Web3 Dictionary Logo
Web3 Dictionary
Contribute

Categories

AllBlockchainDappsDAOsDeFiNFTsRegulationSecuritySmart ContractsTokenomicsWalletsWeb3 GamingOthers
  1. Web3 Dictionary
  3. Security
  6. Oracle Manipulation
Security

Oracle Manipulation

Attacking price feed oracles to artificially manipulate smart contract decisions.

Last Updated

2026-03-29

Related Concepts

OracleFlash LoanExploitSmart Contract Risk
Web3-Explorer Logo

Web3 Security

AD

Security frameworks, smart contract reviews, and compliance alignment to reduce risk and protect users.

Review Security Services

What is Oracle Manipulation?

Oracle manipulation is an exploit where an attacker artificially distorts a price feed to trick a smart contract into making incorrect decisions usually to borrow excess funds or trigger unfair liquidations.

How does Oracle Manipulation work?

  1. Attacker identifies a protocol using a single low-liquidity pool as its price oracle.
  2. Uses a flash loan to execute massive trades, moving the pool price artificially.
  3. The oracle reports the distorted price to the smart contract.
  4. The contract allows overborrowing or wrong liquidations based on the false price.
  5. Attacker unwinds the trade and repays the flash loan, keeping the profit.

Why does Oracle Manipulation matter?

It can drain an entire protocol's treasury in a single block. It highlights why robust, multi-source price feeds are critical for any DeFi protocol.

Key features of Oracle Manipulation

  • Exploits single-source or illiquid price oracles
  • Often uses flash loans for capital
  • Executes within a single blockchain block
  • Prevented by time-weighted average prices (TWAP) and decentralized oracle networks

Examples of Oracle Manipulation

The bZx protocol lost nearly $1 million in 2020 oracle manipulation attacks. Most major protocols now use 3+ independent price feeds from Chainlink to defend against this.

External References

  • Blockchain Oracles (Ethereum.org)
  • What Is an Oracle? (Chainlink)