Oracle Failure & Manipulation Testing

[UlyanaAndrukhiv]

Context

Implement comprehensive test coverage for all oracle failure modes, edge cases, extreme price scenarios, manipulation attacks, and fallback mechanisms to ensure the protocol maintains security and solvency even when price data is compromised, unavailable, or manipulated.

The protocol's security depends critically on accurate, timely price data from oracles. Current tests assume reliable oracle functionality. In production, oracles can fail, provide stale data, return invalid values, or be manipulated by attackers.

Missing Test Coverage

• Price Feed Failures

  • Oracle returns nil/null price
  • Oracle connection timeout
  • Stale price (timestamp > 1 hour old)
  • Oracle contract becomes unavailable
  • Fallback oracle activation

• Extreme Price Scenarios

  • Flash crash: 50% price drop in single block
  • Flash pump: 100% price increase in single block
  • Price volatility: 10% swings every block for 100 blocks
  • Circuit breaker activation thresholds

• Invalid Price Data

  • Oracle returns 0.0 price
  • Oracle returns negative price
  • Oracle returns UFix64.max (overflow attempt)
  • Oracle returns inconsistent decimals

• Multi-Oracle Conflicts

  • Primary oracle: $1.00
  • Secondary oracle: $1.50
  • Conflict resolution strategy
  • Weighted average calculations

• Oracle Manipulation Attacks

  • Attacker manipulates DEX price
  • Protocol oracle uses manipulated price
  • Position health artificially inflated
  • Liquidation prevention via price manipulation

Recommended Tests

Test: Oracle returns nil, protocol rejects operations
Test: FLOW price flash crashes from $1.0 to $0.50
Test: Oracle timestamp is 2 hours old, price rejected
Test: Primary oracle $1.00, secondary $1.50, use median
Test: Attacker manipulates DEX price by 10%, oracle circuit breaker triggers