★ Immutable oracle address
Frax Finance's assessment for RD-F-180 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
[★ CANDIDATE — PD-017 HELD; compose.py counts as ★] Fraxlend pair oracle addresses (_oracleMultiply and _oracleDivide) are stored as immutable constructor arguments per pair deployment. No setOracle() or oracle-update admin function exists at the pair level. Confirmed by: (1) Code4rena 2022 Fraxlend audit describes _oracleMultiply/_oracleDivide as pair-deploy-time parameters; (2) Etherscan ABI for FRAX/FXS pair (0xDbe88DBAc39263c47629ebbA02b3eF4cf0752A72) shows oracleMultiply() and oracleDivide() as view functions with no corresponding setter; (3) Fraxlend factory creates new pairs with fixed oracles — existing pairs cannot update feeds. If a Chainlink feed used by an existing Fraxlend pair is deprecated, compromised, or the collateral depegs, the pair cannot be repriced — borrowers remain exposed at stale prices until liquidity migrates to a new pair. The FraxlendWhitelist controls new-pair oracle eligibility but has no effect on existing pairs. This is the exact USR/USDX/xUSD/USD0++
Sources #
- AuditCode4rena Fraxlend 2022 Audit ReportCode4rena 2022-08-frax Fraxlend contest — confirms _oracleMultiply/_oracleDivide are pair-deploy immutable; FraxlendWhitelist validates at deploy onlyretrieved 2026-05-17
- Etherscan: Fraxlend FRAX/FXS V1 PairFraxlend FRAX/FXS V1 pair 0xDbe88DBAc39263c47629ebbA02b3eF4cf0752A72 — ABI shows oracleMultiply()/oracleDivide() view functions; no setOracle setter in ABIretrieved 2026-05-17
Methodology #
Determine whether any collateral oracle address is marked `immutable` in protocol config with no admin-replaceable adapter wrapper, preventing the protocol from repricing when the upstream asset depegs.
See the full factor methodology and distribution across all protocols →