Showing No Signs of Slowing the Blockchain Price Oracle Manipulation Produces Millions in Losses
Know the details of price oracle manipulation. Why is it going to lose millions? Get the answer here.
A Look Into The Blockchain Applications According To Samczsun.Com
On this occasion, it was found that the writer from the website samczsun.com had then published a report that shows a number of issues with price oracle manipulation stemming from a few blockchain applications on November 9. In over $30 million in losses so far, the researcher notes that price oracle manipulation has resulted.
There’s been a substantial amount of price oracle manipulation in 2020 according to the researcher from samczun.com. It shows no signs of slowing as price oracle manipulation has resulted in over 30MM of losses so far as he tweeted on Monday. By the Ethereum.org Twitter handle’s 500k followers the tweet was also retweeted. Leading to a blog post written on the researcher’s web portal called “so you want to use a price oracle”, was the tweet from @samczun.
The post explained how he could attack ETH-based decentralised applications (dapps), as in the article he explains that during the end of 2019 he published a post called “Taking undercollateralized loans for fun and profit. Specifically relying on price oracle data for a number of crypto assets were the dapps he wrote about.
What Do Researchers Have To Say About Price Oracle Manipulation?
Samczsun.com’s post stresses, it is currently late 2020 whereas unfortunately, numerous projects have since made very similar mistakes. Resulting in a collective loss of 33MM USD for protocol users, with the most recent example being the Harvest Finance hack.
Submitting the data into a blockchain like Ethereum, basically, an oracle is a protocol that can record both onchain and off-chain data. One of the popular ETH-based oracles is Chainlink as these oracles are used in smart contracts, automated market makers, trading platforms also. Price oracle manipulation is not something that is often considered as the report on vulnerabilities that says that developers are aware of some of the issues tethered to oracles.
Adding to this, the blog post says:
While exploits based on price oracle manipulation are now on the rise as converse exploits based on re-entrancy have fallen over the years.
When it doesn’t come about criticisms, and then samczsun.com’s editorial features are an introduction to oracles, oracle manipulation, and how to mitigate against exploitation when it comes to the blog post, however. The post discusses six vulnerabilities that have taken place in the past further.
The post then mentions undercollateralized loans, the Synthetix sKRW oracle malfunction, the yVault bug, Synthetix MKR manipulation, the Harvest Finance hack, and the Bzx hack as well for example.
The Harvest Finance Issues
Summarising the Harvest Finance issues that took place on October 26, 2020, was samczsun.com’s research.
The findings thereafter stated that entering the Harvest pool at the reduced price, the attacker deflated the price of USDC in the Curve pool by performing a trade. Exiting the Harvest pool at a higher price, the attacker restored the price by reversing the earlier trade. In over 33MM USD of losses, this resulted.
Often overlooked, the component of defi security the report concludes that price oracles are critical. If they overlook some of these problems, the article highlights that there are plenty of ways that dapps can shoot themselves in the foot. The research post then says it may be unsafe, and resulting in catastrophic financial damage would be reading price information during the middle of a transaction.
The Conclusion On What Happens To Blockchain Applications.
What then do you need to know about price oracle manipulation? It comes to be the hottest situation when it comes to the application of this concept and the Harvest Finance hack has added to the complications being researched by many. It comes to be the kind of hack often encountered by blockchain applications.
Finally, the losses that occurred in the case of price oracle manipulation are still not defined to find the major key features. Further on the process is nowhere near slowing down. So, this is why they help you get more from the case of the price oracle manipulation. Finding the best solution is still far away and the scenario is robust with what is set to happen for more of the hackers.
While research is on, we are sure there will be an answer to this kind of manipulation. It helps encounter the problem with a robust solution. Having seen the best and the worst, there still is more to be added to the discussion here. So now what do we offer you? Keep watching with fingers crossed. Adios amigos.