defirisk.co
rubric v1.7.0

Oracle price deviation >X% from secondary

A real-time signals factor in the v1.7.0 rubric. Measured per protocol on a rt cadence.

Methodology how we score #

**What this measures** This real-time signal fires when the price reported by the protocol's primary oracle deviates from the best available secondary source (a redundant feed, a DEX subgraph, or a centralized reference price) by more than a configurable threshold. The deviation threshold is calibrated per asset class — stablecoins have a tighter threshold (default 1%) than volatile assets (default 5%). The signal is generated by continuous comparison of primary oracle output against secondary price references. Category 6 context: oracle price deviation is the most direct real-time indicator of an ongoing oracle manipulation attack.

**Why it matters** Oracle manipulation is the third-largest exploit class in the dataset by dollar volume, responsible for over $120M in losses across six protocols. Inverse Finance ($15.6M, 2022) showed a 50x price spike on the oracle immediately visible on-chain — a textbook exploit-in-progress signal. BonqDAO ($120M, 2023) reported WALBT at an astronomical price via its oracle, detectable instantly against any reference. Mango Markets ($115M, 2022) showed MNGO spot pumping 30x. Drift Protocol ($285M, 2026) used an attacker-deployed CVT oracle not sourced from any recognized provider — detectable by cross-referencing against known-canonical feeds. A secondary-reference comparison catches all of these.

**Green / Yellow / Red** Green is the baseline when all primary oracle prices are within the calibrated deviation band from secondary sources across all monitored assets. Yellow fires when a deviation exceeds the threshold for one asset but the secondary source itself shows elevated volatility — possible legitimate price movement. Red fires when a primary oracle price deviates from all available secondary references by more than the threshold, particularly if the deviation is accompanied by abnormally large borrowing activity against the asset.

**Common gray cases** Gray applies when no reliable secondary price source is available for a specific asset (e.g., a newly launched token with thin liquidity across all venues), or when the protocol's oracle intentionally diverges from spot prices during a TWAP window.

**Notable historical examples** - **Drift Protocol** ($285M, 2026): Attacker-deployed CVT oracle not matching any recognized provider; detectable as non-canonical. - **Cetus Protocol** ($223M, 2025): Token prices crashed 75-80% on Sui during exploit; oracle feeds from Cetus pools showed immediate anomaly. - **BonqDAO** ($120M, 2023): WALBT oracle price at astronomical value; instantly detectable against any reference. - **Mango Markets** ($115M, 2022): MNGO spot price pump 30x; extreme and detectable. - **Harvest Finance** ($33.8M, 2020): Curve Y-pool USDC/USDT ratio visibly distorted on every manipulation cycle.

Measurement what to look for #

Detect whether the primary oracle's reported price deviates >X% from the best available secondary source (another feed or venue).

Data & output #

Data source
On-chain primary oracle price read + Chainlink/Pyth/DEX secondary price comparison
Output format
Green / Yellow / Red
Evidence artifact
Primary oracle price + secondary source price + deviation % + timestamp
Confidence signal
green = signal not firing; yellow = deviation 5–10%; red = deviation >10%; gray = secondary oracle reference not configured

Scored protocols 80 carry this factor #

Protocol RD-F-099
Aave v3 ethereum green Across Protocol ethereum gray Aerodrome Finance base not_applicable Axelar Network ethereum not_applicable Babylon Protocol bitcoin not_applicable Balancer (v2 + v3) ethereum green Beefy Finance ethereum green BENQI avalanche gray BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum gray Centrifuge ethereum yellow Chainlink CCIP ethereum not_applicable Circle USYC binance gray Compound V3 (Comet) ethereum gray Concrete ethereum gray Convex Finance ethereum yellow crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum not_applicable deBridge ethereum gray Dolomite ethereum yellow dYdX v4 (dYdX Chain) dydx gray EigenLayer ethereum not_applicable Ethena ethereum green ether.fi ethereum green Euler V2 ethereum not_assessed Falcon Finance ethereum green Fluid ethereum yellow Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum yellow Hyperlane ethereum green Hyperliquid arbitrum gray Jito solana green Jupiter solana green Jupiter Perpetual Exchange solana green JustLend DAO tron gray Kamino Lend solana green Kinetiq hyperliquid gray Lido ethereum yellow Liquid Collective (LsETH) ethereum gray Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum not_applicable Maple Finance ethereum green Marinade Finance solana not_applicable Meteora solana not_applicable mETH Protocol ethereum gray Midas ethereum gray Morpho V1 (Morpho Blue + MetaMorpho) ethereum yellow Multipli ethereum green Ondo Finance ethereum gray OpenEden ethereum yellow Orca solana not_applicable PancakeSwap bsc green Pendle Finance ethereum green Polymarket polygon not_assessed QuickSwap polygon not_applicable Raydium solana not_applicable Rocket Pool ethereum green Sanctum solana not_applicable Save (formerly Solend) solana gray Sky Lending (formerly MakerDAO) ethereum gray Spark Protocol ethereum gray Spiko stellar not_applicable Stake DAO ethereum green StakeWise v3 ethereum green Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid not_applicable SUNSwap (sun.io) tron not_applicable Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum not_applicable Synapse Protocol ethereum not_applicable Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron gray Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum gray Venus Protocol bsc yellow Wormhole ethereum green Yearn Finance ethereum green
0 red · 9 yellow · 27 green

Linked hacks 64 historical incidents #

illustrativeRhea Finance (merged entity of Ref Finance DEX + Burrow Finance lending; launched February 2025) — Permissionless fake-token pool creation → spot-price oracle acceptance → margin-trading `min_amount_out` double-counting across sequential swaps2026-04-16 · $18M · Permissionless fake-token pool creation → spot-price oracle acceptance → margin-trading `min_amount_out` double-counting across sequential swaps · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — price history for fake tokens was entirely self-generated from attacker wash trades; any oracle with a liquidity threshold or token-age ...]
illustrativeSilo Finance (V2, soUSDC managed vault on Arbitrum) — Immutable hardcoded wstUSR oracle (pricing depegged asset ~10x reality) + supply-cap bypass via `receiver` parameter + `totalAssets()` summing externally-donated shares2026-04-03 · $392K · Immutable hardcoded wstUSR oracle (pricing depegged asset ~10x reality) + supply-cap bypass via `receiver` parameter + `totalAssets()` summing externally-donated shares · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — ~9.4x mispricing (oracle $1.13 vs market $0.12) for ~12 days]
illustrativeDrift Protocol (Solana perpetual futures DEX) — Multi-month social engineering + Solana durable-nonce pre-signing + fake-collateral-token / attacker-controlled oracle2026-04-01 · $285M · Multi-month social engineering + Solana durable-nonce pre-signing + fake-collateral-token / attacker-controlled oracle · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — attacker-deployed CVT oracle (not a recognized oracle provider); price feed detectably non-canonical]
illustrativeVenus Protocol — Donation Attack → Supply Cap Bypass → Collateral Inflation → Recursive Borrow Loop2026-03-15 · $4M · Donation Attack → Supply Cap Bypass → Collateral Inflation → Recursive Borrow Loop · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — BoundValidator resisted manipulated THE price for 37 minutes before capitulating; price spike was visible on-chain]
illustrativeYieldBlox / Script3 (Blend V2 community-managed pool) — Illiquid collateral oracle manipulation — single USTRY/USDC trade pumped price 100x → inflated collateral → undercollateralized borrow drain2026-02-22 · $11M · Illiquid collateral oracle manipulation — single USTRY/USDC trade pumped price 100x → inflated collateral → undercollateralized borrow drain · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — 100x price spike on USTRY with zero competing volume; Reflector reported $106.74 on a ~$1.06 asset; Oracle Adapter passed it without med...]
illustrativeMoonwell — Oracle Misconfiguration (Missing ETH/USD Multiplier)2026-02-15 · $2M · Oracle Misconfiguration (Missing ETH/USD Multiplier) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — cbETH price dropped from ~$2,200 to $1.12 immediately on oracle activation]
illustrativeMakina Finance — Permissionless share price oracle update (updateTotalAum) + flash loan Curve pool manipulation → share price inflation → LP drain2026-01-20 · $4M · Permissionless share price oracle update (updateTotalAum) + flash loan Curve pool manipulation → share price inflation → LP drain · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — extreme share price spike during flash loan manipulation would be detectable via oracle monitoring]
illustrativeAevo (formerly Ribbon Finance) — Proxy upgrade removed oracle access control — oracle price settable to arbitrary value → vault fully drained in atomic loop2025-12-12 · $3M · Proxy upgrade removed oracle access control — oracle price settable to arbitrary value → vault fully drained in atomic loop · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — oracle access control silently removed; price became settable by anyone]
illustrativeNew Gold Protocol (NGP) — Flash loan + spot price oracle manipulation + broken transfer logic (dead address bypass of buy limits)2025-09-17 · $2M · Flash loan + spot price oracle manipulation + broken transfer logic (dead address bypass of buy limits) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — PancakeSwap pool reserves manipulated to produce false price]
illustrativeOdin.Fun — AMM Liquidity Manipulation (Governance Token Price Pump + Drain)2025-08-12 · $7M · AMM Liquidity Manipulation (Governance Token Price Pump + Drain) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — AMM price manipulation of SATOSHI token]
illustrativeGMX V1 — Cross-Contract Reentrancy via Order-Keeper Callback2025-07-09 · Cross-Contract Reentrancy via Order-Keeper Callback · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — GLP price spiked from $1.45 to $27+ (18x); BTC globalShortAveragePrice collapsed 98% within transaction]
illustrativeResupplyFi — ERC4626 Donation Attack (Vault Inflation / Zero Exchange Rate)2025-06-25 · $10M · ERC4626 Donation Attack (Vault Inflation / Zero Exchange Rate) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — oracle reported astronomically inflated price for newly donated vault; any oracle sanity check would have flagged price as unrealistic]
illustrativeCetus Protocol — Integer Overflow / Division-by-Near-Zero in Concentrated Liquidity Math2025-05-22 · $223M · Integer Overflow / Division-by-Near-Zero in Concentrated Liquidity Math · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N + detail): YES** — Token prices crashed 75–80% on Sui during the exploit. Meme coins died first. Price oracle feeds from Cetus pools would have shown i...]
illustrativeLoopscale (formerly Bridgesplit) — Oracle Price Manipulation (RateX PT Token Pricing)2025-04-26 · $6M · Oracle Price Manipulation (RateX PT Token Pricing) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — PT token reported price vs. RateX market price divergence detectable]
illustrativeKiloEx — Missing signature verification in MinimalForwarder → unvalidated oracle price update → multi-chain drain2025-04-14 · $7M · Missing signature verification in MinimalForwarder → unvalidated oracle price update → multi-chain drain · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — extreme ETH price swings ($100 to $10,000) on-chain during attack; detectable if monitoring oracle price feeds]
illustrativePolter Finance — Spot price oracle manipulation (SpookySwap V2/V3) → inflated BOO collateral → draining borrow2024-11-16 · $9M · Spot price oracle manipulation (SpookySwap V2/V3) → inflated BOO collateral → draining borrow · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — BOO spot price in SpookySwap would show extreme anomaly during the drain-and-borrow window]
illustrativeBedrock (uniBTC vault) — Unregistered NATIVE_BTC in SigmaSupplier → disabled supply cap → ETH-to-BTC 1:1 minting (infinite mint)2024-09-25 · $2M · Unregistered NATIVE_BTC in SigmaSupplier → disabled supply cap → ETH-to-BTC 1:1 minting (infinite mint) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — uniBTC price crashed on multiple pairs (detectable post-facto)]
illustrativeBanana Gun — Telegram Message Oracle Vulnerability2024-09-19 · $3M · Telegram Message Oracle Vulnerability · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — the Telegram message oracle itself was the attack surface]
illustrativeRho Market — Oracle misconfiguration (deployment error) → MEV bot price manipulation → USDC/USDT drain2024-07-19 · Oracle misconfiguration (deployment error) → MEV bot price manipulation → USDC/USDT drain · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — explicit oracle misconfiguration; price feeds returned incorrect values for collateral pricing]
illustrativeWooFi (WooPPV2) — Flash loan → WOO oracle price manipulation → pool swap drain2024-03-05 · $9M · Flash loan → WOO oracle price manipulation → pool swap drain · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — WOO price was manipulated to extreme levels within the sPMM system; a price deviation monitor against Chainlink would have flagged this ...]
illustrativeGamma Strategies — Flash Loan — LP Token Price Manipulation (Price Threshold Bypass)2024-01-04 · $5M · Flash Loan — LP Token Price Manipulation (Price Threshold Bypass) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — LP token price manipulation via flash loan is detectable as an anomalous price spike within the vault's price feed during the attack]
illustrativeLevana Protocol — Oracle Price Delta Manipulation (Timing + Network Congestion)2023-12-13 · $1M · Oracle Price Delta Manipulation (Timing + Network Congestion) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — oracle update lag windows exploited; detectable in retrospect]
illustrativeKyberSwap Elastic — Tick Manipulation + Double Liquidity Counting — Precision Arithmetic Edge Case2023-11-22 · $48M · Tick Manipulation + Double Liquidity Counting — Precision Arithmetic Edge Case · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — pool prices pushed into empty liquidity zones; abnormal swap states]
illustrativedYdX v3 — Market Manipulation (Low-Liquidity Token — YFI Long + Spot Dump)2023-11-20 · $9M · Market Manipulation (Low-Liquidity Token — YFI Long + Spot Dump) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — YFI spot price crashed 40% in a manipulated move; the oracle used for liquidation pricing reflected the manipulated spot price]
illustrativeZunami Protocol — Flash loan + SDT token swap → totalHoldings price calculation manipulation → zETH/UZD LP price manipulation → drain2023-08-13 · $2M · Flash loan + SDT token swap → totalHoldings price calculation manipulation → zETH/UZD LP price manipulation → drain · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — zStable LP prices distorted via totalHoldings() manipulation; 85% and 99% depeg visible]
illustrativeEraLend (formerly Nexon Finance) — Read-Only Reentrancy (SyncSwap LP Callback — Stale Reserves Oracle)2023-07-25 · $3M · Read-Only Reentrancy (SyncSwap LP Callback — Stale Reserves Oracle) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — LP token price spike during reentrancy window detectable in real time if oracle price is monitored against reference]
illustrativeConic Finance — Read-only reentrancy in CurveLPOracleV2 (ETH/WETH mismatch bypassed reentrancy guard) + sandwich attack on imbalanced pool2023-07-21 · $4M · Read-only reentrancy in CurveLPOracleV2 (ETH/WETH mismatch bypassed reentrancy guard) + sandwich attack on imbalanced pool · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — rETH Curve LP token price manipulation is detectable as an oracle anomaly]
illustrativeSturdy Finance — Read-only reentrancy on Balancer LP (B-stETH-STABLE) → manipulated collateral price → undercollateralized borrow drain2023-06-12 · $800K · Read-only reentrancy on Balancer LP (B-stETH-STABLE) → manipulated collateral price → undercollateralized borrow drain · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — SturdyOracle returned an inflated collateral price during the Balancer callback window; detectable as a price divergence from the true B...]
illustrativedForce Network — Read-Only Reentrancy (Curve wstETH/ETH LP Oracle Manipulation)2023-02-13 · $4M · Read-Only Reentrancy (Curve wstETH/ETH LP Oracle Manipulation) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — virtual price spike during reentrancy window is detectable post-hoc; the `get_virtual_price` manipulation is the core exploitable signal]
illustrativeBonqDAO — Oracle Manipulation (Tellor Price Feed — Instant Value)2023-02-01 · $120M · Oracle Manipulation (Tellor Price Feed — Instant Value) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — WALBT oracle price reported at an astronomical value; detectable instantly]
illustrativeMidas Capital — Read-only reentrancy on Curve LP token virtual price — inflated collateral valuation2023-01-15 · $660K · Read-only reentrancy on Curve LP token virtual price — inflated collateral valuation · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — virtual_price() returned inflated value during reentrant window]
illustrativeLodestar Finance — Oracle Price Manipulation (LP Token Donation)2022-12-10 · $7M · Oracle Price Manipulation (LP Token Donation) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — GLPOracle price inflation detectable via `donate()` call monitoring]
illustrativeAnkr (aBNBc) + Helio Money (HAY stablecoin) — Deployer private key compromise → malicious aBNBc contract upgrade → permissionless infinite mint → PancakeSwap pool drain + Helio collateral collapse2022-12-02 · $5M · Deployer private key compromise → malicious aBNBc contract upgrade → permissionless infinite mint → PancakeSwap pool drain + Helio collateral collapse · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — aBNBc price crashed; Helio's oracle failed to update fast enough (secondary exploit)]
illustrativeMoola Markets — Price Manipulation (Native Token Collateral)2022-10-19 · $8M · Price Manipulation (Native Token Collateral) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — MOO price oracle reflected manipulated DEX price]
illustrativeMango Markets — Self-funded MNGO spot price pump using two accounts → inflated unrealized collateral → lending pool drain2022-10-11 · $115M · Self-funded MNGO spot price pump using two accounts → inflated unrealized collateral → lending pool drain · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — MNGO spot price pump to $0.91 was extreme and detectable]
illustrativeSovryn — External call reentrancy via callTokensToSend — token price inflation via mid-transaction mint → overclaim via burn2022-10-04 · $1M · External call reentrancy via callTokensToSend — token price inflation via mid-transaction mint → overclaim via burn · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y (internal) — the tokenPrice calculation relied on in-flight state that hadn't been committed; the price diverged from true value mid-trans...]
illustrativeNirvana Finance — Flash Loan + AMM Price Manipulation (Treasury Drain)2022-07-28 · $4M · Flash Loan + AMM Price Manipulation (Treasury Drain) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — ANA price manipulation via flash loan]
illustrativeCrema Finance — Faulty Account Owner Validation — Fake Tick Account Injection2022-07-04 · $9M · Faulty Account Owner Validation — Fake Tick Account Injection · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — tick account data (price data used for fee calculation) was fabricated; a monitoring system comparing tick account owner validity agains...]
illustrativeInverse Finance — Oracle Price Manipulation (Flash Loan)2022-06-16 · $6M · Oracle Price Manipulation (Flash Loan) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — massive pool balance distortion detectable on Curve]
illustrativeMirror Protocol (REKT 2) — Missing Duplicate-Call Check (Re-entrancy variant)2022-05-31 · $92M · Missing Duplicate-Call Check (Re-entrancy variant) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y (Exploit 2 only — LUNA depeg oracle inconsistency)]
illustrativeVenus Protocol + Blizz Finance (two protocols, one event) — Oracle Min-Price Floor Exploit (Stale Price Feed During Depeg)2022-05-12 · $14M · Oracle Min-Price Floor Exploit (Stale Price Feed During Depeg) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — this IS the exploit; oracle price diverging massively from market price is the core signal]
illustrativeFortress Protocol (lending arm of JetFuel Finance) — Oracle Manipulation + Malicious Governance Proposal2022-05-09 · $3M · Oracle Manipulation + Malicious Governance Proposal · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — publicly callable oracle submit() means any price submission is a potential manipulation; FTS price spike at time of exploit is detectab...]
illustrativeSaddle Finance — Flash Loan + LP Token Price Manipulation (Old MetaSwapUtils Library)2022-05-01 · $11M · Flash Loan + LP Token Price Manipulation (Old MetaSwapUtils Library) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — LP token price manipulation detectable as price deviation from VirtualPrice baseline]
illustrativeDeus DAO — Dual oracle manipulation — VWAP oracle pre-poisoned via flash swap, then on-chain AMM oracle manipulated via flash loan — to inflate DEI collateral value and borrow far beyond real collateral worth2022-04-28 · $13M · Dual oracle manipulation — VWAP oracle pre-poisoned via flash swap, then on-chain AMM oracle manipulated via flash loan — to inflate DEI collateral value and borrow far beyond real collateral worth · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: YES** — the pre-poisoning transaction creates an anomalous USDC/DEI price movement on Solidly; a monitor watching for large sudden DEI price...]
illustrativeElephant Money — Flash loan + spot price manipulation during stablecoin minting2022-04-12 · $22M · Flash loan + spot price manipulation during stablecoin minting · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — ELEPHANT price spiked anomalously during minting cycle; spot price used as oracle was directly manipulable]
illustrativeInverse Finance — SushiSwap TWAP Oracle Manipulation — Thin Liquidity Governance Token2022-04-02 · $16M · SushiSwap TWAP Oracle Manipulation — Thin Liquidity Governance Token · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — INV price spiked 50x on SushiSwap; visible on-chain immediately]
illustrativeDeus DAO (1st incident) — Flash loan → spot price manipulation of Solidex USDC/DEI AMM pool (used as oracle) → user positions liquidated2022-03-15 · $3M · Flash loan → spot price manipulation of Solidex USDC/DEI AMM pool (used as oracle) → user positions liquidated · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — the sAMM-USDC/DEI pool price was severely distorted mid-transaction; detectable as a sharp oracle deviation]
illustrativeDeus DAO (DEI lending contract) — Flash loan oracle manipulation via Solidly AMM pool → user position liquidation2022-03-15 · $3M · Flash loan oracle manipulation via Solidly AMM pool → user position liquidation · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — oracle price manipulated during the flash loan; detectable as a price spike/crash]
illustrativeMeter (Passport Bridge) — Deposit method calldata bypass — unwrapped native token assumption not enforced in secondary deposit path2022-02-05 · $8M · Deposit method calldata bypass — unwrapped native token assumption not enforced in secondary deposit path · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y (indirect) — Hundred Finance collateral damage enabled because Chainlink oracle price diverged from local manipulated BNB.bsc price on Moo...]
illustrativeMonoX — Native token self-swap price inflation — tokenIn/tokenOut identity bypass2021-11-30 · $31M · Native token self-swap price inflation — tokenIn/tokenOut identity bypass · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — spot price of MONO within the pool's own price oracle would have appeared to spike anomalously mid-attack]
illustrativeIndexed Finance — Flash Loan — Rebalancing Delay Pool Oracle Manipulation2021-10-14 · $16M · Flash Loan — Rebalancing Delay Pool Oracle Manipulation · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — pool's internal valuation dropped to ~$300k from $100M+ equivalent; 99.97% distortion]
illustrativeVee Finance — Pangolin spot price oracle manipulation via custom trading pairs + decimal handling bug2021-09-21 · $34M · Pangolin spot price oracle manipulation via custom trading pairs + decimal handling bug · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — Pangolin spot prices manipulated via newly created low-liquidity pairs; observable if monitoring oracle price vs reference]
illustrativexToken Market — Public callFunction() in xSNXAdmin — same SNX price manipulation, different access control bug2021-08-30 · $5M · Public callFunction() in xSNXAdmin — same SNX price manipulation, different access control bug · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — SNX price crashed during attack sequence visible on DEXes]
illustrativeSafeDollar — Infinite Mint via Fee-on-Transfer Reward Accounting Bug2021-06-28 · $248K · Infinite Mint via Fee-on-Transfer Reward Accounting Bug · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — SDO price crashed to $0 during the exploit sequence]
illustrativeBelt Finance — Flash Loan + Price/Share Manipulation (Incorrect Share Valuation)2021-05-29 · $6M · Flash Loan + Price/Share Manipulation (Incorrect Share Valuation) · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — price manipulation via Ellipsis swaps distorted share valuations]
illustrativeMerlin Labs (REKT 2) — Oracle Mispricing2021-05-27 · $550K · Oracle Mispricing · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — BAND mispriced by new calculator]
illustrativePancakeBunny — Flash loan + spot price manipulation → inflated LP token valuation → excess BUNNY minting2021-05-19 · $45M · Flash loan + spot price manipulation → inflated LP token valuation → excess BUNNY minting · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — WBNB/BUSDT LP token valuation would have shown extreme anomaly during the swap manipulation window]
illustrativexToken Market — Flash loan + SNX/BNT price manipulation → xSNX/xBNT share price inflation → drain2021-05-12 · $24M · Flash loan + SNX/BNT price manipulation → xSNX/xBNT share price inflation → drain · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — xSNXa/xBNTa price divergence from manipulated underlying spot prices; Uniswap V2 SNX price cratered during attack]
illustrativeBT Finance + Growth DeFi (two separate hacks, one article) — BT Finance: Flash Loan Price Manipulation; Growth DeFi: Fake Token LP Injection2021-02-09 · $2M · BT Finance: Flash Loan Price Manipulation; Growth DeFi: Fake Token LP Injection · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y (BT Finance — price manipulation is oracle/reserve anomaly)]
illustrativeYearn Finance (yDAI v1 vault) — Flash loan + Curve 3pool spot price manipulation → vault share price arbitrage → DAI drain during migration2021-02-04 · $11M · Flash loan + Curve 3pool spot price manipulation → vault share price arbitrage → DAI drain during migration · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — the Curve 3pool composition was severely distorted during the attack, which would appear as extreme price deviation on any in-block orac...]
illustrativeWarp Finance — Flash loan + Uniswap V2 LP token spot oracle manipulation → inflated collateral → over-borrow drain2020-12-17 · $8M · Flash loan + Uniswap V2 LP token spot oracle manipulation → inflated collateral → over-borrow drain · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — Uniswap V2 WETH-DAI LP spot price doubled mid-transaction; observable if monitoring oracle price deviation]
illustrativeValue DeFi — Flash loan + Curve spot price oracle manipulation → inflated collateral → over-borrow drain2020-11-14 · $7M · Flash loan + Curve spot price oracle manipulation → inflated collateral → over-borrow drain · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — Curve spot price doubled during attack; observable if monitored]
illustrativeCheese Bank — Flash loan + Uniswap LP spot oracle manipulation → inflated collateral value → drain via borrow()2020-11-06 · $3M · Flash loan + Uniswap LP spot oracle manipulation → inflated collateral value → drain via borrow() · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — Uniswap CHEESE/ETH pool WETH balance spiked from normal to 20,000+ ETH within a single transaction, just before oracle refresh and borro...]
illustrativeHarvest Finance — Flash loan + Curve Y-pool spot price manipulation → inflated fToken share valuation → vault drain2020-10-26 · $34M · Flash loan + Curve Y-pool spot price manipulation → inflated fToken share valuation → vault drain · Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — Curve Y-pool USDC/USDT ratio was visibly distorted on every exploit cycle]
rubric_version v1.7.0 factor RD-F-099 category 6 carried 80 critical no