defirisk.co
rubric v1.7.0

Permissionless-pool lending oracle

Frax Finance's assessment for RD-F-181 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Fraxlend uses a FraxlendWhitelist contract that gates which oracle contracts can be used when creating new lending pairs. Only governance-whitelisted oracle addresses may be used at pair creation. This prevents permissionless-pool oracles from being accepted — any user who wants to create a Fraxlend pair must use a pre-approved oracle from the whitelist. The whitelist mechanism satisfies the venue-acceptance governance gate required by F181. Confidence: high based on Code4rena 2022 audit confirming the whitelist check at construction.

Sources #

  • Docs
    Fraxlend OverviewFraxlend Overview — pair creation requires whitelisted oracle addressesretrieved 2026-05-17
  • Audit
    Code4rena Fraxlend 2022 Audit ReportCode4rena 2022-08-frax — 'constructor interacts with the FraxlendWhitelist to ensure the configured oracles and rate contracts have been whitelisted'retrieved 2026-05-17

Methodology #

Determine whether the lending protocol accepts spot prices from a DEX where any user can permissionlessly create new pools, without requiring a TWAP window, liquidity floor, or token-age minimum on the venue side.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol frax factor RD-F-181 score green collected_at 2026-05-16 20:44:31