★ Immutable oracle address

Lido's assessment for RD-F-180 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL CANDIDATE — PD-017] Oracle address is stored in upgradeable LidoLocator (0xC1d0b3DE6792Bf6b4b37EccdcC24e45978Cfd2Eb) governed by Lido DAO via EmergencyProtectedTimelock (3-day minimum delay). Not hardcoded immutable. Replacement path exists but requires ~5-10 day governance cycle.

Detail #

LidoLocator is a proxy governed by Lido DAO. All oracle addresses (AccountingOracle, ValidatorsExitBusOracle) are stored via the Locator and can be updated by DAO governance. Not marked immutable in stETH contract. However, replacement requires full DAO vote + EmergencyProtectedTimelock (3-day delay + voting period). This is NOT a one-tx replacement. Flagging per PD-017 for T-14 post-launch promotion review.

Sources #

Docs
https://docs.lido.fi/deployed-contracts/retrieved 2026-04-28
Etherscan
https://etherscan.io/address/0xCE0425301C85c5Ea2A0873A2dEe44d78E02D2316retrieved 2026-04-28
Etherscan
https://etherscan.io/address/0xC1d0b3DE6792Bf6b4b37EccdcC24e45978Cfd2Ebretrieved 2026-04-28

Methodology #

Determine whether any collateral oracle address is marked `immutable` in protocol config with no admin-replaceable adapter wrapper, preventing the protocol from repricing when the upstream asset depegs.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lido factor RD-F-180 score yellow collected_at 2026-04-28 13:58:42