Decentralized Finance (DeFi) allows users to trade financial products on a distributed system, typically a blockchain, thus eliminating the dependency on centralized brokers such as banks. In the DeFi ecosystem, price oracles provide price information of digital assets to a wide variety of DeFi protocols and are critical components in DeFi. However, at least six DeFi protocols lost more than a total of 43 million dollars in price oracle attacks in 2020.
This presentation will focus on ProMutator, a scalable security analysis framework that detects price oracle vulnerabilities. ProMutator’s core idea is to simulate price oracle attacks locally by mutating the data needed for price calculation. ProMutator analyzes existing transactions to reconstruct probable DeFi use patterns, drastically reducing the required simulation runs. In our evaluation, ProMutator successfully discovered five known price oracle vulnerabilities and 27 undisclosed ones.