Price Oracle Manipulation via Flashloan
Description
The price oracle can be manipulated via a flashloan, allowing an attacker to influence the price calculation. This can be achieved by exploiting the division operation in the price calculation function.
Examples
Insecure Code
solidity
function getPrice() public view returns (uint) { return underlying.div(totalSupply); }Secure Code
solidity
function getPrice() public view returns (uint) { return movingAveragePrice(); }Remediation
Implement a secure price oracle mechanism that is resistant to flashloan attacks, such as using a decentralized price feed or a moving average price calculation.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0768 |
| Category | Crypto |
| Severity | HIGH |
| CWE | CWE-682 |
| Confidence | LOW |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | price oracle, flashloan, manipulation |
| OWASP | N/A |
References
- https://twitter.com/peckshield/status/1506090607059431427
- https://ftmscan.com/address/0xc06826f52f29b34c5d8b2c61abf844cebcf78abf
- https://ftmscan.com/address/0x8129026c585bcfa530445a6267f9389057761a00
- https://medium.com/oneringfinance/onering-finance-exploit-post-mortem-after-oshare-hack-602a529db99b
- https://ftmscan.com/address/0x5CEB2b0308a7f21CcC0915DB29fa5095bEAdb48D
- https://twitter.com/peckshield/status/1519530463337250817
- https://pwned-no-more.notion.site/The-Deus-Hack-Explained-647bf97afa2b4e4e9e8b882e68a75c0b