SecPLF: Secure Protocols for Loanable Funds against Oracle Manipulation Attacks

TL;DR

This work addresses oracle manipulation attacks on Protocols for Loanable Funds (PLFs) in DeFi, which are amplified by flash loans. It formalizes standard PLF models and an adversary framework, then proposes SecPLF, an algorithm that maintains a per-asset price state and outputs a safe price $P_{\mathbf{A}}$ by capping oracle input to a threshold tied to the safe collateralization ratio $\epsilon$. The authors prove that SecPLF renders such attacks unprofitable by ensuring the maximum price distortion $\max(\Theta)$ equals $\epsilon$, and they quantify arbitrage risk via a price-discrepancy metric $\Delta^{\mathbb{B}}_{\mathbf{A}}$ with empirical justification using three years of market data. The approach is oracle-agnostic, easily integrated, and resource-efficient, offering proactive protection with tunable parameters $\epsilon$ and $z$ to balance under-collateralization risk and arbitrage risk, thereby strengthening DeFi lending protocols against flash loan-driven oracle manipulation.

Abstract

The evolving landscape of Decentralized Finance (DeFi) has raised critical security concerns, especially pertaining to Protocols for Loanable Funds (PLFs) and their dependency on price oracles, which are susceptible to manipulation. The emergence of flash loans has further amplified these risks, enabling increasingly complex oracle manipulation attacks that can lead to significant financial losses. Responding to this threat, we first dissect the attack mechanism by formalizing the standard operational and adversary models for PLFs. Based on our analysis, we propose SecPLF, a robust and practical solution designed to counteract oracle manipulation attacks efficiently. SecPLF operates by tracking a price state for each crypto-asset, including the recent price and the timestamp of its last update. By imposing price constraints on the price oracle usage, SecPLF ensures a PLF only engages a price oracle if the last recorded price falls within a defined threshold, thereby negating the profitability of potential attacks. Our evaluation based on historical market data confirms SecPLF's efficacy in providing high-confidence prevention against arbitrage attacks that arise due to minor price differences. SecPLF delivers proactive protection against oracle manipulation attacks, offering ease of implementation, oracle-agnostic property, and resource and cost efficiency.

Figures (3)

• Figure 1: Flash loan-driven oracle manipulation attack example of transaction $\mathcal{T}$: $\mathbb{A}$ distorts the initial price of B ($\$10$) by a factor of $\Theta = 10,202$. $\mathbb{A}$ profits ($G$) $10,192,000$ amount of C priced at $1$ USD (highlighted in red).
• Figure 2: $T_z$ (in minutes) vs Market Capitalization (in USD) for 15 crypto-assets. The confidence value $z = 1 - 10^{-5}$. The safe collateralization ratio $\epsilon = 1.25$.
• Figure 3: Cumulative Probability of $\max_{600}(\Delta^M_\mathbf{A})/d_M$ for each data set $D_\mathbf{A} = (d_1, \cdots, d_{N})$, where $N \approx 1.57 \cdot 10^6$. The safe collateralization ratio $\epsilon = 1.25$.

Theorems & Definitions (7)

• definition 1: Safe collateralization
• definition 2: Liquidation threshold
• definition 3: Collateralization-safe PLF
• definition 4: Oracle-manipulation-secure PLF
• Proposition 1
• Lemma 1
• theorem 1