apegurus/mango-markets
skills/case-studies/mango-markets/SKILL.md
Case study of the 2022 Mango Markets exploit: oracle price manipulation draining ~$114M
development
Updated May 13, 2026
$ install --global
skillsauthnpx skillsauth add apegurus/solidity-argus mango-marketsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 13, 2026, 3:21 AM198.6s1 file scanned
SKILL.md
- name:
- mango-markets
- description:
- Detects usage of the MNGO token. Highlights the risk of using low-liquidity governance tokens as collateral.
- category:
- reference
- source_url:
- https://rekt.news/mango-markets-rekt/
- source_license:
- CC0
- imported_at:
- 2025-02-20T00:00:00Z
- - regex:
- MNGO
- severity:
- Low
<!-- Source: rekt.news (CC0) -->
<!-- Source: SunWeb3Sec/DeFiHackLabs (Reference) -->
Mango Markets (2022)
Overview
In October 2022, Mango Markets, a decentralized exchange on Solana, was exploited for approximately $114 million. The attacker used a large amount of capital to manipulate the price of the MNGO token on the platform's own order book, which was used as the price oracle for collateral valuation.
Root Cause
The vulnerability was the protocol's reliance on its own low-liquidity internal markets as a price oracle for its native token (MNGO). By wash trading MNGO against USDC, the attacker was able to artificially inflate the price of MNGO. Because Mango used this manipulated price to determine how much a user could borrow, the attacker was able to take out massive loans of other assets (USDC, SOL, BTC, etc.) against their "valuable" MNGO collateral.
Attack Flow
- Attacker funded two separate accounts with 5M USDC each.
- Account A placed a large sell order for MNGO perps at a high price.
- Account B placed a large buy order for MNGO perps, matching Account A's order.
- This wash trade significantly moved the MNGO price on the Mango order book.
- The internal oracle updated the MNGO price based on these trades, inflating it by over 2,000%.
- With the inflated MNGO collateral value, Account B borrowed $114M worth of various assets from the Mango treasury.
- The attacker then proposed a governance settlement to return some funds in exchange for no criminal prosecution (which was later rejected by law enforcement).
Impact
- Loss: ~$114M
- Protocol: Mango Markets
- Chain: Solana
- Date: 2022-10-11
Key Transactions
- Attack tx (Example):
599986Yfs4S6996Yv9Yv9Yv9Yv9Yv9Yv9Yv9Yv9Yv9Yv9Yv9Yv9Yv9Yv9Yv9Yv9Yv9
Detection Heuristics
- Pattern 1: Using internal, low-liquidity markets as the primary price oracle for collateral.
- Pattern 2: Lack of caps on borrowing against highly volatile or manipulatable assets.
Remediation
- Fix 1: Use external, aggregate oracles (like Pyth or Chainlink) that incorporate liquidity from multiple high-volume exchanges.
- Fix 2: Implement "oracle confidence intervals" or "sanity checks" that ignore price spikes that aren't reflected in broader markets.
- Fix 3: Set strict borrow limits and higher collateral requirements for native governance tokens.
References
- rekt.news/mango-markets-rekt/
- mango.markets/blog/post-mortem-october-exploit
Related Skills
apegurus/vector-scan
testing
VerifiedTrustedCommunity
Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.
SKILL.mdUpdated May 30, 2026
apegurus/periphery
tools
VerifiedTrustedCommunity
Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.
SKILL.mdUpdated May 30, 2026
apegurus/math-precision
testing
VerifiedTrustedCommunity
Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.
SKILL.mdUpdated May 30, 2026
apegurus/invariant
testing
VerifiedTrustedCommunity
Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.
SKILL.mdUpdated May 30, 2026