Breakage analysis per dependency

JustLend DAO's assessment for RD-F-052 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Breakage analysis: (1) Chainlink relay fails or poster halts: stale prices accepted indefinitely, enabling under-collateralized borrows — all $3.586B TVL at oracle-correctness risk. (2) Poster key compromised: attacker posts arbitrary prices for any market, enabling fake collateral borrows — catastrophic loss potential. (3) Governance-forced oracle swap via malicious _setPriceOracle() proposal: entire oracle stack replaced — full TVL at risk with 48h timelock window. (4) USDD stablecoin depeg: USDD market mispriced during oracle lag, triggering liquidation cascade on USDD borrowers. The single-poster architecture is the highest-severity single point of failure.

Sources #

GitHub
JustLend SimplePriceOracle.sol raw sourceSimplePriceOracle.sol and PriceOracleProxy.sol show no staleness enforcement and single poster architecture; Comptroller.sol _setPriceOracle() allows governance-level oracle replacementretrieved 2026-05-17
Docs
Price Oracle - JustLend DAO DocumentationPrice oracle docs describing poster role as single price submission authorityretrieved 2026-05-17

Methodology #

Produce a short per-dependency text describing which protocol functions halt or degrade and impact severity if each declared dependency fails.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol justlend factor RD-F-052 score yellow collected_at 2026-05-17 10:25:32