Oracle staleness check present

Beefy Finance's assessment for RD-F-059 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

BeefyOracleChainlink.sol: calls latestAnswer() only — confirmed NO updatedAt check, no staleness validation. BeefyOracleChainlinkEthBase.sol: same — latestAnswer() without updatedAt comparison. BeefyOraclePyth.sol: calls getPriceUnsafe() which explicitly skips freshness validation. This is a systemic gap across all Chainlink and Pyth adapters — stale prices can be accepted. DEX-TWAP adapters (UniV2/V3/Solidly/Algebra) are inherently time-based but have no max-staleness check on the observation data itself.

Sources #

GitHub
BeefyOracleChainlinkEthBase.sol — missing staleness checkBeefyOracleChainlinkEthBase.sol — uses IChainlink.latestAnswer() without updatedAt check; 'does not include staleness checks'retrieved 2026-05-16
GitHub
BeefyOraclePyth.sol — getPriceUnsafe() no maxAgeBeefyOraclePyth.sol — calls IPyth.getPriceUnsafe(priceId) which does not validate price freshness internallyretrieved 2026-05-16
GitHub
BeefyOracleChainlink.sol — missing staleness checkBeefyOracleChainlink.sol — 'does not include staleness checks (no updatedAt validation)'; uses IChainlink.latestAnswer() onlyretrieved 2026-05-16

Methodology #

Determine whether the protocol rejects oracle reads older than a declared maximum age (i.e., checks `updatedAt > block.timestamp - maxStaleness`).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol beefy factor RD-F-059 score red collected_at 2026-05-16 13:10:30