★ Oracle source = spot DEX pool (no TWAP)
Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-053 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
[★ CRITICAL — PER COMPONENT SCORING] AMM swap path (v2/v3): NO external price oracle — green component (price from reserves/ticks, no manipulation surface from external feed). Kashi lending: uses Chainlink production feeds via ChainlinkOracleV1 — NOT a spot DEX pool feed (does NOT meet the literal F053 red criterion of 'spot DEX pool, no TWAP, no fallback'). However, Kashi demonstrated a live oracle-logic stale-rate failure Nov 2022: borrow() used cached exchangeRate without refreshing via updateExchangeRate(), while liquidate() used the updated rate. Loss ~$120K (9,466 USDC + 110,911 MIM). No TWAP component. No fallback. Score reflects highest-risk component (Kashi lending path) per combined-slug profiler instruction. Scored yellow not red: root cause was a business-logic staleness handling bug, not feed manipulation; feeds are reputable Chainlink production aggregators; Kashi is near-deprecated with minimal active TVL.
Sources #
- URLBlockSec: Beyond the market risk — KashiPairMediumRiskV1 logic bug (Nov 2022)BlockSec Medium Nov 2022 — Kashi stale exchangeRate root cause, ~$120K loss confirmedretrieved 2026-05-17
- SushiSwap ChainlinkOracleV1 EtherscanChainlinkOracleV1 0xd766147bc5a0044a6b4f4323561b162870fcbb48 — Chainlink AggregatorV3 interface, not spot DEX poolretrieved 2026-05-17
- Sushi profile §11 specialist flags — oracle per-componentrisk-dashboard/.research/protocols/sushi/00-profile.md §11 oracle topology per-component noteretrieved 2026-05-17
Methodology #
Determine whether the primary oracle for any asset/market reads spot price from a single DEX pool without a TWAP window or secondary source.
See the full factor methodology and distribution across all protocols →