Fallback behavior on oracle failure
Rocket Pool's assessment for RD-F-051 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
If oDAO fails to reach consensus on submitBalances, the rETH:ETH rate does not update — it silently remains at the last-submitted value. RocketTokenRETH.getEthValue() calls RocketNetworkBalances without any staleness check. No automatic fallback to secondary oracle. No circuit-breaker that pauses the contract if the rate is too old. Same pattern for RPL/ETH price (last-known-price used if oDAO fails). Fallback behavior = last-known-price (stale risk) = yellow per taxonomy.
Sources #
- GitHubRocketTokenRETH.sol sourceRocketTokenRETH.sol getEthValue(): calls rocketNetworkBalances.getTotalETHBalance() with no staleness check; no fallback logicretrieved 2026-05-04
- RocketNetworkBalances.sol sourceRocketNetworkBalances.sol: submission gated on consensus but no consumer-side staleness rejectionretrieved 2026-05-04
Methodology #
Identify the declared fallback behavior (pause, secondary source, last-known-price, revert) when the primary oracle reverts or reports a stale value.
See the full factor methodology and distribution across all protocols →