🚀
Smart Contract Auditors Space
  • 👋Welcome to the Smart Contract Auditors Space
  • Smart Contract Vulnerabilities
    • FV-SOL-1 Reentrancy
      • FV-SOL-1-C1 Single Function
      • FV-SOL-1-C2 Cross Function
      • FV-SOL-1-C3 Cross Contract
      • FV-SOL-1-C4 Cross Chain
      • FV-SOL-1-C5 Dynamic
      • FV-SOL-1-C6 Read-Only
    • FV-SOL-2 Precision Errors
      • FV-SOL-2-C1 Token Decimals
      • FV-SOL-2-C2 Floating Point
      • FV-SOL-2-C3 Rounding
      • FV-SOL-2-C4 Division by Zero
      • FV-SOL-2-C5 Time-Based
    • FV-SOL-3 Arithmetic Errors
      • FV-SOL-3-C1 Overflow and Underflow
      • FV-SOL-3-C2 Sign Extension
      • FV-SOL-3-C3 Truncation in Type Casting
      • FV-SOL-3-C4 Misuse of Environment Variables
    • FV-SOL-4 Bad Access Control
      • FV-SOL-4-C1 Using tx.origin for Authorization
      • FV-SOL-4-C2 Unrestricted Role Assignment
      • FV-SOL-4-C3 Lack of Multi-Signature for Crucial Operations
    • FV-SOL-5 Logic Errors
      • FV-SOL-5-C1 Boundary Misalignment
      • FV-SOL-5-C2 Incorrect Conditionals
      • FV-SOL-5-C3 Improper State Transitions
      • FV-SOL-5-C4 Misordered Calculations
      • FV-SOL-5-C5 Event Misreporting
    • FV-SOL-6 Unchecked Returns
      • FV-SOL-6-C1 Unchecked Call Return
      • FV-SOL-6-C2 Unchecked Transfer Return
      • FV-SOL-6-C3 Silent Fail
      • FV-SOL-6-C4 False Positive Success Assumption
      • FV-SOL-6-C5 Partial Execution with No Rollback
      • FV-SOL-6-C6 False Contract Existence Assumption
    • FV-SOL-7 Proxy Insecurities
      • FV-SOL-7-C1 delegatecall Storage Collision
      • FV-SOL-7-C2 Function Selector Collision
      • FV-SOL-7-C3 Centralized Update Control
      • FV-SOL-7-C4 Uninitialized Proxy
    • FV-SOL-8 Slippage
    • FV-SOL-9 Unbounded Loops
    • FV-SOL-10 Oracle Manipulation
Powered by GitBook
On this page
  • TLDR
  • Code
  • Classifications
  • Incorrect Compounding Mechanism (FV-SOL-10-C1)
  • Price Drift (FV-SOL-10-C2)
  • Manipulation Through External Markets (FV-SOL-10-C3)
  • Time Lags (FV-SOL-10-C4)
  • Mitigation Patterns
  • Multi-Sourced Oracles (FV-SOL-10-M1)
  • Actual Occurrences
  • Content

Was this helpful?

FV-SOL-10 Oracle Manipulation

TLDR

Tampering with the mechanisms that provide asset price data to smart contracts

Code

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface Oracle {
    function getCurrentOraclePrice() external view returns (uint256);
}

contract VulnerableCompound {
    Oracle public oracle;
    uint256 public oraclePrice;

    constructor(address _oracle) {
        oracle = Oracle(_oracle);
        oraclePrice = 1e18;
    }

    function getPricingImportant() public {
        // Vulnerable reliance on the oracle
        oraclePrice = oracle.getCurrentOraclePrice(); // Assumes truthfull results
    }
}

Classifications

Incorrect Compounding Mechanism (FV-SOL-10-C1)

The oracle fails to compound APR (Annual Percentage Rate) correctly over time, resulting in values that do not accurately reflect the cumulative growth intended

Price Drift (FV-SOL-10-C2)

Due to improper state updates, the oraclePrice "drifts" back to its initial value rather than incrementally increasing

Manipulation Through External Markets (FV-SOL-10-C3)

Manipulating prices in less liquid markets to impact the oracle's reported price, as some oracles aggregate prices from external exchanges

Time Lags (FV-SOL-10-C4)

Delaying block production or influencing the timing of price updates can lead to incorrect price feeds that attackers use to profit

Mitigation Patterns

Multi-Sourced Oracles (FV-SOL-10-M1)

Use multiple oracle data sources to calculate an aggregated price

Actual Occurrences

  • https://solodit.cyfrin.io/issues/h-01-oracle-price-does-not-compound-code4rena-volt-protocol-volt-protocol-contest-git

Content

PreviousFV-SOL-9 Unbounded Loops

Last updated 15 days ago

Page cover image