🚀
Smart Contract Auditors Space
  • 👋Welcome to the Smart Contract Auditors Space
  • Smart Contract Vulnerabilities
    • FV-SOL-1 Reentrancy
      • FV-SOL-1-C1 Single Function
      • FV-SOL-1-C2 Cross Function
      • FV-SOL-1-C3 Cross Contract
      • FV-SOL-1-C4 Cross Chain
      • FV-SOL-1-C5 Dynamic
      • FV-SOL-1-C6 Read-Only
    • FV-SOL-2 Precision Errors
      • FV-SOL-2-C1 Token Decimals
      • FV-SOL-2-C2 Floating Point
      • FV-SOL-2-C3 Rounding
      • FV-SOL-2-C4 Division by Zero
      • FV-SOL-2-C5 Time-Based
    • FV-SOL-3 Arithmetic Errors
      • FV-SOL-3-C1 Overflow and Underflow
      • FV-SOL-3-C2 Sign Extension
      • FV-SOL-3-C3 Truncation in Type Casting
      • FV-SOL-3-C4 Misuse of Environment Variables
    • FV-SOL-4 Bad Access Control
    • FV-SOL-5 Logic Errors
    • FV-SOL-6 Unchecked Returns
    • FV-SOL-7 Proxy Insecurities
    • FV-SOL-8 Slippage
    • FV-SOL-9 Unbounded Loops
    • FV-SOL-10 Oracle Manipulation
Powered by GitBook
On this page
  • TLDR
  • Code
  • Classifications
  • Incorrect Compounding Mechanism (FV-SOL-10-C1)
  • Price Drift (FV-SOL-10-C2)
  • Manipulation Through External Markets (FV-SOL-10-C3)
  • Time Lags (FV-SOL-10-C4)
  • Mitigation Patterns
  • Multi-Sourced Oracles (FV-SOL-10-M1)
  • Actual Occurrences
  • Content

Was this helpful?

FV-SOL-10 Oracle Manipulation

TLDR

Tampering with the mechanisms that provide asset price data to smart contracts

Code

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface Oracle {
    function getCurrentOraclePrice() external view returns (uint256);
}

contract VulnerableCompound {
    Oracle public oracle;
    uint256 public oraclePrice;

    constructor(address _oracle) {
        oracle = Oracle(_oracle);
        oraclePrice = 1e18;
    }

    function getPricingImportant() public {
        // Vulnerable reliance on the oracle
        oraclePrice = oracle.getCurrentOraclePrice(); // Assumes truthfull results
    }
}

Classifications

Incorrect Compounding Mechanism (FV-SOL-10-C1)

The oracle fails to compound APR (Annual Percentage Rate) correctly over time, resulting in values that do not accurately reflect the cumulative growth intended

Price Drift (FV-SOL-10-C2)

Due to improper state updates, the oraclePrice "drifts" back to its initial value rather than incrementally increasing

Manipulation Through External Markets (FV-SOL-10-C3)

Manipulating prices in less liquid markets to impact the oracle's reported price, as some oracles aggregate prices from external exchanges

Time Lags (FV-SOL-10-C4)

Delaying block production or influencing the timing of price updates can lead to incorrect price feeds that attackers use to profit

Mitigation Patterns

Multi-Sourced Oracles (FV-SOL-10-M1)

Use multiple oracle data sources to calculate an aggregated price

Actual Occurrences

  • https://solodit.cyfrin.io/issues/h-01-oracle-price-does-not-compound-code4rena-volt-protocol-volt-protocol-contest-git

Content

PreviousFV-SOL-9 Unbounded Loops

Last updated 1 day ago

Page cover image