AMM Price & Oracle Security Checklist
Security checks for AMM price mechanisms, TWAP oracles, and price manipulation defenses. 30 security checks derived from 1,327 real audit findings. Covering TWAP Oracle Security, Price Manipulation, Spot Price Risks, External Oracle Integration, Price Impact & Slippage, and Bonding Curve Math.
Threat Analysis
Key statistics from analyzing 1,327 audit findings:
• 1,327 findings analyzed from real smart contract audits across major DeFi protocols
• 30 vulnerability patterns identified and categorized across 6 security domains
• 19 Critical/High items require immediate attention in any audit
CATEGORIES
Missing Slippage Protection in Liquidity Operations
HighLiquidity entry, exit, and zap functions lack slippage checks, enabling sandwich attacks during LP operations
Missing Slippage Protection in Swap Functions
HighSwap functions execute without minimum output amount validation, enabling MEV exploitation
Hardcoded or Zero Slippage Tolerance
MediumContracts use hardcoded zero slippage or pass amountOutMin=0, accepting any output amount
Oracle Price Manipulation via Pool Reserves
HighToken prices calculated from AMM pool reserves can be manipulated by attackers using flash loans
Price Manipulation via Liquidity Control
HighAttackers manipulate token prices by controlling liquidity or exploiting on-chain price mechanisms
Missing Minimum Return Amount in Trades
HighContracts lack minimum return amount checks, allowing MEV searchers to extract value
Front-Running via User-Specified Slippage
HighUser-specified slippage parameters visible on-chain enable targeted front-running attacks
Missing Sell-Side Slippage Protection
HighSell functions specifically lack slippage protection, enabling price manipulation during exits
Missing Price Feed Validation
MediumOracle contracts retrieve prices without validating data integrity, timestamps, or source authenticity
Incorrect Price Feed Decimals Handling
MediumMiscalculations occur when price feed decimals are not properly validated or normalized
Price Feed Manipulation via Stale or Manipulable Data
HighPrice feeds can be manipulated to affect trading and liquidation logic
Incorrect Spot Price Calculations
HighFlawed price calculation logic in functions like _calcSpotPrice or getAmountOut leads to inaccurate valuations
Incorrect Swap Direction Calculation
MediumFlawed logic in determining swap direction can cause incorrect token routing
Stale Oracle Price Data
HighOracle returns outdated price data without staleness validation checks
Deprecated or Unreliable Chainlink Feeds
MediumUsing deprecated Chainlink feeds or constant stale thresholds can return invalid prices
Missing Sequencer Downtime Validation
MediumOracle functions fail to check L2 sequencer status before fetching prices
Unvalidated External Oracle Data
MediumExternal oracle data used without correctness validation or fallback mechanisms
TWAP Oracle Manipulation in Low-Liquidity Pools
HighUniswap V3 TWAP oracles can be manipulated when pool liquidity is low
Spot Prices Used Instead of TWAP
HighUsing spot prices instead of time-weighted averages makes oracle values flash-loan manipulable
Incorrect Token Ordering in TWAP Registration
HighTWAPOracle registers pairs with wrong token order, causing inverted prices
Stale TWAP Prices from Infrequent Updates
HighTWAP oracles return outdated prices when updates are infrequent or during sequencer downtime
Flawed TWAP Implementation Enables Manipulation
HighIneffective TWAP calculations with insufficient windows allow price manipulation within bounds
Amplification Parameter Manipulation
HighIncorrect pricing due to amplification parameter updates in StableSwap-style pools
Bonding Curve Parameter Validation
HighMissing validation for bonding curve parameters can cause division by zero or overflows
Arbitrary Curve Implementation Risk
MediumAllowing arbitrary curve implementations enables malicious math that can drain pools
StableSwap Convergence Failure
HighNewton's method may not converge in highly unbalanced pools, causing incorrect pricing
Incorrect Storage Balance Updates in Meta-Pools
HighStored balances not properly updated during meta-pool swaps cause accounting drift
Incorrect Price Source in Production Oracles
MediumMock or hardcoded prices used instead of real market data in production environments
Unprotected Critical Price Functions
MediumCritical price-affecting functions lack access control, allowing unauthorized execution
Multi-Block Price Manipulation Window
HighPrice updates spanning multiple blocks create manipulation windows between state transitions
Need a Professional AMM Price & Oracle Audit?
DeFi protocols handle billions in TVL. Get your protocol audited by a team that understands AMM architectures and DeFi-specific attack vectors.
