

A oracle & external dependencies factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor checks whether the oracle reads price from a single DEX venue without aggregating (medianising) across multiple independent pools or venues. A protocol is flagged if price is derived exclusively from one pool, regardless of whether that pool uses spot or TWAP. Source inspection is the primary assessment method.

**Why it matters** Single-pool oracles create a concentrated attack surface: an adversary need only manipulate one venue to corrupt the protocol's price feed. Medianisation across multiple independent pools raises the cost of attack proportionally — the attacker must move prices on all venues simultaneously to shift the median. The T-01 evidence base links single-pool oracles (no medianisation) to approximately 10 exploited protocols. The Cheese Bank hack ($3.3M) exploited a WETH balance ratio directly from a single Uniswap LP. Inverse Finance, Elephant Money, and Polter Finance all used single-source feeds that were individually movable within a single block or across a small number of blocks.

**Green / Yellow / Red** Green is scored when price is aggregated or medianised across three or more independent venues, or when an aggregated off-chain feed (Chainlink, Pyth) is used as the sole source. Yellow is scored when price is derived from two venues without medianisation, or from one venue with a circuit breaker. Red is scored when a single pool is the sole price source with no medianisation and no circuit breaker.

**Common gray cases** Gray is applied when the protocol uses a custom aggregator whose source diversification cannot be confirmed through available source inspection.

**Notable historical examples** - **Inverse Finance** ($15.6M, 2022): INV/WETH single-pool TWAP oracle. - **Elephant Money** ($22.2M, 2022): Single PancakeSwap pool for ELEPHANT price. - **Polter Finance** ($8.7M, 2024): Single SpookySwap pool for BOO collateral. - **Deus DAO** ($6.5M, 2023): sAMM used as single spot oracle source.

Measurement what to look for #

Determine whether the oracle reads from a single DEX venue with no medianization across multiple pools or venues.

Data & output #

Data source
Source inspection of price computation logic on Etherscan-verified source
Output format
Green / Yellow / Red
Evidence artifact
Source excerpt of price read logic + pool address(es)
Confidence signal
green = price medianized across ≥2 independent venues; yellow = single pool but cross-validated with Chainlink; red = single DEX pool with no cross-validation; gray = source unverified

Scored protocols 80 carry this factor #

Protocol RD-F-056
Aave v3 ethereum green Across Protocol ethereum not_applicable Aerodrome Finance base not_applicable Axelar Network ethereum green Babylon Protocol bitcoin not_applicable Balancer (v2 + v3) ethereum not_applicable Beefy Finance ethereum red BENQI avalanche green BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum not_applicable Centrifuge ethereum red Chainlink CCIP ethereum not_applicable Circle USYC binance not_applicable Compound V3 (Comet) ethereum yellow Concrete ethereum green Convex Finance ethereum not_applicable crvUSD (Curve Stablecoin) ethereum yellow Curve Finance ethereum yellow deBridge ethereum not_applicable Dolomite ethereum yellow dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum not_assessed Ethena ethereum green ether.fi ethereum yellow Euler V2 ethereum yellow Falcon Finance ethereum not_applicable Fluid ethereum yellow Frax Finance ethereum not_applicable GMX v2 (GMX Synthetics) arbitrum not_applicable Hyperlane ethereum green Hyperliquid arbitrum yellow Jito solana not_applicable Jupiter solana not_applicable Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron not_applicable Kamino Lend solana yellow Kinetiq hyperliquid yellow Lido ethereum not_applicable Liquid Collective (LsETH) ethereum not_applicable Liquity V1 + V2 (LUSD / BOLD) ethereum not_applicable Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum not_applicable Maple Finance ethereum not_applicable Marinade Finance solana not_applicable Meteora solana not_applicable mETH Protocol ethereum not_applicable Midas ethereum not_applicable Morpho V1 (Morpho Blue + MetaMorpho) ethereum not_applicable Multipli ethereum green Ondo Finance ethereum green OpenEden ethereum not_applicable Orca solana not_applicable PancakeSwap bsc green Pendle Finance ethereum yellow Polymarket polygon not_applicable QuickSwap polygon green Raydium solana green Rocket Pool ethereum not_applicable Sanctum solana not_applicable Save (formerly Solend) solana yellow Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar not_applicable Stake DAO ethereum green StakeWise v3 ethereum not_applicable Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid not_applicable SUNSwap (sun.io) tron not_applicable Superstate ethereum gray Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum not_applicable Synapse Protocol ethereum not_applicable Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron green Usual (USD0 / bUSD0 / USUAL) ethereum not_applicable Veda (BoringVault) ethereum green Venus Protocol bsc green Wormhole ethereum gray Yearn Finance ethereum not_applicable
2 red · 12 yellow · 21 green

Linked hacks 8 historical incidents #

relatedMakina Finance — Permissionless share price oracle update (updateTotalAum) + flash loan Curve pool manipulation → share price inflation → LP drain2026-01-20 · $4M · Permissionless share price oracle update (updateTotalAum) + flash loan Curve pool manipulation → share price inflation → LP drain · Single-pool oracle (no medianization) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
relatedPolter Finance — Spot price oracle manipulation (SpookySwap V2/V3) → inflated BOO collateral → draining borrow2024-11-16 · $9M · Spot price oracle manipulation (SpookySwap V2/V3) → inflated BOO collateral → draining borrow · Single-pool oracle (no medianization) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
relatedDeus DAO / DEI stablecoin — Mis-ordered Parameters in burnFrom — Public Approval Override2023-05-06 · $7M · Mis-ordered Parameters in burnFrom — Public Approval Override · Single-pool oracle (no medianization) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
relatedElephant Money — Flash loan + spot price manipulation during stablecoin minting2022-04-12 · $22M · Flash loan + spot price manipulation during stablecoin minting · Single-pool oracle (no medianization) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
relatedInverse Finance — SushiSwap TWAP Oracle Manipulation — Thin Liquidity Governance Token2022-04-02 · $16M · SushiSwap TWAP Oracle Manipulation — Thin Liquidity Governance Token · Single-pool oracle (no medianization) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
relatedSpartan Protocol — Flash loan + inflated pool balance → LP burn liquidity share manipulation2021-05-01 · $31M · Flash loan + inflated pool balance → LP burn liquidity share manipulation · Single-pool oracle (no medianization) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
relatedCheese Bank — Flash loan + Uniswap LP spot oracle manipulation → inflated collateral value → drain via borrow()2020-11-06 · $3M · Flash loan + Uniswap LP spot oracle manipulation → inflated collateral value → drain via borrow() · Single-pool oracle (no medianization) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
relatedHarvest Finance — Flash loan + Curve Y-pool spot price manipulation → inflated fToken share valuation → vault drain2020-10-26 · $34M · Flash loan + Curve Y-pool spot price manipulation → inflated fToken share valuation → vault drain · Single-pool oracle (no medianization) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
rubric_version v1.7.0 factor RD-F-056 category 3 carried 80 critical no