Oracle Manipulation

Oracle manipulation attacks exploit contracts that rely on easily-manipulable price data sources, allowing attackers to inflate or deflate asset prices to drain protocol funds.

How It Works

Contracts that use DEX spot prices or single-source oracles are vulnerable. An attacker can manipulate the price source (e.g., by trading large amounts on a DEX) and then interact with the victim contract at the manipulated price.

Real-World Examples

Harvest Finance

2020

$34M

Attacker manipulated Curve pool prices repeatedly to drain USDC and USDT from Harvest vaults.

Mango Markets

2022

$114M

Oracle manipulation on Mango Markets' perpetuals platform drained $114M in collateral.

Code Examples

Vulnerable Code

// VULNERABLE: Single DEX price source
function getTokenPrice() public view returns (uint256) {
    (uint112 reserve0, uint112 reserve1,) = pair.getReserves();
    return (reserve1 * 1e18) / reserve0; // Spot price!
}

Secure Code

// FIXED: Chainlink oracle with staleness check
function getTokenPrice() public view returns (uint256) {
    (, int256 price,, uint256 updatedAt,) = chainlinkFeed.latestRoundData();
    require(price > 0, "Invalid price");
    require(block.timestamp - updatedAt < 3600, "Stale price");
    return uint256(price);
}

Prevention

Use decentralized oracles like Chainlink for price data
Implement staleness checks on oracle responses
Use TWAP instead of spot prices for on-chain calculations
Add price deviation bounds to reject anomalous values

Related Vulnerabilities

Flash Loan Attack Vectors

critical

Economic Attack Vectors

high

Scan Your Contract for Oracle Manipulation

Our AI-powered auditor automatically detects oracle manipulation and 20+ other vulnerability types. Get a detailed report in minutes.

Start Audit View All Vulnerabilities

Data Integrity

critical severity