What is the goal of this skill?

To help you identify and mitigate rounding issues and exploitation risks in price oracles.

What should I do if an oracle feed becomes stale?

Switch to a live fallback, rely on alternative sources, and re-run the checklist to assess risk.

Why use multiple oracle sources?

To reduce risk of manipulation and outages; the checklist encourages evaluating multi-source setups and median aggregations.

price-oracles-checklist

npx machina-cli add skill mnedelchev-vn/solidity-defi-claude-skills/price-oracles-checklist --openclaw

Files (1)

SKILL.md

408 B

Rounding issues and exploits analysis

TODO

When to Use

TODO

When NOT to Use

TODO

Examples of issues with Price oracles

Case 1: TODO

Additional Analysis

Beyond the patterns above, apply your full security knowledge to identify any related issues not covered here for the topic of this particular skill.

Source

git clone https://github.com/mnedelchev-vn/solidity-defi-claude-skills/blob/master/skills/price-oracles-checklist/SKILL.md

View on GitHub

Overview

Price oracles are critical for DeFi safety. This skill focuses on rounding issues and exploit patterns in price feeds, helping auditors and developers spot weaknesses and harden oracle integrations.

How This Skill Works

It uses a checklist-driven approach to review oracle implementations, focusing on rounding behavior, data source quality, update cadence, and tamper resistance. By applying known failure patterns and attack vectors, it guides you to identify risky configurations and quantify exposure.

When to Use It

Auditing a DeFi protocol that relies on external price feeds for collateral and liquidations.
Evaluating rounding behavior in price-derived calculations within lending or borrowing engines.
Assessing resilience when using multi source oracles and median-based aggregations.
Investigating anomalies after price feeds spike during high volatility.
Security reviews of oracle integrations or upgrades involving price feeds.

Quick Start

Step 1: Identify all price feeds used by critical protocol paths (collateral, liquidations, rewards).
Step 2: Run the price oracles checklist to evaluate rounding, freshness, and tamper risks for each feed.
Step 3: Implement mitigations such as multi-source feeds, safe math, and monitoring, then test with simulated scenarios.

Best Practices

Use multi source feeds and a robust aggregation method such as median to reduce single-source risk.
Validate rounding logic and apply bounds on price-based computations to avoid under/overpay.
Align oracle update cadence with protocol risk appetite and liquidations thresholds.
Monitor for stale data, sudden spikes, and feed outages with real-time alerts.
Document edge cases and test with simulated manipulation scenarios during audits.

Example Use Cases

Example 1: A lending protocol faced liquidation misfires due to a rounding edge in converting TWAP price to collateral value.
Example 2: A multi-source oracle allowed a single source to skew the median during a volatility spike, impacting price discovery.
Example 3: Oracle downtime led to stale prices and incorrect collateral calculations.
Example 4: A misconfigured update cadence caused price delays during fast market moves.
Example 5: A unit test gap failed to catch rounding errors in price feed arithmetic.

Frequently Asked Questions

Add this skill to your agents