oracle-flashloan-analysis
Detects price oracle manipulation and flash loan attack vectors in DeFi smart contracts. Classifies oracle trust models (Chainlink, TWAP, spot price, custom), identifies stale price risks, circular price dependencies, and flash loan atomicity exploitation patterns. Use when auditing DeFi protocols that depend on price data, oracle integrations, lending protocols, DEXs, derivatives, or any contract where flash loans could manipulate state within a single transaction.
git clone --depth 1 https://github.com/quillai-network/quillshield_skills /tmp/oracle-flashloan-analysis && cp -r /tmp/oracle-flashloan-analysis/plugins/oracle-flashloan-analysis/skills/oracle-flashloan-analysis ~/.claude/skills/oracle-flashloan-analysisSKILL.md
# Oracle & Flash Loan Analysis
Detect vulnerabilities where **external price data can be manipulated** or **flash loans can exploit protocol logic** within a single transaction. These two attack vectors are often combined and represent the most common DeFi attack pattern.
## When to Use
- Auditing any DeFi protocol that reads external price data (lending, DEX, derivatives, yield aggregators)
- Reviewing Chainlink, Uniswap TWAP, Band Protocol, or custom oracle integrations
- Analyzing protocols that interact with or are accessible via flash loans
- Threat modeling for MEV, sandwich attacks, and price manipulation
- When a protocol uses `balanceOf()`, pool reserves, or spot prices for critical calculations
## When NOT to Use
- Contracts with no price dependencies or external data feeds
- Pure access control analysis (use semantic-guard-analysis)
- State-to-state invariant checking (use state-invariant-detection)
## Core Concept: The Oracle Trust Hierarchy
Not all price sources are equally secure. Oracle vulnerabilities stem from the gap between **assumed trust** and **actual manipulation resistance**.
```
Trust Level (highest to lowest):
┌─────────────────────────────────────────────┐
│ Level 5: Multi-oracle consensus + circuit │
│ breakers + TWAP + staleness checks │
├─────────────────────────────────────────────┤
│ Level 4: Chainlink with full validation │
│ (staleness, sequencer, min answers) │
├─────────────────────────────────────────────┤
│ Level 3: Uniswap V3 TWAP (long window) │
│ Multi-block manipulation cost │
├─────────────────────────────────────────────┤
│ Level 2: Uniswap V2 TWAP (short window) │
│ or Chainlink WITHOUT staleness check │
├─────────────────────────────────────────────┤
│ Level 1: Spot price from single pool │ ← Manipulable via flash loan
│ or balanceOf() for pricing │
└─────────────────────────────────────────────┘
```
## The Four-Phase Detection Architecture
### Phase 1: Oracle Source Identification
Locate every point where the contract reads external price/value data.
**Search for these patterns:**
| Pattern | Oracle Type | Risk Level |
|---------|------------|------------|
| `latestRoundData()` | Chainlink | Medium (depends on validation) |
| `latestAnswer()` | Chainlink (deprecated) | HIGH (no round validation) |
| `observe()` / `consult()` | Uniswap TWAP | Medium (depends on window) |
| `getReserves()` | AMM spot price | **CRITICAL** (flash-loan manipulable) |
| `balanceOf(address(this))` | Self-balance | **CRITICAL** (donation attack) |
| `slot0()` / `sqrtPriceX96` | Uniswap V3 spot | **CRITICAL** (single-block manipulable) |
| Custom `getPrice()` | Unknown | Requires investigation |
**Build an Oracle Dependency Map:**
```
Contract: LendingPool
├── borrowLimit() → uses getCollateralPrice()
│ └── getCollateralPrice() → calls chainlinkOracle.latestRoundData()
├── liquidate() → uses getDebtPrice()
│ └── getDebtPrice() → calls uniswapPool.slot0() ← SPOT PRICE!
└── calculateInterest() → uses getUtilizationRate()
└── getUtilizationRate() → reads internal state (safe)
```
### Phase 2: Oracle Validation Verification
For each oracle source, verify that proper safety checks are in place.
**Chainlink Validation Checklist:**
```solidity
// COMPLETE Chainlink integration
(uint80 roundId, int256 price, , uint256 updatedAt, uint80 answeredInRound) =
priceFeed.latestRoundData();
require(price > 0, "Invalid price"); // Check 1: Non-negative
require(updatedAt > 0, "Round not complete"); // Check 2: Round complete
require(answeredInRound >= roundId, "Stale price"); // Check 3: Not stale
require(block.timestamp - updatedAt < HEARTBEAT, // Check 4: Fresh
"Price too old");
// L2-specific
require(!sequencerFeed.isDown(), "Sequencer down"); // Check 5: L2 sequencer
require(block.timestamp - sequencerUptime > GRACE, // Check 6: Grace period
"Grace period");
```
**Missing Check Severity:**
| Missing Check | Severity | Impact |
|---------------|----------|--------|
| `price > 0` | HIGH | Zero/negative price → infinite borrowing or free liquidations |
| `updatedAt > 0` | MEDIUM | Incomplete round data used |
| `answeredInRound >= roundId` | HIGH | Stale price from previous round |
| Heartbeat/freshness | HIGH | Hours-old price during volatile markets |
| L2 sequencer check | HIGH | Stale price during L2 outage → unfair liquidations |
| Price deviation bounds | MEDIUM | Extreme outlier not filtered |
**TWAP Validation:**
```
Window length analysis:
- < 10 minutes: HIGH RISK — manipulable with moderate capital
- 10-30 minutes: MEDIUM RISK — expensive but feasible multi-block manipulation
- 30+ minutes: LOWER RISK — requires sustained pool manipulation
- Check: Is the TWAP window configurable? Can governance reduce it?
```
### Phase 3: Flash Loan Attack Surface Analysis
Identify operations that can be exploited via flash loan atomicity.
**Flash Loan Attack Model:**
```
Single Transaction:
1. Borrow N tokens via flash loan (Aave, dYdX, Balancer)
2. Manipulate price source (swap in pool, donate to contract)
3. Exploit protocol at manipulated price (borrow, liquidate, swap)
4. Reverse manipulation (swap back)
5. Repay flash loan + fee
6. Profit = exploited_value - flash_loan_fee - gas
```
**Detection Algorithm:**
```
For each function F that reads price/value data:
1. Identify the price source S
2. Can S be manipulated within a single transaction?
- Spot price from AMM → YES (swap in same tx)
- balanceOf(address(this)) → YES (donate tokens)
- Chainlink feed → NO (off-chain updates)
- TWAP → DEPENDS (short window = risky)
3. What does F do with the price?
- Determines borrowing limit → CRITICAL
- Triggers liquidation → CRITICAL
- Sets exchange rate → HIGH
- Informational only → LOW
4. Is the manipulation profitable?
-Token-efficient smart contract security auditing via Behavioral State Analysis (BSA). Scopes analysis to contract type, runs only relevant threat engines, and uses tiered output depth. Use for auditing smart contracts, security reviews, or DeFi threat modeling.
Blue-team release-gate analysis for smart contract deployment and upgrade readiness. Classifies repositories, checks deploy/upgrade execution paths, CI/CD trust boundaries, config drift, secrets/signer operational security, and outputs evidence-backed release verdicts.
Detects Denial of Service and griefing vulnerabilities in smart contracts. Covers unbounded loop DoS, block gas limit exhaustion, external call failure DoS, insufficient gas griefing (63/64 rule), storage bloat attacks, timestamp griefing, self-destruct force-feeding, and push vs pull payment pattern analysis. Use when auditing contracts with batch operations, loops over user data, reward distribution, dividend systems, or any logic that depends on address(this).balance or iterates over growing collections.
Detects unsafe external call patterns and token integration vulnerabilities in smart contracts. Covers unchecked call/delegatecall/staticcall return values, fee-on-transfer tokens, rebasing tokens, tokens with missing return values (USDT), ERC-777 callback risks, unsafe approve race conditions, return data bombs, gas stipend limitations, and push vs pull payment patterns. Use when auditing contracts that interact with external contracts, integrate arbitrary ERC20 tokens, distribute payments, or make low-level calls.
Detects input validation failures and arithmetic vulnerabilities in smart contracts. Covers missing zero-address and zero-amount checks, division-before-multiplication precision loss, rounding direction exploitation, ERC4626 vault share inflation attacks, unsafe integer casting, dust amount exploitation, and Solidity 0.8+ unchecked block edge cases. Use when auditing contracts with fee calculations, share pricing, exchange rates, unchecked blocks, or any public-facing functions that accept user input.
Detects vulnerabilities in upgradeable proxy smart contracts including storage layout collisions, uninitialized implementations, function selector clashing, delegatecall context issues, and upgrade path safety. Covers Transparent Proxy, UUPS (EIP-1822), Beacon, Diamond (EIP-2535), and Minimal Proxy (EIP-1167) patterns. Use when auditing upgradeable contracts, reviewing implementation upgrades, analyzing delegatecall architectures, or verifying proxy pattern compliance.
Systematically detects all reentrancy vulnerability variants in smart contracts — classic, cross-function, cross-contract, and read-only reentrancy. Builds call graphs, verifies CEI (Checks-Effects-Interactions) pattern compliance, traces state changes relative to external calls, and identifies callback vectors through ERC-777/ERC-1155 hooks. Use when auditing contracts that make external calls, transfer ETH or tokens, interact with callback-enabled standards, or have complex multi-contract architectures.
Detects logic vulnerabilities in smart contracts by analyzing guard-state consistency patterns. Identifies functions that bypass security checks (require, modifiers) that other functions consistently apply. Uses the Consistency Principle — a contract is its own specification. Use when auditing smart contracts for missing access controls, inconsistent pause checks, logic bugs, forgotten modifiers, or when traditional tools report no issues but logic errors may exist.