★ Immutable oracle address
JustLend DAO's assessment for RD-F-180 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
[★ CRITICAL-CANDIDATE per PD-017 — track for T-14 post-launch promotion. Current score YELLOW.] The Comptroller stores the oracle address as a mutable state variable that can be replaced by the admin via _setPriceOracle(). The admin path is GovernorBravo (TEqiF5JbhDPD77yjEfnEMncGRZNDt2uogD) + Timelock (TRWNvb15NmfNKNLhQpxefFz7cNjrYjEw7x, 48h delay) — governance-replaceable. However, PriceOracleProxy.sol stores v1PriceOracle as an immutable constructor parameter (no setter): changing the underlying Chainlink relay requires deploying a new PriceOracleProxy and then calling _setPriceOracle() on the Comptroller. Two-step replaceable — not immutable, but not a single-tx swap either. Score = yellow (replaceable via governance redeployment; 48h timelock delays but does not prevent emergency response).
Sources #
- GitHubJustLend Comptroller.sol raw sourceComptroller.sol _setPriceOracle() function: admin-only, assigns to mutable oracle state variable — oracle address IS replaceable by Comptroller adminretrieved 2026-05-17
- JustLend PriceOracleProxy.sol on GitHubPriceOracleProxy.sol constructor: v1PriceOracle_ parameter assigned to immutable v1PriceOracle storage var with no setter — replacing Chainlink relay requires new proxy deploymentretrieved 2026-05-17
- Deployed Contracts - JustLend DAO DocumentationGovernorBravo + Timelock governance path for admin actions including _setPriceOracleretrieved 2026-05-17
Methodology #
Determine whether any collateral oracle address is marked `immutable` in protocol config with no admin-replaceable adapter wrapper, preventing the protocol from repricing when the upstream asset depegs.
See the full factor methodology and distribution across all protocols →