defirisk.co
rubric v1.7.0

Oracle staleness check present

A oracle & external dependencies factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor checks whether the protocol implements an oracle staleness check — specifically whether it validates that the oracle's `updatedAt` timestamp is more recent than `now - maxAge` before accepting the reported price. Source inspection of the oracle integration layer is the assessment method.

**Why it matters** Without a staleness check, a protocol will continue to use a price that was last updated hours or days ago as if it were current — a failure mode that becomes critical during network congestion, oracle outages, or periods of extreme market volatility when keepers fail to update feeds. Chainlink feeds have experienced significant delays during high gas-price events; a protocol operating on a stale price during a rapid market move can process borrows against collateral that is actually worth far less than the stale price indicates, creating bad debt. This is a particularly common implementation gap in DeFi: many protocols call `latestRoundData()` but never check the returned `updatedAt` timestamp, leaving them silently operating on stale data.

**Green / Yellow / Red** Green is scored when the protocol checks `updatedAt > block.timestamp - maxAge` for all oracle reads, and the maxAge is documented and appropriate for the asset class. Yellow is scored when a staleness check exists but maxAge is excessively long (over 24 hours for non-stablecoin assets) or is not documented. Red is scored when no staleness check is present and the protocol accepts any price regardless of when it was last updated.

**Common gray cases** Gray is applied when the oracle uses a push-based feed where timestamp validation is handled by the feed contract rather than the consuming protocol and the mechanism cannot be confirmed from inspection alone.

**Notable historical examples** No cross-hacked incidents are currently linked in the database for this factor.

Measurement what to look for #

Determine whether the protocol rejects oracle reads older than a declared maximum age (i.e., checks `updatedAt > block.timestamp - maxStaleness`).

Data & output #

Data source
Source inspection for `updatedAt` comparison or `latestRoundData` staleness check on Etherscan-verified source
Output format
Green / Yellow / Red
Evidence artifact
Source excerpt of staleness check + maxStaleness value in seconds
Confidence signal
green = staleness check present with maxStaleness ≤3600s for volatile assets; yellow = staleness check present but threshold >3600s; red = no staleness check; gray = source unverified

Scored protocols 80 carry this factor #

Protocol RD-F-059
Aave v3 ethereum yellow Across Protocol ethereum yellow Aerodrome Finance base not_applicable Axelar Network ethereum green Babylon Protocol bitcoin not_applicable Balancer (v2 + v3) ethereum yellow Beefy Finance ethereum red BENQI avalanche red BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum red Chainlink CCIP ethereum yellow Circle USYC binance red Compound V3 (Comet) ethereum yellow Concrete ethereum green Convex Finance ethereum not_applicable crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum yellow deBridge ethereum not_applicable Dolomite ethereum red dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum yellow Ethena ethereum yellow ether.fi ethereum yellow Euler V2 ethereum yellow Falcon Finance ethereum red Fluid ethereum red Frax Finance ethereum yellow GMX v2 (GMX Synthetics) arbitrum yellow Hyperlane ethereum yellow Hyperliquid arbitrum yellow Jito solana green Jupiter solana green Jupiter Perpetual Exchange solana yellow JustLend DAO tron yellow Kamino Lend solana green Kinetiq hyperliquid yellow Lido ethereum yellow Liquid Collective (LsETH) ethereum yellow Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc yellow Lombard Finance ethereum yellow M^0 ethereum not_applicable Maple Finance ethereum green Marinade Finance solana not_applicable Meteora solana not_applicable mETH Protocol ethereum yellow Midas ethereum yellow Morpho V1 (Morpho Blue + MetaMorpho) ethereum yellow Multipli ethereum red Ondo Finance ethereum yellow OpenEden ethereum yellow Orca solana not_applicable PancakeSwap bsc yellow Pendle Finance ethereum yellow Polymarket polygon not_applicable QuickSwap polygon green Raydium solana green Rocket Pool ethereum red Sanctum solana yellow Save (formerly Solend) solana green Sky Lending (formerly MakerDAO) ethereum yellow Spark Protocol ethereum yellow Spiko stellar green Stake DAO ethereum green StakeWise v3 ethereum red Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid yellow SUNSwap (sun.io) tron not_applicable Superstate ethereum yellow Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum red Symbiotic ethereum not_applicable Synapse Protocol ethereum not_applicable Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron gray Usual (USD0 / bUSD0 / USUAL) ethereum red Veda (BoringVault) ethereum yellow Venus Protocol bsc yellow Wormhole ethereum gray Yearn Finance ethereum yellow
12 red · 36 yellow · 15 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-059 category 3 carried 80 critical no