defirisk.co
rubric v1.7.0

Chainlink aggregator min/max bound misconfig

Uniswap (v2 + v3)'s assessment for RD-F-060 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No Chainlink feeds consumed by V2 or V3 core or periphery. 19 Chainlink feeds in data cache confirmed false positives — not called by any V2 or V3 contract. Zero IChainlinkAggregator or AggregatorV3Interface imports in UniswapV2Pair.sol, UniswapV2Router02.sol, UniswapV3Pool.sol, or SwapRouter.sol.

Detail #

Data cache oracle_feeds array: 19 Chainlink feeds for ETH/USD, BTC/USD, USDT/USD, USDC/USD, LINK/USD, COMP/USD, AVAX/USD, UNI/USD. None called by V2 or V3. Source inspection of core contracts confirms zero Chainlink interface imports. Profile meta.json: data_cache_oracle_feeds_likely_false_positives: true.

Sources #

  • Curator note
    Profile meta.json — data_cache_oracle_feeds_likely_false_positives flagProfile meta.json flag: data_cache_oracle_feeds_likely_false_positives: true. Pipeline associates feeds by asset ticker match, not by on-chain call relationship.retrieved 2026-05-12
  • GitHub
    UniswapV3Pool.sol — no Chainlink importUniswapV3Pool.sol, SwapRouter.sol: zero IChainlinkAggregator or AggregatorV3Interface imports confirmed by source inspection.retrieved 2026-05-12

Methodology #

Determine whether the Chainlink aggregator's `minAnswer` and `maxAnswer` circuit-breaker bounds are misconfigured (too wide or too narrow) for the asset class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-060 score not_applicable collected_at 2026-05-12 10:36:11