Dimension 3: Oracle Integrity
Oracle architecture, manipulation resistance, staleness protection, fallback mechanisms, and feed redundancy.
What We Measure
We evaluate the entire oracle architecture: how price data enters the protocol, how it is validated, what happens when feeds fail, and how resistant the system is to manipulation. This covers feed diversity and aggregation methods, manipulation resistance (cost-of-attack analysis), staleness detection and circuit breakers, fallback chains when primary feeds fail, TWAP vs. spot price usage and their tradeoffs, internal vs. external oracle dependency, and the blast radius when an oracle feed is compromised. Protocols that are oracle sources (like AMMs) score differently from oracle consumers (like lending protocols).
What Raises This Score
Zero external oracle dependency (protocol is the price source, not consumer)
Multi-feed aggregation with outlier rejection
Time-delayed price updates (OSM pattern) that prevent atomic manipulation
Circuit breakers that halt operations on abnormal price movements
Fallback chains with graceful degradation on feed failure
TWAP usage for manipulation-resistant pricing in critical paths
Bounded rate-of-change limits on oracle updates
What Lowers This Score
Single oracle provider dependency with no fallback
Spot price usage in liquidation or collateral calculations
No staleness checks — stale prices accepted indefinitely
Centralized oracle controlled by a single entity without verification
Missing circuit breakers on extreme price movements
Oracle updates that can be front-run for profit extraction
No sanity bounds on oracle-reported values
Why This Weight
At 13%, Oracle Integrity matches Economic Soundness because oracle manipulation is the primary vector for economic exploits. A compromised oracle can drain a lending protocol in a single block. The weight reflects that oracle failures are both common and catastrophic, but slightly less frequent than pure access control breaches.