defirisk.co
rubric v1.7.0

External keeper/relayer not redundant

Veda (BoringVault)'s assessment for RD-F-062 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The exchange rate updater (caller of updateExchangeRate()) is an authorized single party (requiresAuth). If unavailable, the rate goes stale: minimumUpdateDelayInSeconds fires on the next update attempt, and the contract pauses. This is a keeper-equivalent single point of failure. Rate updater identity (hot wallet vs multisig vs automated) not confirmed on-chain — Cat 2 gap.

Sources #

  • Internal
    Veda profile §11 specialist flags.research/protocols/veda/00-profile.md §11 — rate updater identity flagged as open questionretrieved 2026-05-17
  • GitHub
    AccountantWithRateProviders.sol sourceAccountantWithRateProviders.sol — updateExchangeRate requires requiresAuth; single authorized updater patternretrieved 2026-05-17

Methodology #

Determine whether the protocol depends on a single keeper or relayer (Gelato, Chainlink Automation, custom) with no redundancy or failover.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-062 score yellow collected_at 2026-05-17 12:41:22