★ Immutable oracle address

Beefy Finance's assessment for RD-F-180 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL — graded GREEN] BeefySwapper stores oracle as IBeefyOracle public oracle (regular state variable, not immutable); configurable via setOracle(address _oracle) external onlyOwner with no timelock. BeefyOracle.sol per-token oracle assignments also configurable via setOracle(address _token, address _oracle, bytes calldata _data) external onlyOwner. No immutable keyword on any oracle address variable. Admin (dev multisig 3-of-6 per profile §6) can update oracle configurations without delay. Beefy is not a lending protocol so the depeg-immutable-oracle scenario is not the primary risk context, but the mechanism for oracle address replacement exists and functions. Counted as ★ per T-14 promotion.

Sources #

GitHub
BeefySwapper.sol — oracle address configurabilityBeefySwapper.sol — 'IBeefyOracle public oracle;' (state variable) + 'function setOracle(address _oracle) external onlyOwner' (no timelock, immediate execution)retrieved 2026-05-16
GitHub
BeefyOracle.sol — per-token oracle configurabilityBeefyOracle.sol — 'function setOracle(address _token, address _oracle, bytes calldata _data) external onlyOwner' — per-token oracle configurableretrieved 2026-05-16

Methodology #

Determine whether any collateral oracle address is marked `immutable` in protocol config with no admin-replaceable adapter wrapper, preventing the protocol from repricing when the upstream asset depegs.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol beefy factor RD-F-180 score green collected_at 2026-05-16 13:10:30