![\"Report:](\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2020\/11\/report-blockchain-price-oracle-manipulation-produces-millions-in-losses-shows-no-signs-of-slowing-768x432.jpg\")
<\/p>\n<\/p>\n
On November 9, a writer from the website samczsun.com published a report that shows a number of issues with price oracle manipulation stemming from a few blockchain applications. The researcher notes that price oracle manipulation has resulted in \u201cover $30 [million] in losses so far.\u201d<\/strong><\/p>\n According to the researcher from samczsun.com<\/a> there\u2019s been a substantial amount of price oracle manipulation in 2020. On Monday, he tweeted<\/a>: \u201cPrice oracle manipulation has resulted in over 30MM of losses so far and it shows no signs of slowing.\u201d The tweet was also retweeted by the ethereum.org Twitter handle\u2019s 500k followers. The tweet from @samczsun also leads to a blog post written on the researcher\u2019s web portal called: \u201cSo you want to use a price oracle.\u201d<\/p>\n In the article, he explains that during the end of 2019 he published a post called \u201cTaking undercollateralized loans for fun and for profit<\/a>\u201d and the post explained how he could attack ETH-based decentralized applications (dapps). The dapps he wrote about specifically rely on price oracle data for a number of crypto assets.<\/p>\n \u201cIt\u2019s currently late 2020 and unfortunately numerous projects have since made very similar mistakes,\u201d samczsun.com\u2019s post stresses. \u201cWith the most recent example being the Harvest Finance hack which resulted in a collective loss of 33MM USD for protocol users.\u201d<\/p>\n Basically an oracle is a protocol that can record both onchain and off-chain data and submits the data into a blockchain like Ethereum. These oracles are used in smart contracts, automated market makers<\/a> (AMM), trading platforms, and one of the popular ETH-based oracles is Chainlink. The report on vulnerabilities says that developers are aware of some of the issues tethered to oracles but \u201cprice oracle manipulation is clearly not something that is often considered.\u201d<\/p>\n The blog post adds:<\/p>\n Conversely, exploits based on reentrancy have fallen over the years while exploits based on price oracle manipulation are now on the rise. <\/strong><\/em><\/p>\n<\/blockquote>\n The blog post however isn\u2019t just criticisms and samczsun.com\u2019s editorial features an introduction to oracles, oracle manipulation, and how to mitigate against exploitation. Further, the post discusses six vulnerabilities that have taken place in the past.<\/p>\n For example, the post mentions undercollateralized loans<\/a>, the Synthetix sKRW oracle malfunction, the yVault bug, Synthetix MKR<\/a> manipulation<\/a>, the Harvest Finance hack, and the Bzx hack as well.<\/p>\n Samczsun.com\u2019s research also summarizes the Harvest Finance issues that took place on October 26, 2020.<\/p>\n \u201cThe attacker deflated the price of USDC in the Curve pool by performing a trade, entered the Harvest pool at the reduced price,\u201d the findings state. \u201c[The attacker] restored the price by reversing the earlier trade, and exited the Harvest pool at a higher price. This resulted in over 33MM USD of losses.\u201d<\/p>\n The report concludes that \u201cprice oracles are a critical, but often overlooked, component of defi security.\u201d The article highlights that there are plenty of ways that dapps can shoot themselves in the foot if they overlook some of these problems. \u201cReading price information during the middle of a transaction may be unsafe and could result in catastrophic financial damage,\u201d the research post says.<\/p>\n What do you think about the millions lost from blockchain-based price oracles so far? Let us know what you think in the comments section below.<\/strong><\/em><\/p>\n The post Report: Blockchain Price Oracle Manipulation Produces Millions in Losses, Shows No Signs of Slowing<\/a> appeared first on Bitcoin News<\/a>.<\/p>\n\n
![\"Report:](\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2020\/11\/image-29.png\" "\\"Report:")