Fallback behavior on oracle failure

Compound V3 (Comet)'s assessment for RD-F-051 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No fallback oracle. Zero price triggers BadPrice() revert; stale positive price silently accepted. Governance replacement: 5–7 days minimum due to immutable oracle addresses requiring new implementation deploy.

Detail #

Comet.sol getPrice(): 'if (price <= 0) revert BadPrice()' is the only check. No secondary oracle, no pause-on-stale, no fallback path. Oracle replacement requires full governance cycle (proposal + 3-day vote + 2-day timelock + factory deployment). DeFiScan confirms no fallback mechanism.

Sources #

URL
DeFiScan — no fallback oracle mechanismDeFiScan Compound V3 oracle sectionretrieved 2026-04-27
GitHub
Comet.sol — oracle call with BadPrice() checkComet.sol getPrice() functionretrieved 2026-04-27

Methodology #

Identify the declared fallback behavior (pause, secondary source, last-known-price, revert) when the primary oracle reverts or reports a stale value.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol compound-v3 factor RD-F-051 score red collected_at 2026-04-28 00:20:50