Oracles represent critical infrastructure for DeFi. Their importance stems not only from their widespread use, but also, and most importantly, from how they’re used within DeFi. Specifically, oracles often lie at the heart of a number of different DeFi protocols and are a key component to their safety model. As such, they represent an important attack vector for protocols who use them and are in fact a common target for smart contract attacks.
In this paper, we explore some common oracle-related attacks, as well as the cost and profit potential associated with them. We focus specifically on CPMM based TWAP oracles, which are a specific oracle implementation that relies on on-chain DEX prices. We conclude with an initial exploration of a framework for safely setting CPMM based TWAP oracle parameters.