05-27, 17:00–17:25 (CET), Seed
On-chain price feeds are a powerful component of DeFi. For example, Curve price feeds can be used by lending protocols to ensure over-collateralization. On-chain oracles can be especially vulnerable to manipulation and must be protected.
We describe two novel on-chain oracle manipulation vectors: proposer bribing on Ethereum Mainnet, and L2 sequencer timing.
The first novel on-chain oracle manipulation vector, proposer bribing, exploits a quirk of the ethereum consensus layer to allow inexpensive control over multiple consequent blocks, even in the presence of substantial MEV.
The second novel attack exploits the centralized sequencer FIFO ordering of transactions on L2s. An attacker can include two back-to-back transactions (market manipulation and de-manipulation) in consecutive blocks, which allows the attacker to perform oracle manipulation without risking of losing the manipulation capital to other actors.
Pietro is a Blockchain Security Engineer at ChainSecurity