Fun

Report: Blockchain Price Oracle Manipulation Produces Millions in Losses, Shows No Signs of Slowing

News Feed - 2020-11-12 12:11:24

Report: Blockchain Price Oracle Manipulation Produces Millions in Losses, Shows No Signs of Slowing


On November 9, a writer from the website samczsun.com published a report that shows a number of issues with price oracle manipulation stemming from a few blockchain applications. The researcher notes that price oracle manipulation has resulted in “over $30 [million] in losses so far.”


According to the researcher from samczsun.com there’s been a substantial amount of price oracle manipulation in 2020. On Monday, he tweeted: “Price oracle manipulation has resulted in over 30MM of losses so far and it shows no signs of slowing.” The tweet was also retweeted by the ethereum.org Twitter handle’s 500k followers. The tweet from @samczsun also leads to a blog post written on the researcher’s web portal called: “So you want to use a price oracle.”


In the article, he explains that during the end of 2019 he published a post called “Taking undercollateralized loans for fun and for profit” and the post explained how he could attack ETH-based decentralized applications (dapps). The dapps he wrote about specifically rely on price oracle data for a number of crypto assets.


“It’s currently late 2020 and unfortunately numerous projects have since made very similar mistakes,” samczsun.com’s post stresses. “With the most recent example being the Harvest Finance hack which resulted in a collective loss of 33MM USD for protocol users.”


Basically an oracle is a protocol that can record both onchain and off-chain data and submits the data into a blockchain like Ethereum. These oracles are used in smart contracts, automated market makers (AMM), trading platforms, and one of the popular ETH-based oracles is Chainlink. The report on vulnerabilities says that developers are aware of some of the issues tethered to oracles but “price oracle manipulation is clearly not something that is often considered.”


The blog post adds: Conversely, exploits based on reentrancy have fallen over the years while exploits based on price oracle manipulation are now on the rise.


The blog post however isn’t just criticisms and samczsun.com’s editorial features an introduction to oracles, oracle manipulation, and how to mitigate against exploitation. Further, the post discusses six vulnerabilities that have taken place in the past.


For example, the post mentions undercollateralized loans, the Synthetix sKRW oracle malfunction, the yVault bug, Synthetix MKR manipulation, the Harvest Finance hack, and the Bzx hack as well. An illustration of the Synthetix MKR manipulation. Photo via Samczsun.com.


Samczsun.com’s research also summarizes the Harvest Finance issues that took place on October 26, 2020.


“The attacker deflated the price of USDC in the Curve pool by performing a trade, entered the Harvest pool at the reduced price,” the findings state. “[The attacker] restored the price by reversing the earlier trade, and exited the Harvest pool at a higher price. This resulted in over 33MM USD of losses.”


The report concludes that “price oracles are a critical, but often overlooked, component of defi security.” The article highlights that there are plenty of ways that dapps can shoot themselves in the foot if they overlook some of these problems. “Reading price information during the middle of a transaction may be unsafe and could result in catastrophic financial damage,” the research post says.


What do you think about the millions lost from blockchain-based price oracles so far? Let us know what you think in the comments section below. Ethereum User Spends $9,500 in Fees Sending Just $120 in an Error to Forget ALTCOINS | 4 days ago ETH 2.0 Scheduled for December, Vitalik Deposits $1.4M Worth of Ether Into Phase 0 Contract ALTCOINS | 5 days ago Tags in this story $30 Million, Altcoins, crypto assets, Cryptocurrency, DeFi, Defi Apps, ETH-based apps, Ethereum, Hack, Harvest Finance hack, Losses, manipulation, MKR, price oracle, price oracle manipulation, Prices, samczsun.com, Synthetix sKRW oracle malfunction, yVault bug


Image Credits: Shutterstock, Pixabay, Wiki Commons, samczsun.com, Use Bitcoin and Bitcoin Cash to play online casino games here. Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article. Read disclaimerShow comments

News Feed
Panamanian Lawmakers to Hold Discussions on Regulating Cryptocurrencies in the Country
Panamanian Lawmakers to Hold Discussions on Regulating Cryptocurrencies in the Country Panamanian lawmakers will start to analyze a draft bill that seeks to regu
2021-01-23 22:15 PM
Chipotle’s ‘Buy the Dip’ Game Plans to Reward Players With $200K in ETH, BTC, SOL, AVAX, and DOGE
Chipotle"s "Buy the Dip" Game Plans to Reward Players With $200K in ETH, BTC, SOL, AVAX, and DOGE Chipotle Mexican Grill, often referred to as simply Chipotle, has announced a new
2022-07-26 06:00 AM
Crypto Confronts Social Justice Warriors 
Crypto Confronts Social Justice Warriors  “Many men are lamenting the “man-hating” rhetoric that they have imagined stemming from SJWs. It just so happens that
2019-12-24 13:20 PM
Russian Parliament Foresees a Wave of Token Issuance for 2021 in the Wake of Crypto Law Promulgation
Russian Parliament Foresees a Wave of Token Issuance for 2021 in the Wake of Crypto Law Promulgation The head of the Russian parliamentary committee on financial
2020-12-26 12:45 PM
Dogecoin Faces Moment Of Truth: Will It Hold The Line Or Freefall?
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
2025-04-04 23:00 PM
Ana Paula Pereira6 hours agoSEC decision on Bitcoin ETFs won’t leave out Wall Street giantsThe Securities and Exchange Commission’s prolonged deliberation over a spot Bitcoin ETF is stoking expectations of a joint de
2023-08-12 02:51 AM
BIS Chief Banker Criticizes Bitcoin as Inherently Risky, Says BTC Vulnerable to 51% Attack
BIS Chief Banker Criticizes Bitcoin as Inherently Risky, Says BTC Vulnerable to 51% Attack Bank for International Settlements (BIS) general manager Agustin Carst
2021-01-29 15:30 PM
Miami Mayor: China’s Crypto Crackdown ‘Creates Incredible Opportunity for America’ in Bitcoin Mining
Miami Mayor: China’s Crypto Crackdown "Creates Incredible Opportunity for America" in Bitcoin Mining The mayor of Miami, Florida, sees China’s cryptocurrency crackdown as
2021-09-30 08:30 AM
Tom Blackstone11 hours agoWormhole integrates native USDC transfers for four blockchain networksWormhole integrated with Circle’s Cross-Chain Transfer Protocol, allowing USDC to be sent between Ethereum, Avalanche, Arb
2023-09-20 22:00 PM
European Parliament Petitioned to Create Crypto Crime Compensation Fund
European Parliament Petitioned to Create Crypto Crime Compensation Fund A petition has been submitted to the European Parliament, asking to implement a scheme to
2021-01-19 19:30 PM
DeHub Makes History By Announcing New $1 Million NFT Raffle
DeHub Makes History By Announcing New $1 Million NFT Raffle press release PRESS RELEASE.As inflation soars & opportunities begin to diminish, an increasing number of individuals all
2022-08-04 20:00 PM
Turner Wright7 hours agoBinance says it ‘continues to serve’ Belgian users via Poland entityIn June, Belgium’s financial regulator ordered Binance to stop offering crypto exchange and custody wallet services, citin
2023-08-29 01:23 AM