Oracle Manipulation: Distorting Blockchain’s Truth Sources
Oracle Manipulation is situation where an Oracle smart contract is manipulated by hackers.
What is Oracle Manipulation?
Oracle manipulation, or Oracle price manipulation, is an exploit, most common in the DeFi space, where an Oracle smart contract is manipulated by attackers, resulting in system failure, theft and other losses. DeFi networks are reported to have lost more than $33 million in 2020 alone due to oracle price manipulation.
Oracles are third-party service providers that provide blockchain with external or real data, such as price feeds, weather information, statistics, etc. Price feeds are by far the most exploited oracle data, as they allow attackers to steal millions of dollars from DeFi platforms.
There are usually two ways in which oracle can collect price information.
- free pumping of price data from centralised exchanges via APIs.
- oracle can perform its own calculations by accessing decentralised exchanges (DEX).</li
Both methods have their advantages and disadvantages, as well as ways to manipulate them.
In the Harvest Finance hack, the perpetrator was able to infiltrate the pools via flash credits using a form of oracle manipulation. In fact, the hacker reduced the value of USDC in the Curve pool through a transaction. The criminal then entered the Harvest pool at a reduced price, returned the USDC to its original price by cancelling his transaction, and then exited the pool at a much higher price.