TECH ORDUS NOVUS ORDO CYBER INTELLIGENCE

Flash Loan Oracle Manipulation: Anatomy of a $4M DeFi Exploit

By Tech Ordus Research April 18, 2026 web3-defi
Affiliate disclosure: When you buy through links on BestPocketTech we may earn a commission at no extra cost to you. As an Amazon Associate we earn from qualifying purchases. Our recommendations are based on independent research and editorial standards.

Attack Overview

A lending protocol using a single Uniswap V2 pool as its price oracle was exploited for approximately $4M in a single transaction block.

Exploit Chain

  1. Flash loan 50,000 WETH from Aave V3
  2. Swap WETH → TOKEN on target Uniswap pool, driving TOKEN price up 3,400%
  3. Borrow maximum USDC from lending protocol using TOKEN as collateral (at manipulated price)
  4. Swap back TOKEN → WETH, restoring pool ratio
  5. Repay flash loan + 0.09% fee
  6. Net profit: the difference between borrowed USDC and WETH repay cost

Vulnerable Price Feed

function getPrice(address token) public view returns (uint256) {
    (uint112 r0, uint112 r1,) = IUniswapV2Pair(pool).getReserves();
    return uint256(r0) * 1e18 / uint256(r1);
}

Spot price from a single pool with low liquidity — manipulable within a single transaction.

Fix

Use a TWAP (time-weighted average price) over at least 30 minutes, or a Chainlink aggregator with staleness checks.