defirisk.co
rubric v1.7.0

Fallback behavior on oracle failure

OpenEden's assessment for RD-F-051 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No fallback oracle. Vault implementation has a single oracle call (tbillUsdPriceFeed.latestRoundData()). On oracle failure or staleness >7 days, the vault reverts with TBillPriceOutdated error — behavior is halt (revert), not secondary-source fallback. No try/catch, no secondary oracle, no last-known-price fallback found in vault source. Single issuer-push model with revert-on-failure means any operator outage freezes vault operations after the staleness window.

Sources #

  • Audit
    Hacken Nov-2024 OpenEden V4Impl AuditHacken Nov-2024 audit (V4Impl scope); finding F-2024-7422 Possible Invalid Convert Rate from Lack of Oracle Validation — fixed, but fix limited to input validation, not addition of fallback oracleretrieved 2026-05-16
  • Etherscan
    OpenEden Vault V4/V5 Implementation — EtherscanOpenEdenVaultV4Impl.sol tbillUsdcRate() revert TBillPriceOutdated(updatedAt) on staleness; single oracle call path confirmed; no fallback branch in ABIretrieved 2026-05-16

Methodology #

Identify the declared fallback behavior (pause, secondary source, last-known-price, revert) when the primary oracle reverts or reports a stale value.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol openeden factor RD-F-051 score red collected_at 2026-05-16 10:11:45