An oracle manipulation attack in blockchain refers to a type of vulnerability in which an attacker exploits smart contracts’ reliance on external data sources, known as oracles, to manipulate contract execution or obtain unauthorized information. In this Pooyan Music article, we will discuss in detail the concept of Oracle manipulation attack.
Oracles are mechanisms that allow smart contracts to interact with real-world data. Something that is necessary for many decentralized applications (dApps) to function properly. They provide data such as prices or other off-chain information that the smart contract needs to make decisions.
An oracle attack occurs when an attacker manipulates data provided by an oracle to trick a smart contract into executing in an unintended or malicious manner. This could lead to undesirable results, financial losses or security breaches.
Relying on a single oracle or a small number of oracles can create a single point of failure. If the oracle is compromised, tampered with, or experiences a crash, the entire smart contract can be affected.
A classic vulnerability comes from the world of on-chain price oracles: trusting the spot price of a decentralized exchange. The scenario is simple. A smart contract needs to determine the price of an asset, for example, when a user deposits ETH into their system.
The protocol uses its respective uniswap pool as a resource to achieve this price discovery. By exploiting this behavior, an attacker can take out a flash loan to drain one side of the uniswap pool. Due to the lack of data source diversity, the internal price of the protocol is directly manipulated. The attacker can now take an action to take this extra value.
Projects can also implement a centralized oracle. The update method of such a smart contract could, for example, be protected by an onlyOwner modifier, requiring users to trust the correct and timely delivery of data.
Depending on the size and structure of the system, this centralized trust can lead to encouraging authorized user(s) to send malicious data and abuse their position of power.
In a decentralized scenario, security considerations mostly stem from how participants are incentivized and misbehavior goes unpunished.
Freeloading: The easiest way to save labor and maximize profits. A node can be an oracle or an external component
Override the chain (like an API) and copy different values without validation.
Mirroring: These are a flavor of Sybil attacks and can come with freeloading. Similarly, misbehaving nodes save work by reading from a centralized data source at a reduced sampling rate. Because of the lack of transparency in Sybil communication, it is difficult to detect mirror attacks in practice.
Remediation of oracle attacks on the blockchain involves implementing various security measures to mitigate the risks associated with these vulnerabilities.
Here are some strategies and best practices to help prevent and counter Oracle attacks:
Use multiple independent oracles from different sources to serve the same data. This redundancy helps detect inconsistencies and reduces the chance of a compromised oracle affecting the outcome.
Use oracles that aggregate different data from different sources. This can help mitigate the impact of a compromised data provider.
Perform cryptographic proofs or signatures to verify the authenticity of the data provided by oracles. This ensures that the data has not been tampered with.
Includes timing of data provided by oracles to detect delay or tampering. Smart contracts can use time-based checks to validate data freshness.
Before you can accept the data as valid, you must reach consensus among multiple oracles. This prevents an oracle from having a detrimental effect on the result.
Use random oracles that select data from a set of sources. This allows attackers to predict which oracle will be chosen for a particular transaction.
Decentralized Oracle networks that rely on a larger number of participants to provide and validate data. This can make it more difficult for attackers to manipulate the system.
Use chain verification mechanisms to validate oracle data before it is used in a smart contract. This can include off-chain calculations and cross-referencing of data.
Implement mechanisms to stop or pause smart contracts if suspicious oracle behavior is detected. This can help prevent further damage in case of continuous attack.
Perform regular security audits of smart contracts and Oracle services. Continuous monitoring can help detect unusual behavior and trigger alerts.
The Mongo operator was able to extract 9 figures from Mongo by manipulating the price oracle of the $MNGO token and then using the cross-trading platform’s capabilities to use the “valuable” $MNGO tokens and withdraw other crypto assets (such as stablecoins, USDC, USD, and $SOL) to use.
Mango Markets was a decentralized exchange (DEX) built on the Solana blockchain. Mango strived to be a one-stop shop for any trader looking for cash markets, standing futures and lending.
The attacker started the exploit by funding two wallets with $5,000,000 USDC. Wallet 1 was funded with 5 million USDC in this transfer and then wallet 2 was funded with 5 million USDC in this transfer.
The attacker then used one account to short $488 million of MNGO – effectively selling $488 million of MNGO on leverage – while the other account took the counterparty’s trade and used leverage to buy the same amount.
Leveraged buying of MNGO by hackers, along with more buying of MNGO on other DEXs, drove the price of MNGO up very quickly on spot exchanges. This was possible because MNGO was an undervalued asset without much trading volume.
The account used to buy MNGO immediately had a paper profit of almost $400 million as all the buying activity significantly increased the price of the asset.
With such a high portfolio value, the hacker was able to borrow against his artificially inflated MNGO holdings, wiping out almost all holdings in Mango Markets.
This activity caused the price of MNGO to drop immediately, so his long positions were liquidated as the collateral lost value, but it was too late – he had already “borrowed” all of Mango Market’s assets at any real value. .
Adding insult to injury, the attacker used the MNGO he still had after the exploit to propose and vote on a government proposal that would allow him to return the $10 million in cryptocurrency stolen in the attack. Keep the rest as “bug bounties”.
In response, the project team created its proposal on October 14. Under the proposal, the attacker would return up to $67 million and keep the remaining $47 million, essentially as a bug bounty.
The proposal also states that they “waive any potential claims against bad debt accounts and will not pursue any criminal investigation or freezing of funds after returning tokens as described above.” Mango tweeted on October 15 that $67 million in various crypto assets had been returned to the Dow.
One of the attackers came forward voluntarily and in a series of tweets announced himself as an exploiter, claiming that he was operating within the protocol and that it was a very profitable business strategy.
He also stated that the entire hacking method using the protocol as designed was a legitimate free market practice. Not everyone seemed to agree, as he was arrested and charged with market manipulation in the Southern District of New York.
Rodeo Finance recently suffered a similar hack where attackers mined around 479 ETH from the system worth approximately $888,000 and the RDO token price dropped from $0.2 to $0.08.