Full Program
Summary:
Web 3.0-based digital economy is an emerging critical infrastructure that facilitates decentralized value exchange. Oracle networks underpin this infrastructure by securely supplying off-chain data to on-chain smart contracts effectively bridging blockchain systems with real-world information. Compromising oracle networks can destabilize smart contracts cause major financial losses erode trust and threaten the integrity of the digital economy and Web3. Therefore this paper presents early findings on novel and underreported vulnerabilities in decentralized oracle networks with a focus on those operating on the Solana blockchain such as Pyth and Switchboard. While oracle manipulation is not a new threat we identify three classes of vulnerabilities that have received little or no formal attention to the best of our knowledge: (1) bit-flip attacks where low-level data corruptions alter reported prices without triggering existing sanity checks (2) market-price access attacks a form of time-of-check to time-of-use race condition that enables adversaries to exploit oracle readsAuthor(s):
Daneil Zhukovsky
United Kingdom
Muhammad Taimoor Khan
University of Greenwich
United Kingdom