defirisk.co
rubric v1.7.0

Breakage analysis per dependency

Veda (BoringVault)'s assessment for RD-F-052 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Breakage analysis: (a) Chainlink feed stale → Accountant rate update produces stale NAV → auto-pause likely triggers, blocking vault access; (b) Aave v3 exploit → vault assets in Aave lost, vault NAV drops, withdrawal queue may not cover; (c) LayerZero outage → cross-chain bridging halted, source-chain shares unaffected; (d) Pendle/EtherFi exploit → vault position value drops; (e) rate updater key compromise → attacker can push rate within bounds to drain via redemption arbitrage. Medium finding M-4 (rate decimals) identified in sevenSeas-4 audit, no oracle manipulation finding.

Sources #

  • Audit
    0xMacro SevenSeas A-4 audit0xMacro sevenSeas-4 audit, April 2024, commit 939c77e25473dff3ed18fa104f004f7afd13452e — AccountantWithRateProviders in scope; Medium M-4 (rate decimals) identifiedretrieved 2026-05-17
  • GitHub
    AccountantWithRateProviders.sol sourceAccountantWithRateProviders.sol rate-bound and pause logicretrieved 2026-05-17

Methodology #

Produce a short per-dependency text describing which protocol functions halt or degrade and impact severity if each declared dependency fails.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-052 score yellow collected_at 2026-05-17 12:41:22