★ Oracle source = spot DEX pool (no TWAP)
A oracle & external dependencies factor in the v1.7.0 rubric. Measured per protocol on a s cadence.
Methodology how we score #
**What this measures** This factor checks whether a protocol sources price data by reading spot price directly from a single DEX pool without a time-weighted average price (TWAP) or secondary fallback. Source inspection and on-chain reads confirm the oracle architecture per asset.
**Why it matters** Spot DEX pool prices can be moved within a single transaction using a flash loan, creating price distortions that are unwound before the block closes but leave the oracle record permanently exploited. OpenZeppelin's oracle security guidance notes that prices from live pool reserves could be trivially manipulated, enabling collateral inflation or forced liquidation in the same block. The hack database identifies this as the single largest exploit class by count — 18 protocols linked to spot-oracle vulnerabilities producing over $350M in losses. The synthesis dataset (Cluster O) documents this as a recurring, structurally unsolved pattern across the entire 2020-2025 period.
**Green / Yellow / Red** Green is scored when the protocol uses a reputable aggregated feed (Chainlink, Pyth, Redstone) or a DEX TWAP of at least 30 minutes with a documented fallback. Yellow is scored when a TWAP is in use but the window is under 30 minutes or fallback is unconfirmed. Red is scored when the protocol reads spot price from a single pool with no TWAP and no fallback.
**Common gray cases** Gray is applied when oracle architecture documentation is absent and source inspection is inconclusive, or when no assets requiring collateral pricing have been listed.
**Notable historical examples** - **Mango Markets** ($115M, 2022): MNGO spot price pumped 30x; unrealized PnL used as collateral drained all borrow liquidity. - **Harvest Finance** ($33.8M, 2020): Curve Y-pool spot price manipulated via flash swap; fToken share pricing followed the deviation. - **Inverse Finance** ($15.6M, 2022): INV/WETH pool with approximately $1M liquidity moved 50x with 500 ETH; spot price fed directly to lending collateral.
**★ Critical factor** This factor alone is sufficient to trigger a D or F grade under rubric v1.7.0. A spot DEX pool oracle with no TWAP is a structurally unmitigated flash-loan attack surface that has produced the largest aggregate losses across the dataset.
Measurement what to look for #
Determine whether the primary oracle for any asset/market reads spot price from a single DEX pool without a TWAP window or secondary source.
Data & output #
Data source
Source inspection of oracle call on Etherscan-verified source: check for `slot0()` or `getReserves()` call vs `consult()`/`observe()` TWAP pattern
Output format
Green / Yellow / Red
· critical gate active
Evidence artifact
Source excerpt of oracle call + oracle contract address + TWAP presence flag
Confidence signal
green = all oracles use TWAP ≥30 min or push-oracle (Chainlink/Pyth); yellow = TWAP <30 min or secondary source without primary; red = any asset uses raw spot DEX price with no TWAP; gray = source unverified
Scored protocols 80 carry this factor #
Protocol RD-F-053
Aave v3 ethereum green Across Protocol ethereum green Aerodrome Finance base green Axelar Network ethereum green Babylon Protocol bitcoin not_applicable Balancer (v2 + v3) ethereum green Beefy Finance ethereum yellow BENQI avalanche yellow BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum green Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum green Chainlink CCIP ethereum green Circle USYC binance green Compound V3 (Comet) ethereum green Concrete ethereum green Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum yellow Curve Finance ethereum green deBridge ethereum green Dolomite ethereum yellow dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum green Ethena ethereum green ether.fi ethereum green Euler V2 ethereum yellow Falcon Finance ethereum green Fluid ethereum green Frax Finance ethereum green GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum green Hyperliquid arbitrum gray Jito solana green Jupiter solana green Jupiter Perpetual Exchange solana green JustLend DAO tron green Kamino Lend solana green Kinetiq hyperliquid green Lido ethereum green Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum green Maple Finance ethereum green Marinade Finance solana green Meteora solana green mETH Protocol ethereum green Midas ethereum green Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum yellow Ondo Finance ethereum green OpenEden ethereum green Orca solana green PancakeSwap bsc green Pendle Finance ethereum green Polymarket polygon not_applicable QuickSwap polygon green Raydium solana green Rocket Pool ethereum green Sanctum solana green Save (formerly Solend) solana yellow Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar green Stake DAO ethereum green StakeWise v3 ethereum green Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid green SUNSwap (sun.io) tron green Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum yellow Symbiotic ethereum not_applicable Synapse Protocol ethereum green Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron green Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum green Venus Protocol bsc yellow Wormhole ethereum gray Yearn Finance ethereum green Linked hacks 17 historical incidents #
Aave V3 — CAPO (Correlated Asset Price Oracle) misconfigured price feed for a freshly-listed correlated asset → mispriced collateral → cascade of involuntary liquidations2026-03-12 · $862K · CAPO (Correlated Asset Price Oracle) misconfigured price feed for a freshly-listed correlated asset → mispriced collateral → cascade of involuntary liquidations · Single CAPO feed without parallel-source cross-check enabled the misconfiguration to propagate undetected
causalMakina Finance — Permissionless share price oracle update (updateTotalAum) + flash loan Curve pool manipulation → share price inflation → LP drain2026-01-20 · $4M · Permissionless share price oracle update (updateTotalAum) + flash loan Curve pool manipulation → share price inflation → LP drain · ★ Oracle source = spot DEX pool (no TWAP, no fallback) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
causalPolter Finance — Spot price oracle manipulation (SpookySwap V2/V3) → inflated BOO collateral → draining borrow2024-11-16 · $9M · Spot price oracle manipulation (SpookySwap V2/V3) → inflated BOO collateral → draining borrow · ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — BOO spot price in SpookySwap would show extreme anomaly during the drain-and-borrow window] || ★ Oracle source = spot DEX pool (no TWAP, no fallback) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering] || ★ Oracle source = spot DEX pool [via cross-hack: Factor 25: Single-Source TWAP Oracle From Low-Liquidity Pool Used as Lending Collateral]
causaldYdX v3 — Market Manipulation (Low-Liquidity Token — YFI Long + Spot Dump)2023-11-20 · $9M · Market Manipulation (Low-Liquidity Token — YFI Long + Spot Dump) · ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — YFI spot price crashed 40% in a manipulated move; the oracle used for liquidation pricing reflected the manipulated spot price]
causalDeus DAO / DEI stablecoin — Mis-ordered Parameters in burnFrom — Public Approval Override2023-05-06 · $7M · Mis-ordered Parameters in burnFrom — Public Approval Override · ★ Oracle source = spot DEX pool (no TWAP, no fallback) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
causaldForce Network — Read-Only Reentrancy (Curve wstETH/ETH LP Oracle Manipulation)2023-02-13 · $4M · Read-Only Reentrancy (Curve wstETH/ETH LP Oracle Manipulation) · ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — virtual price spike during reentrancy window is detectable post-hoc; the `get_virtual_price` manipulation is the core exploitable signal]
causalMango Markets — Self-funded MNGO spot price pump using two accounts → inflated unrealized collateral → lending pool drain2022-10-11 · $115M · Self-funded MNGO spot price pump using two accounts → inflated unrealized collateral → lending pool drain · ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly (Y/N): Y — MNGO spot price pump to $0.91 was extreme and detectable] || ★ Oracle source = spot DEX pool [via cross-hack: Factor 25: Single-Source TWAP Oracle From Low-Liquidity Pool Used as Lending Collateral]
causalElephant Money — Flash loan + spot price manipulation during stablecoin minting2022-04-12 · $22M · Flash loan + spot price manipulation during stablecoin minting · ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — ELEPHANT price spiked anomalously during minting cycle; spot price used as oracle was directly manipulable] || ★ Oracle source = spot DEX pool (no TWAP, no fallback) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
causalInverse Finance — SushiSwap TWAP Oracle Manipulation — Thin Liquidity Governance Token2022-04-02 · $16M · SushiSwap TWAP Oracle Manipulation — Thin Liquidity Governance Token · ★ Oracle source = spot DEX pool (no TWAP, no fallback) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering] || ★ Oracle source = spot DEX pool [via cross-hack: Factor 25: Single-Source TWAP Oracle From Low-Liquidity Pool Used as Lending Collateral]
causalMonoX — Native token self-swap price inflation — tokenIn/tokenOut identity bypass2021-11-30 · $31M · Native token self-swap price inflation — tokenIn/tokenOut identity bypass · ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — spot price of MONO within the pool's own price oracle would have appeared to spike anomalously mid-attack]
causalVee Finance — Pangolin spot price oracle manipulation via custom trading pairs + decimal handling bug2021-09-21 · $34M · Pangolin spot price oracle manipulation via custom trading pairs + decimal handling bug · ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — Pangolin spot prices manipulated via newly created low-liquidity pairs; observable if monitoring oracle price vs reference]
causalxToken Market — Flash loan + SNX/BNT price manipulation → xSNX/xBNT share price inflation → drain2021-05-12 · $24M · Flash loan + SNX/BNT price manipulation → xSNX/xBNT share price inflation → drain · ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — xSNXa/xBNTa price divergence from manipulated underlying spot prices; Uniswap V2 SNX price cratered during attack]
causalSpartan Protocol — Flash loan + inflated pool balance → LP burn liquidity share manipulation2021-05-01 · $31M · Flash loan + inflated pool balance → LP burn liquidity share manipulation · ★ Oracle source = spot DEX pool (no TWAP, no fallback) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
causalWarp Finance — Flash loan + Uniswap V2 LP token spot oracle manipulation → inflated collateral → over-borrow drain2020-12-17 · $8M · Flash loan + Uniswap V2 LP token spot oracle manipulation → inflated collateral → over-borrow drain · ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — Uniswap V2 WETH-DAI LP spot price doubled mid-transaction; observable if monitoring oracle price deviation]
causalValue DeFi — Flash loan + Curve spot price oracle manipulation → inflated collateral → over-borrow drain2020-11-14 · $7M · Flash loan + Curve spot price oracle manipulation → inflated collateral → over-borrow drain · ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — Curve spot price doubled during attack; observable if monitored]
causalCheese Bank — Flash loan + Uniswap LP spot oracle manipulation → inflated collateral value → drain via borrow()2020-11-06 · $3M · Flash loan + Uniswap LP spot oracle manipulation → inflated collateral value → drain via borrow() · ★ Oracle source = spot DEX pool (no TWAP, no fallback) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
causalHarvest Finance — Flash loan + Curve Y-pool spot price manipulation → inflated fToken share valuation → vault drain2020-10-26 · $34M · Flash loan + Curve Y-pool spot price manipulation → inflated fToken share valuation → vault drain · ★ Oracle source = spot DEX pool (no TWAP, no fallback) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
rubric_version v1.7.0 factor RD-F-053 category 3 carried 80 critical yes