Permissionless-pool lending oracle

Pendle Finance's assessment for RD-F-181 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Pendle does not accept spot prices from permissionlessly-created DEX pools. The TWAP oracle reads from Pendle's own AMM markets, created via the Market Factory (whitelisted creation requiring SY wrapper deployment). Not a permissionless pool-creation venue. The Rhea Finance class of attack (permissionless pool creation → fake token → oracle acceptance) does not apply to Pendle's architecture.

Sources #

Internal
Pendle Finance Protocol ProfilePendle profile §3 — factory architectureretrieved 2026-04-29
Etherscan
Pendle Market Factory V3Market Factory V3 (Ethereum) 0x1A6fCc85557BC4fB7B534ed835a03EF056552D52retrieved 2026-04-29

Methodology #

Determine whether the lending protocol accepts spot prices from a DEX where any user can permissionlessly create new pools, without requiring a TWAP window, liquidity floor, or token-age minimum on the venue side.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-181 score green collected_at 2026-04-28 21:09:40