April 2023
Authors: Omer Goldberg and Yonatan Haimowitz
Time-weighted average price (TWAP) oracles have become indispensable in the decentralized finance (DeFi) sector, providing crucial price data for various applications. However, despite their adoption, the potential for manipulation of TWAP oracles poses a significant threat to the security and stability of DeFi protocols. The robustness, resilience, and price accuracy of TWAP oracles highly depend on market conditions, pool liquidity, and liquidity distribution per ticks, thus exposing them to market risk and liquidity fluctuations.
This paper assesses the likelihood and feasibility of manipulating Uniswap's V3 TWAP oracles, focusing on the worst-case scenario for low liquidity assets. To this end, we introduce the Chaos Labs TWAP Market Risk application, which leverages pool data, including liquidity depth and exhaustion prices, to quantify the real-time manipulation risk across all V3 pools and deployments.
Moreover, this study proposes strategies for TWAP Oracle consumers to mitigate the manipulation risks and explores the potential benefits of adopting median oracles as a viable alternative.
The Chaos Labs TWAP Market Risk application homepage allows you to search Uniswap V3 pools across all deployments.
The manipulation of TWAP oracles can have severe consequences for decentralized finance (DeFi) protocols, leading to potential economic exploits and financial losses. Lending and derivative protocols, for example, require accurate on-chain price information to calculate the market price of assets and determine the value of collateral and debt for loans issued by the protocol. In this context, an attacker may attempt to manipulate the TWAP oracle to overvalue their collateral, leading to undercollateralized loans and bad debt for the lending protocol, which benefits the attacker. Let’s look at two real-life attacks that exploited this attack vector.
Moola Market is a non-custodial lending protocol on the Celo blockchain that aims to democratize access to borrow and lend markets. The protocol was hacked on October 18th, 2022, using a simple, manual price manipulation exploit. The attacker began with initial funding of 243k $CELO and used 60k $CELO to borrow 1.8M $MOO tokens, which were then used as collateral to borrow against other assets. The remaining 183k $CELO was used to artificially inflate the price of $MOO collateral on Ubeswap, enabling the attacker to borrow the remaining assets on the protocol and drain all of its liquidity, resulting in a loss of approximately $9 million.
During the price manipulation attack on Moola Market, there was a notable and sudden increase in price, as seen in the violent price wick upwards. This price manipulation led to the attacker being able to borrow the remaining assets on the protocol and drain all liquidity, resulting in a significant loss.
Mango Markets is a decentralized perpetual exchange built on the Solana blockchain. It allows users to trade futures, perpetual swaps, and options with high leverage, low fees, and fast settlement times. The platform is designed to be non-custodial, meaning users retain control of their funds and can manage their own risk.
Here is a summary of the Mango Markets attack in a step-by-step format: