defirisk.co
rubric v1.7.0

Permissionless-pool lending oracle

Ethena's assessment for RD-F-181 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

NOT APPLICABLE. Ethena is not a lending protocol with permissionless market listing. USDe minting accepts only governance-whitelisted collateral assets (ETH, BTC, stETH, USDT, USDC — MINTER_ROLE and COLLATERAL_MANAGER controlled). No mechanism exists by which a user could permissionlessly list a fake token and use spot price from a permissionless DEX pool as collateral. The Rhea Finance permissionless-pool attack pattern cannot be replicated in Ethena's architecture.

Sources #

  • Docs
    https://docs.ethena.fi/solution-design/key-trust-assumptionsretrieved 2026-04-28
  • GitHub
    https://github.com/code-423n4/2023-10-ethena/blob/main/contracts/EthenaMinting.solretrieved 2026-04-28

Methodology #

Determine whether the lending protocol accepts spot prices from a DEX where any user can permissionlessly create new pools, without requiring a TWAP window, liquidity floor, or token-age minimum on the venue side.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ethena factor RD-F-181 score green collected_at 2026-04-28 13:58:51