The Oracle Problem
Oracles are the bridge between on-chain and off-chain data. Their manipulation has led to billions in DeFi losses.
Attack Patterns
- Spot price manipulation via flash loans
- TWAP manipulation over multiple blocks
- Oracle front-running
- Stale price exploitation
secure-oracle.sol
// Secure oracle implementationfunction getPrice() external view returns (uint256) { (uint256 price, uint256 timestamp) = oracle.latestRoundData(); // Check freshness require(block.timestamp - timestamp < MAX_DELAY, "Stale price"); // Check deviation from TWAP uint256 twap = getTWAP(); require( price > twap * 95 / 100 && price < twap * 105 / 100, "Price deviation too high" ); return price;}TWAP
Use time-weighted average prices
Multiple Sources
Aggregate from multiple oracles
Freshness Checks
Always validate price timestamp