BTC

$68669.101

1.00%

ETH

$3759.727

-0.57%

BNB

$594.483

-0.50%

XRP

$0.52

-1.02%

Glossary

Oracle Manipulation

November 21, 2023 - Around 2 mins mins to read

Oracle manipulation, also referred to as oracle price manipulation, is the act of exploiting a smart contract oracle in the DeFi space. This manipulation is carried out by attackers and can lead to system failure, theft, and other types of damage. According to reports, DeFi networks lost more than $33 million in 2020 due to price oracle manipulation.

Oracles are external or real-world data providers for blockchains, supplying information such as price feeds, weather data, and statistics. Among these types of data, price feeds are the most commonly exploited. Attackers can utilize price feeds to steal large sums of money from DeFi platforms.

There are two main methods by which an oracle can obtain price information. The first method involves extracting price data from centralized exchanges using APIs. The second method involves oracles performing calculations themselves by consulting decentralized exchanges (DEXs). Each method has its own advantages, disadvantages, and potential for manipulation.

In the Harvest Finance hack, the attacker exploited the pools by utilizing a flash loan and engaging in a form of oracle manipulation. The hacker manipulated the value of USDC within the Curve pool through a trade. Subsequently, the attacker entered the Harvest pool at the manipulated price, restored USDC to its original value by reversing the trade, and then exited the pool at a significantly higher price.

Avatar of Coincu

Author

Coincu

Glossary

Oracle Manipulation

Oracle manipulation, also referred to as oracle price manipulation, is the act of exploiting a smart contract oracle in the DeFi space. This manipulation is carried out by attackers and can lead to system failure, theft, and other types of damage. According to reports, DeFi networks lost more than $33 million in 2020 due to price oracle manipulation.

Oracles are external or real-world data providers for blockchains, supplying information such as price feeds, weather data, and statistics. Among these types of data, price feeds are the most commonly exploited. Attackers can utilize price feeds to steal large sums of money from DeFi platforms.

There are two main methods by which an oracle can obtain price information. The first method involves extracting price data from centralized exchanges using APIs. The second method involves oracles performing calculations themselves by consulting decentralized exchanges (DEXs). Each method has its own advantages, disadvantages, and potential for manipulation.

In the Harvest Finance hack, the attacker exploited the pools by utilizing a flash loan and engaging in a form of oracle manipulation. The hacker manipulated the value of USDC within the Curve pool through a trade. Subsequently, the attacker entered the Harvest pool at the manipulated price, restored USDC to its original value by reversing the trade, and then exited the pool at a significantly higher price.

Visited 104 times, 1 visit(s) today

Leave a Reply