defirisk.co
rubric v1.7.0

Oracle-manipulation-proof borrow cap

Sky Lending (formerly MakerDAO)'s assessment for RD-F-073 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Sky Lending uses Chronicle OSM (Oracle Security Module) with 1-hour price delay, not a spot DEX TWAP. Debt ceilings are governance-set and conservative relative to collateral liquidity. OSM delay makes real-time oracle manipulation uneconomical.

Detail #

The OSM wraps each Chronicle feed with a 1-hour delay: published price is next-hour price, meaning an oracle manipulation attack must sustain the manipulated price for 1+ hour before it affects any Vat liquidation trigger. This is fundamentally more expensive than a single-block TWAP manipulation. Debt ceilings (Lines per ilk) are set by governance at conservative levels relative to total collateral liquidity. The borrow cap / oracle pool depth ratio check is not directly applicable because Sky uses push-oracle (Chronicle) not DEX-TWAP; the 1-hour OSM delay is the manipulation-resistance mechanism. Profile §7 confirms Chronicle as primary oracle with OSM delay.

Sources #

  • Docs
    Sky Lending 00-profile.md §7 Key external dependenciesProtocol profile §7 — Chronicle Protocol oracle with 1-hour OSM delayretrieved 2026-04-27
  • URL
    Chronicle ProtocolChronicle Protocol oracle provider — exclusive guardian in MakerDAOretrieved 2026-04-27

Methodology #

Determine whether the per-asset borrow cap is ≤ (oracle pool depth × manipulation-resistance multiplier).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sky-lending factor RD-F-073 score green collected_at 2026-04-28 00:43:18