★ Immutable oracle address

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-180 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL — PD-017 CANDIDATE — flag for orchestrator T-14 tracking] Kashi oracle address is set once at init() (clone initialization) encoding (IERC20 collateral, IERC20 asset, IOracle oracle, bytes oracleData). After initialization, no setOracle(), changeOracle(), or equivalent admin function exists on KashiPairMediumRiskV1 — the oracle is functionally immutable per pair. In the event of Chainlink feed deprecation or compromise, no admin action can replace the oracle on a live Kashi pair; migration to a new pair is required. This matches the F180 set-once immutability pattern (EVM-equivalent: oracle set once at init without admin-replaceable wrapper). AMM core: N/A (no oracle). Scored yellow (not red): Kashi is effectively deprecated with near-zero active TVL; Chainlink feeds used are among the most reliable in DeFi; new pairs can be deployed if needed; blast radius is minimal given current state.

Sources #

URL
Sushi forum: Kashi permissionless oracles — init encoding with oracle addressSushi Medium: Kashi permissionless oracle framework — init() encoding pattern confirmed; oracle fixed at pair creationretrieved 2026-05-17
Etherscan
KashiPairMediumRiskV1 Etherscan — ABI shows oracle() view, no setterKashiPairMediumRiskV1 0xbe9081e742d9e24aa0584a4f77382062f033752f — oracle() view function present; no setOracle function in ABI confirms set-once patternretrieved 2026-05-17

Methodology #

Determine whether any collateral oracle address is marked `immutable` in protocol config with no admin-replaceable adapter wrapper, preventing the protocol from repricing when the upstream asset depegs.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-180 score yellow collected_at 2026-05-16 19:50:37