Oracle Manipulation

Oracle exploits rarely break cryptography — they exploit economics. An attacker borrows heavily, moves a thin market, triggers a mispriced on-chain read, and extracts value from a lending pool or vault before prices revert. Flash loans removed the capital requirement for many of these sequences.

TWAP oracles smooth over time but lag fast crashes — useful against manipulation, dangerous during real deleveraging events. Multi-source aggregation helps but does not help if every source is the same illiquid DEX pair wearing different labels.

Mitigations include circuit breakers, maximum deviation checks, secondary feeds, pausing borrows when updates stall, and never using spot reserves alone for high-stakes liquidation math. Assume attackers simulate your exact contract calls in the same block.