ORACLE_ANALYSIS Skill

Trigger Pattern: ORACLE flag (required) Inject Into: Breadth agents, depth-external, depth-edge-case

For every oracle the protocol consumes:

⚠ STEP PRIORITY: Steps 6 (Failure Modes) and 5c (Deviation Reference) are where HIGH/CRITICAL severity findings most commonly hide. Do NOT rush these steps. If constrained, skip conditional sections (4a-4d, 5a) before skipping 5c or 6.

1. Oracle Inventory

Enumerate ALL oracle data sources the protocol reads:

For each oracle: What decision does the protocol make based on this data? (pricing, liquidation threshold, reward rate, rebase trigger, etc.)

Hardcoded stablecoin pricing check: Does the protocol skip oracle lookup for any asset and hardcode its price to a constant (e.g., 1e8 for USDC, 1e18 for DAI)? If yes → FINDING. All assets require dynamic oracle pricing — stablecoins depeg, and hardcoded pricing fails silently when they do. Check: return 1e8, return 1e18, price = PRECISION, or an oracle mapping that excludes specific tokens.

2. Staleness Analysis

For each oracle identified in Step 1:

2a. Staleness Checks Present?

If NO staleness check: What happens when the oracle returns stale data?

• Protocol uses stale price for liquidations → unfair liquidations
• Protocol uses stale price for minting → mispriced assets
• Protocol uses stale price for swaps → arbitrage opportunity
• Protocol uses stale rate for rewards → incorrect distribution

2b. Stale Data Impact Trace

For each consumer function, trace the impact of receiving data that is {heartbeat × 2} old:

2c. Chainlink-Specific Checks

2d. Pull-Based Oracle Checks (Pyth, Redstone, etc.)

If the protocol uses a pull-based oracle where users supply price data in the transaction:

Processing: ENUMERATE all pull-based oracle update/read sites → PROCESS each against the checks below → verify coverage before proceeding to Section 3.

Timestamp monotonicity attack (Redstone, Pyth, any pull model): If the protocol stores a price at timestamp T and accepts a later update at timestamp T-Δ (within the allowed staleness window), an attacker can roll back the price. Example: price is $3000 at T=now; attacker updates to $2900 at T=now-3min (within Redstone's 3-min window); borrower is liquidated at the stale-but-accepted price. Defense: require(newTimestamp >= lastStoredTimestamp).

Pyth confidence interval attack: Pyth returns price ± confidence bracket. If the protocol uses the raw price without accounting for confidence, it may allow borrowing/liquidation at a price that is up to conf away from the true price. Defense: for collateral pricing use price - conf (pessimistic), for debt pricing use price + conf (pessimistic), always favoring protocol safety over user benefit.

3. Decimal Normalization Audit

For each oracle data flow:

Check: Does the protocol call decimals() dynamically or hardcode it? If hardcoded → what if oracle upgrades and changes decimals?

MANDATORY GREP: Search all oracle consumer files for 1e18, 1e8, 1e6, 10**18, 10**8, 10**6, 1e10, 10**10. For each hit: (1) Is this a decimal normalization constant? (2) Does it match the ACTUAL oracle's decimals() return value? (3) If the oracle is swapped or upgraded, does this constant break?

Decimal chain trace: For each arithmetic operation using oracle data, trace the full decimal chain: oracle_output_decimals → normalization_step → consumer_expected_decimals. If any step uses a hardcoded constant rather than reading decimals() dynamically → FINDING.

Common decimal mismatches:

• Chainlink USD feeds: 8 decimals, but protocol assumes 18
• Chainlink ETH feeds: 18 decimals
• Token decimals: varies (6 for USDC, 18 for DAI)
• Cross-multiplication without normalization: price * amount where price and amount have different decimal bases

Trace: For each arithmetic operation using oracle data, verify dimensional consistency:

result_decimals = oracle_decimals + token_decimals - normalization_decimals
Expected: result_decimals == output_decimals

3d. Decimal Grep Sweep (MECHANICAL - MANDATORY)

Grep ALL oracle consumer files for 10**|decimals()|1e[0-9]|normaliz. For each match, fill:

If ANY row shows Match=NO or oracle decimals UNKNOWN with hardcoded constant → FINDING (R16). Skipping this step is a Step Execution violation (✗3d).

4. TWAP-Specific Analysis

If protocol uses any TWAP oracle (Uniswap V3 observe(), custom TWAP, etc.):

4a. TWAP Window Analysis

Rule of thumb: TWAP window < 30 min AND pool TVL < $10M → potentially manipulable.

4b. TWAP Arithmetic

4c. TWAP Lagging Behavior

During rapid price movements, TWAP lags spot price. Trace:

• What happens when TWAP price is significantly lower than spot? (discounted minting/borrowing)
• What happens when TWAP price is significantly higher than spot? (premium liquidations)
• Is this lag exploitable by attackers who can predict the direction?

4d. TWAP Cold-Start Analysis

Check oracle behavior when history is insufficient: (1) zero snapshots, (2) single snapshot, (3) window period not yet elapsed.

For each exploitable state: can attacker act during cold-start window at manipulated price? Tag: [BOUNDARY:snapshots=0], [BOUNDARY:snapshots=1]. If TWAP returns 0 or reverts during cold-start with no fallback → FINDING (R16, minimum Medium).

5. Oracle Weight / Threshold Boundaries

For multi-oracle systems or oracle-based thresholds:

5a. Multi-Oracle Systems

Check: What happens at exact threshold boundaries?

• If median of [100, 100, 101]: result = 100. Is that correct?
• If weighted average with equal weights rounds down: impact?
• If one oracle reverts: does fallback handle it gracefully?

5b. Oracle-Based Thresholds

Check > vs >=: At the exact threshold value, does the protocol behave as intended?

5c. Deviation Reference Point Audit

For each deviation check in the protocol (maxDeviation, priceDeviation, deviationThreshold, etc.):

Checks:

1. What is the deviation MEASURED AGAINST? (previous on-chain price, TWAP, external oracle, hardcoded value)
2. Is the reference point itself manipulable? (e.g., if deviation checks current vs last-recorded, and last-recorded is admin-settable → admin can set a stale reference that makes all future prices "within deviation")
3. Can the reference become stale? (e.g., if reference is updated only on specific actions, and those actions stop occurring)
4. Is the first recorded price special? (no prior reference → deviation check may be bypassed on first update)
5. Chained feed deviation stacking: If the protocol computes a derived price from multiple oracle feeds (e.g., wBTC→BTC→ETH→UNI requires wBTC/BTC + BTC/ETH + UNI/ETH feeds), individual deviation thresholds compound. Sum the maximum deviations across all feeds in the chain to compute total worst-case deviation. If total compounded deviation exceeds the protocol's liquidation margin or LTV buffer → FINDING. Example: 0.5% + 2% + 2% = 4.5% total deviation; if liquidation threshold is only 5% above LTV, the oracle can be 4.5% stale before triggering, leaving <1% real buffer. Tag: [TRACE:deviation check: current vs {reference} → reference source: {X} → manipulable: {Y/N}]

6. Oracle Failure Modes

For each oracle, model failure scenarios:

For each unmitigated failure mode: What is the worst-case impact? Can it lead to fund loss?

Circuit breaker check: Does the protocol have a mechanism to pause oracle-dependent operations if the oracle enters a failure state?

Finding Template

**ID**: [OR-N]
**Severity**: [based on fund impact and likelihood of oracle failure/manipulation]
**Step Execution**: ✓1,2,3,4,5,6 | ✗(reasons) | ?(uncertain)
**Rules Applied**: [R1:✓, R4:✓, R10:✓, R16:✓]
**Location**: Contract.sol:LineN
**Title**: Oracle [issue type] in [function] enables [attack/failure]
**Description**: [Specific oracle issue with data flow trace]
**Impact**: [Quantified impact under worst-case oracle scenario]

Step Execution Checklist (MANDATORY)