Oracle attacks and manipulations is one of the most sophisticated vulnerabilities in DeFi protocols, as oracles provide external data to the blockchain (price feeds) to allow smart contracts to execute correctly. Oracle attacks occur when an attacker manipulates prices or data provided to smart contracts, causing them to make incorrect decisions. What are the benefits? Liquidating positions (buying assets at a discount), altering loans, artificial arbitrage or influencing swaps on an AMM.

We can basically divide oracles into 2 large categories:
-Native oracles use data taken directly from the blockchain, such as token prices in liquidity pools on DEXs like Uniswap. They are very vulnerable to market manipulation on single platforms.
-Off-chain oracles aggregate data from external sources (centralized exchanges, multiple sources) and report it to the blockchain via a system of decentralized feeds, such as Chainlink. They are more secure, but can have latencies.

ON-CHAIN ​​ORACLE MANIPULATION
DEX-based oracles, such as those that use price data from Uniswap or Sushiswap, are vulnerable because prices in these AMM are determined by reserves in liquidity pools. These pools can be easily manipulated if they have low liquidity or if an attacker has access to large amounts of capital.
For example, an attacker borrows a large amount of tokens (ETH or USDC) via a flash loan and uses these funds to buy or sell large amounts of an asset (e.g., a memecoin called X token) on a DEX like Sushiswap. This causes a significant change in the price of the asset, as the DEX recalculates the price based on the new distribution of reserves in the pool.
If the attacker buys X tokens in large quantities, they will significantly increase the price of the token. If a lending protocol uses the manipulated DEX oracle to determine the price of X token, the attacker can now exploit the falsified price.
If the price of Token X has been artificially inflated, the attacker can use it as collateral to borrow more funds than they should receive. If the price has been lowered, the attacker could cause smart contracts to liquidate other users' positions, buying their assets at a discount. After realizing the profit by exploiting the manipulated oracle, the attacker returns the flash loan, keeping the net profit. The DEX oracle signals this new price to the DeFi protocol. Imagine for example that X token doubles in price so it can be taken as collateral by borrowing higher-valued assets. The attacker deposits X as collateral in the lending protocol (which values ​​it at $2 instead of $1), receiving an inflated loan in return (almost double what they should have received). The attacker then sells the X tokens at the normal price on another exchange and returns the flash loan, collecting the difference.

OFF CHAIN ​​ORACLE MANIPULATION
Off-chain oracles aggregate data from external sources (Coinbase, Binance, Kraken, Bybit, OKX, CoinMarketCap, CoinGecko, etc.) to provide an average price. Decentralized oracles like Chainlink use a network of nodes that transmit data to the blockchain. While they are more secure than on-chain oracles, they can be vulnerable to manipulation if a significant portion of the nodes are compromised.
In a decentralized oracle, if an attacker can corrupt enough nodes (called reporters), they can falsify the price provided by the oracle. Even if the nodes are not compromised, the attacker could manipulate the price of the asset on the centralized exchanges from which the nodes pull data. For example, they can trade in huge volumes on small exchanges or markets with low liquidity to temporarily alter prices.

If the oracle aggregates data from exchanges with low liquidity, an attacker could place bulk orders on these exchanges to manipulate the reported prices. Once the price is manipulated, the decentralized oracle broadcasts it to the blockchain, causing smart contracts to act incorrectly.

The attacker could then:
-liquidate other users' positions
-obtain excessive loans based on overvalued collateral
-buy assets at inflated or undervalued prices, taking advantage of the manipulation.
-arbitrage (if oracles have synchronization delays, an attacker could use the difference between the current and the outdated price to perform arbitrage)

SYBIL ATTACK ON DECENTRALIZED ORACULES
A Sybil attack occurs when an attacker creates multiple false identities in a decentralized system to gain control.
The attacker creates multiple Sybil nodes in a decentralized oracle, each of which provides price data. If the oracle accepts data without proper reliability checks (for example, by assigning equal weight to all nodes), the attacker can send falsified price data through its Sybil nodes. Smart contracts using this altered price data will make decisions based on incorrect information, such as liquidating positions or approving the wrong loans.

HOW DO ORACLES PROTECT THEMSELVES?
Very advanced oracles like Chainlink use advanced security mechanisms, including diversification of data sources, to make manipulation more difficult. By aggregating data from multiple sources with a large network of nodes, it is much harder for an attacker to manipulate the price. Some oracles use time-weighted average (TWAP) to prevent temporary manipulation. Instead of using the current price, it is averaged over a period (for example, 30 minutes), reducing the effect of short artificial fluctuations.
Additionally, instead of using only prices from a single DEX or exchange, protocols can aggregate data from many sources, including centralized and decentralized exchanges, reducing the possibility of manipulation on a single platform.

Are you interested in ways to earn crypto bonus? Check it out here: Some Sites To Earn Crypto Bonus (Old & New)