Oracle Manipulation Attacks

Spot-price oracles read the current ratio of assets in an AMM pool. An attacker can use a flash loan to massively skew that ratio within a single transaction, trick a protocol into using the manipulated price, extract profit, then repay the loan — all atomically. Understanding these attacks is key to building secure DeFi.

⚡ Flash Loan Oracle Attack Simulator

Flash Loan Size (ETH) 5000 Pool Liquidity (ETH) 10000 Collateral Factor (%) 80

Spot Price Impact

Manipulated Price

$2,000

Collateral Overvalue

Attacker Profit

📈 TWAP Resistance Visualization

TWAP Window 15 blocks (~3 min) Manipulation Duration (blocks) 1 Spike Magnitude (%) 50

Spot Price Peak

$3,000

TWAP During Attack

$2,033

TWAP Dampening

97%

Cost to Sustain

🕐 Real Oracle Exploits Timeline

$114M

Oct 2022

Mango Markets

Attacker manipulated the MNGO/USDC spot price on-chain by buying massive amounts, inflating their collateral value on Mango Markets. Then borrowed against the inflated collateral and drained the protocol. A pure oracle manipulation via thin-liquidity perp markets.

$34M

Oct 2020

Harvest Finance

Flash loan used to manipulate USDC/USDT price on Curve. Attacker deposited into Harvest vault at deflated price, then reversed the manipulation to withdraw at inflated value. Repeated in a loop to drain $34M.

$10M

Feb 2023

Bonq / AllianceBlock

Attacker exploited a Tellor oracle with low stake requirements. Submitted a false price report for WALBT token (inflating it 100x), then borrowed against the inflated collateral on BonqDAO and liquidated positions.

🛡️ Defense Mechanisms

TWAP Oracles

Use time-weighted average price over N blocks instead of spot. Uni V3 built-in TWAP requires sustained manipulation over the entire window — exponentially increasing cost. A 30-min TWAP makes single-block attacks useless.

Chainlink Integration

Off-chain aggregated feeds from 21+ nodes pulling from multiple exchanges. Cannot be manipulated by on-chain trades. Deviation thresholds and heartbeats ensure timely, accurate data. The gold standard for lending protocols.

Circuit Breakers

Reject price updates that deviate beyond a threshold (e.g., >25% in one block). Pause borrowing or liquidations if the oracle reports extreme values. Adds a cooldown period after large price moves before allowing actions.

Multi-Oracle Designs

Use 2-3 independent oracle sources and take the median or require agreement. If Chainlink and Uniswap TWAP disagree by >5%, pause the market. MakerDAO's OSM adds a 1-hour delay giving governance time to react.