Smart Contract Smart Contract
Audit Pricing Blog Resources
Get Started

Oracle Manipulation

HomeGlossary › Oracle Manipulation

Smart contracts cannot access off-chain data directly. They rely on oracles — contracts or services that supply external data like asset prices. When a protocol trusts a manipulable price source, attackers can corrupt the data and exploit the resulting mispriced assets.

How it works

The most common target is a spot price from a decentralized exchange's liquidity pool. By executing a large swap (often funded by a flash loan), an attacker can move the price dramatically within a single block, query it while distorted, and profit from the manipulation before the price reverts.

Vulnerable pattern

// VULNERABLE — spot price from a single pool, easily manipulated
function collateralValue(uint tokenAmount) public view returns (uint) {
    uint price = uniswapPair.token0() == WETH 
        ? reserve1 / reserve0   // spot price, no TWAP
        : reserve0 / reserve1;
    return tokenAmount * price;
}

// Lending protocol uses collateralValue() to decide how much to lend
// Flash loan + swap = inflated collateral = free money

Safe pattern

// SAFE — Chainlink price feed with staleness check
import "@chainlink/contracts/src/v0.8/interfaces/AggregatorV3Interface.sol";

AggregatorV3Interface internal priceFeed;

function getPrice() public view returns (int) {
    (, int price, , uint updatedAt,) = priceFeed.latestRoundData();
    require(block.timestamp - updatedAt < 3600, "Stale oracle");
    return price;
}

Real-world exploits

  • Compound (2020) — DAI price spike on Coinbase Pro (used as oracle) allowed over-borrowing; ~$90 million at risk.
  • Mango Markets (2022) — attacker manipulated MNGO perpetual price to borrow $116 million against inflated collateral.
  • Euler Finance (2023) — oracle manipulation contributed to a $197 million exploit.

How to prevent it

  • Use Chainlink price feeds with staleness validation.
  • Use Uniswap V3 TWAP oracles with a minimum observation window (30 minutes or longer).
  • Never use single-block spot prices for any financial logic.
  • Add circuit breakers that revert if the oracle price deviates more than X% from a secondary source.

Related vulnerabilities

← Back to Glossary
Security Resources
Vulnerability Glossary · Security Blog · Token Risk Profiles
Chain Guides
Ethereum · Polygon · Arbitrum · Base · BNB Chain
ERC Standard Security
ERC20 · ERC721 · ERC1155 · ERC777 · ERC4626 · ERC2612 · ERC4337
© 2026 Smart Contract Audit — Privacy · Terms · Refund Policy