★ Immutable oracle address
Sanctum's assessment for RD-F-180 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
CRITICAL-CANDIDATE FACTOR (T-12 PD-017) — NOT_APPLICABLE for Sanctum. Sanctum embeds no external oracle address in any of its programs. The pricing source is the SPL Stake Pool program state — the canonical Solana system program, not a third-party oracle with a specific address that could be 'immutable.' There is no Chainlink feed address, Pyth price account address, or DEX pool address hardcoded in Sanctum's programs. The USR/USD0++ exploit class (immutable oracle address, no admin-replaceable wrapper) is structurally inapplicable to Sanctum's architecture. F180 ★ evaluated as not_applicable for sanctum. No T-14 escalation needed.
Sources #
- Docs00-profile.md §7 + 00-profile.meta.json + 00-data-cache.jsonProfile §7 explicit: 'None in the traditional (Chainlink/Pyth) sense'; oracle_types: [] in meta.json; data cache: oracle_feeds: [], oracle: nullretrieved 2026-05-04
- Introducing InfinitySanctum blog: pricing mechanism reads SOL values from on-chain stake account states; no external oracle addressretrieved 2026-05-04
- Sanctum S program repositoryigneous-labs/S README: SOL Value Calculator Programs read stake pool state directly; no external oracle address referencedretrieved 2026-05-04
Methodology #
Determine whether any collateral oracle address is marked `immutable` in protocol config with no admin-replaceable adapter wrapper, preventing the protocol from repricing when the upstream asset depegs.
See the full factor methodology and distribution across all protocols →