Chainlink aggregator min/max bound misconfig

Midas's assessment for RD-F-060 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Sherlock judging 2024-05 issue #110 confirmed absence of minAnswer/maxAnswer circuit-breaker validation in DataFeed.sol (Chainlink IB01/USD wrapper). If the IB01/USD feed hits its Chainlink-configured min/max bounds, DataFeed.sol returns the artificial bound value as the market price. The fix was Sponsor Confirmed but deployed status is unknown without bytecode comparison. MTBillCustomAggregatorFeed initializes with minAnswer/maxAnswer params but their specific deployed values are unknown.

Sources #

GitHub
Sherlock Judging 2024-05 Issue #110 — Chainlink min/maxsherlock-audit/2024-05-midas-judging issue #110: Missing Chainlink minAnswer/maxAnswer validation in DataFeed.sol; Sponsor Confirmedretrieved 2026-05-16

Methodology #

Determine whether the Chainlink aggregator's `minAnswer` and `maxAnswer` circuit-breaker bounds are misconfigured (too wide or too narrow) for the asset class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-060 score yellow collected_at 2026-05-16 09:34:55