apegurus/oracle-manipulation

<!-- Source: DeFiFoFum/fofum-solidity-skills (MIT) --> <!-- Source: kadenzipfel/smart-contract-vulnerabilities (MIT) -->

Oracle Manipulation Exploits

Overview

Oracle manipulation attacks exploit price feeds to extract value. Attackers manipulate the price source, then use the manipulated price to profit (liquidations, swaps, borrows).

Total Losses: $500M+ across DeFi

---

Attack Patterns

1. Spot Price Manipulation

Using AMM spot prices directly instead of TWAPs.

// VULNERABLE: Spot price from Uniswap
function getPrice() external view returns (uint256) {
    (uint112 reserve0, uint112 reserve1,) = pair.getReserves();
    return reserve1 * 1e18 / reserve0;  // Manipulatable in same tx!
}

Fix: Use TWAP (Time-Weighted Average Price) or Chainlink.

2. Flash Loan + Price Manipulation

1. Flash loan large amount
2. Swap to manipulate AMM price
3. Interact with victim protocol using manipulated price
4. Swap back, repay flash loan
5. Profit

3. Stale Price Data

// VULNERABLE: No freshness check
function getPrice(address token) external view returns (uint256) {
    (, int256 price,,,) = priceFeed.latestRoundData();
    return uint256(price);  // Could be hours old!
}

// SECURE: Freshness validation
function getPrice(address token) external view returns (uint256) {
    (
        uint80 roundId,
        int256 price,
        ,
        uint256 updatedAt,
        uint80 answeredInRound
    ) = priceFeed.latestRoundData();
    
    require(price > 0, "Invalid price");
    require(updatedAt > block.timestamp - MAX_DELAY, "Stale price");
    require(answeredInRound >= roundId, "Stale round");
    
    return uint256(price);
}

4. TWAP Manipulation (Low Liquidity)

Even TWAPs can be manipulated if:

• Liquidity is low
• TWAP window is short
• Attacker controls multiple blocks (MEV)

---

Real Exploits

Harvest Finance (Oct 2020) — $34M

What happened:

• Attacker used flash loans to manipulate Curve pool prices
• Harvest used Curve spot price for USDC/USDT
• Deposited at manipulated (low) price, withdrew at normal price

Root cause: Spot price oracle on low-liquidity pool

Lesson: Never use spot prices. Use TWAPs with sufficient window.

Mango Markets (Oct 2022) — $116M

What happened:

• Attacker manipulated MNGO perpetual price on Mango
• Used inflated collateral value to borrow all assets
• Price manipulation was within protocol rules (no external oracle)

Root cause: Self-referential oracle (own perp price as collateral value)

Lesson: Don't use your own market prices as oracle for that same market.

Inverse Finance (Apr 2022) — $15.6M

What happened:

• Attacker manipulated INV/ETH SushiSwap price
• Used manipulated price to borrow DOLA
• TWAP window was only 25 minutes

Root cause: Short TWAP window on low-liquidity pair

Lesson: TWAP window must be long enough to make manipulation unprofitable.

bZx (Multiple 2020) — $8M+

What happened:

• Series of attacks using flash loans to manipulate prices
• Borrowed, manipulated, liquidated in single transaction

Root cause: Spot price oracles vulnerable to flash loan manipulation

---

Detection Checklist

• [ ] Does the contract use spot prices from AMMs?
• [ ] Is Chainlink used? Are staleness checks implemented?
• [ ] If TWAP is used, what's the window? (< 30 min = risky)
• [ ] Is the oracle source low liquidity?
• [ ] Can price be manipulated within a single transaction?
• [ ] Are there freshness checks on price data?
• [ ] Is answeredInRound >= roundId checked?
• [ ] Does the protocol validate price sanity (bounds, deviation)?

Secure Patterns

Chainlink with Full Validation

function getPrice(address token) public view returns (uint256) {
    AggregatorV3Interface feed = priceFeeds[token];
    require(address(feed) != address(0), "No feed");
    
    (
        uint80 roundId,
        int256 price,
        ,
        uint256 updatedAt,
        uint80 answeredInRound
    ) = feed.latestRoundData();
    
    // Validation
    require(price > 0, "Invalid price");
    require(updatedAt > 0, "Round not complete");
    require(answeredInRound >= roundId, "Stale round");
    require(block.timestamp - updatedAt < HEARTBEAT, "Stale price");
    
    return uint256(price);
}

Circuit Breakers

uint256 public lastPrice;
uint256 public constant MAX_DEVIATION = 10; // 10%

function getPriceWithCircuitBreaker() external returns (uint256) {
    uint256 newPrice = oracle.getPrice();
    
    if (lastPrice > 0) {
        uint256 deviation = newPrice > lastPrice 
            ? (newPrice - lastPrice) * 100 / lastPrice
            : (lastPrice - newPrice) * 100 / lastPrice;
        require(deviation <= MAX_DEVIATION, "Price deviation too high");
    }
    
    lastPrice = newPrice;
    return newPrice;
}

---

References

• samczsun: Taking undercollateralized loans
• Chainlink Best Practices
• Euler Oracle Manipulation (Omniscia)