TWAP window duration

Pendle Finance's assessment for RD-F-054 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

TWAP duration is a uint32 parameter passed by callers — not enforced by the oracle contract. Pendle docs recommend 900-1800 seconds minimum. duration=0 reads instantaneous rate (manipulable). getOracleState() validates cardinality adequacy for requested duration. Aave governance discussions cite 1-day (86400s) TWAP for lending use cases. Yellow because recommended durations are in acceptable range (900-1800s meets the 30-min taxonomy threshold) but enforcement is caller-responsibility only — misconfigured integrators face manipulation risk.

Sources #

URL
ARFC Pendle Principal Token Risk OracleAave governance ARFC Pendle PT oracleretrieved 2026-04-29
GitHub
PendlePYLpOracle.solPendlePYLpOracle getOracleState validationretrieved 2026-04-29
Docs
https://docs.pendle.finance/Developers/Oracles/HowToIntegratePtAndLpOracleretrieved 2026-05-06

Methodology #

For each DEX-TWAP oracle, measure the TWAP window duration in minutes; flag any window < 30 minutes as high risk.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-054 score yellow collected_at 2026-04-28 21:09:40