A smart contract needs to determine the price of an asset, e.g., when a user deposits ETH into its system.To achieve this price discovery, the protocol consults its respective Uniswap pool as a source. Exploiting this behavior, an attacker can take out a flash loan to drain one side of the Uniswap pool. Due to the lack of data source diversity, the protocol's internal price is directly manipulated, e.g., to 100 times the original value. The attacker can now perform an action to capture this additional value.For example, an arbitrage trade on top of the newly created price difference or an advantageous position in the system can be gained.
The problems are two-fold:
- The use of a single price feed source smart contract allows for easy on-chain manipulation using flash loans.
- Despite a notable anomaly, the smart contracts consuming the price information continue to operate on the manipulated data.
https://extropy-io.medium.com/price-oracle-manipulation-d46fd413cc17