Oracle price deviation >X% from secondary

Venus Protocol's assessment for RD-F-099 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Threshold: primary/secondary oracle deviation >1% sustained 4 blocks. During March 2026 THE attack: Resilient Oracle BoundValidator reverted for approximately 37 minutes (Binance feed at ~$4 vs actual $0.26-$0.51, >700% deviation). BlockSec analysis: 'no monitoring system escalated this anomaly.' This is a documented real-world instance where RD-F-099 WOULD have fired at first block if wired. Current posture (2026-04-28): Chainlink feeds operative (ETH/USD 60s heartbeat, USDT/USD 900s heartbeat, BTC/USD 30s heartbeat). No active oracle deviation detected. Scored yellow: signal is applicable and would have caught March 2026 attack; documented infrastructure gap (monitoring not wired for this deviation class).

Sources #

URL
Chainlink BTC/USD BSC feed — 30s heartbeat (from data cache)https://bscscan.com/address/0x14Aed7178df8d33755b1c4b8f3CC3e0EAa2B203Bretrieved 2026-04-28
URL
Venus Thena (THE) Incident: What Broke and What Was Missed — BlockSechttps://blocksec.com/blog/venus-thena-donation-attackretrieved 2026-04-28

Methodology #

Detect whether the primary oracle's reported price deviates >X% from the best available secondary source (another feed or venue).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol venus factor RD-F-099 score yellow collected_at 2026-04-28 18:30:49