Fun

Report: Blockchain Price Oracle Manipulation Produces Millions in Losses, Shows No Signs of Slowing

News Feed - 2020-11-12 12:11:24

Report: Blockchain Price Oracle Manipulation Produces Millions in Losses, Shows No Signs of Slowing


On November 9, a writer from the website samczsun.com published a report that shows a number of issues with price oracle manipulation stemming from a few blockchain applications. The researcher notes that price oracle manipulation has resulted in “over $30 [million] in losses so far.”


According to the researcher from samczsun.com there’s been a substantial amount of price oracle manipulation in 2020. On Monday, he tweeted: “Price oracle manipulation has resulted in over 30MM of losses so far and it shows no signs of slowing.” The tweet was also retweeted by the ethereum.org Twitter handle’s 500k followers. The tweet from @samczsun also leads to a blog post written on the researcher’s web portal called: “So you want to use a price oracle.”


In the article, he explains that during the end of 2019 he published a post called “Taking undercollateralized loans for fun and for profit” and the post explained how he could attack ETH-based decentralized applications (dapps). The dapps he wrote about specifically rely on price oracle data for a number of crypto assets.


“It’s currently late 2020 and unfortunately numerous projects have since made very similar mistakes,” samczsun.com’s post stresses. “With the most recent example being the Harvest Finance hack which resulted in a collective loss of 33MM USD for protocol users.”


Basically an oracle is a protocol that can record both onchain and off-chain data and submits the data into a blockchain like Ethereum. These oracles are used in smart contracts, automated market makers (AMM), trading platforms, and one of the popular ETH-based oracles is Chainlink. The report on vulnerabilities says that developers are aware of some of the issues tethered to oracles but “price oracle manipulation is clearly not something that is often considered.”


The blog post adds: Conversely, exploits based on reentrancy have fallen over the years while exploits based on price oracle manipulation are now on the rise.


The blog post however isn’t just criticisms and samczsun.com’s editorial features an introduction to oracles, oracle manipulation, and how to mitigate against exploitation. Further, the post discusses six vulnerabilities that have taken place in the past.


For example, the post mentions undercollateralized loans, the Synthetix sKRW oracle malfunction, the yVault bug, Synthetix MKR manipulation, the Harvest Finance hack, and the Bzx hack as well. An illustration of the Synthetix MKR manipulation. Photo via Samczsun.com.


Samczsun.com’s research also summarizes the Harvest Finance issues that took place on October 26, 2020.


“The attacker deflated the price of USDC in the Curve pool by performing a trade, entered the Harvest pool at the reduced price,” the findings state. “[The attacker] restored the price by reversing the earlier trade, and exited the Harvest pool at a higher price. This resulted in over 33MM USD of losses.”


The report concludes that “price oracles are a critical, but often overlooked, component of defi security.” The article highlights that there are plenty of ways that dapps can shoot themselves in the foot if they overlook some of these problems. “Reading price information during the middle of a transaction may be unsafe and could result in catastrophic financial damage,” the research post says.


What do you think about the millions lost from blockchain-based price oracles so far? Let us know what you think in the comments section below. Ethereum User Spends $9,500 in Fees Sending Just $120 in an Error to Forget ALTCOINS | 4 days ago ETH 2.0 Scheduled for December, Vitalik Deposits $1.4M Worth of Ether Into Phase 0 Contract ALTCOINS | 5 days ago Tags in this story $30 Million, Altcoins, crypto assets, Cryptocurrency, DeFi, Defi Apps, ETH-based apps, Ethereum, Hack, Harvest Finance hack, Losses, manipulation, MKR, price oracle, price oracle manipulation, Prices, samczsun.com, Synthetix sKRW oracle malfunction, yVault bug


Image Credits: Shutterstock, Pixabay, Wiki Commons, samczsun.com, Use Bitcoin and Bitcoin Cash to play online casino games here. Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article. Read disclaimerShow comments

News Feed

Big Short Investor Michael Burry Says Audits of Crypto Exchanges Like Binance and FTX Are ‘Meaningless’
Big Short Investor Michael Burry Says Audits of Crypto Exchanges Like Binance and FTX Are "Meaningless" Hedge fund manager Michael Burry, famed for forecasting the 2008 financial c
Crypto Market Turning Point — Most Cryptocurrencies Down 57% to Over 80% From Price Highs
Crypto Market Turning Point — Most Cryptocurrencies Down 57% to Over 80% From Price Highs Roughly six months ago, bitcoin and a number of digital assets reached all-time highs an
Bitcoin Mining Operation Being Sued for Producing High Noise Levels in Tennessee
Bitcoin Mining Operation Being Sued for Producing High Noise Levels in Tennessee A bitcoin mining operation in Tennessee is being sued by neighbors due to the high level of noise t
John Deaton’s crypto backers help outraise Warren in Senate race
Jesse Coghlan7 hours agoJohn Deaton’s crypto backers help outraise Warren in Senate raceCrypto executives from Ripple, Gemini and Kraken were top bankrollers of John Deaton’s Senate campaign last quarter.6190 Total v
Former Terra CEO Do Kwon Enters Not Guilty Plea In Landmark $40 Billion Crypto Trial
Do Kwon, the South Korean cryptocurrency entrepreneur and co-founder of Terraform Labs, pleaded not guilty on Thursday to a series of criminal fraud charges in a Manhattan federal court. 
Fed’s Outgoing Vice Chair Richard Clarida’s ‘Rebalancing’ Trades Ignite Fed Trading Ethics Scandal
Fed"s Outgoing Vice Chair Richard Clarida’s "Rebalancing" Trades Ignite Fed Trading Ethics Scandal Members of the U.S. Federal Reserve are getting criticized this week after the
Heroes of Arcan Announces Community-Driven Heroic Fantasy Play-to-Earn Game
Heroes of Arcan Announces Community-Driven Heroic Fantasy Play-to-Earn Game press release PRESS RELEASE.Heroes of Arcan aims to create a play-to-earn game that offers players engagi
Ground Handling Firm to Use a Blockchain Document Solution at 28 Saudi Airports
Ground Handling Firm to Use a Blockchain Document Solution at 28 Saudi Airports The Kingdom of Saudi Arabia-based airport ground handling services firm, Saudi Ground Services, has
Adshares Establishes Premium Partnership With Sandbox
Adshares Establishes Premium Partnership With Sandbox press release PRESS RELEASE.Adshares (ADS) is putting another stake in Metaverse’s advertising territory through a partn
5 New Crypto to Explode as Trump Starts New Crypto Venture with Charles Schwab
Este artículo también está disponible en español. Trump Media & Technology Group (TMTG) has announced a new crypto venture, Truth.Fi, in partnership with Charles Schw
Web3 and gaming: Unlocking real value for users
Savannah Fortis11 hours agoWeb3 and gaming: Unlocking real value for usersAt the 2024 Proof of Talk event in Paris, France Mythical Games COO discussed the significance of gaming as a “hero use case" for tangible
Cointelegraph Accelerator14 hours agoFantasy football game on Telegram: Fanton joins Cointelegraph AcceleratorFanton brings blockchain-based fantasy football to Telegram thanks to the IM service’s recent integration wi