What is a flash-loan-driven oracle manipulation attack on a DeFi protocol, and how would you design the price feed to resist it?

technical-conceptual · Mid level · software-engineering, blockchain-web3

What the interviewer is really asking

Assesses whether the candidate understands how a protocol's choice of price source becomes an attack surface and can reason about concrete oracle-design defenses, not just name 'oracle attack'.

What to say

What to avoid

Example answers

Strong: The attacker takes a flash loan, swings a thin DEX pool's spot price in the same transaction, and the victim protocol prices collateral or a swap off that manipulated number — so they borrow against fake value or drain a pool, then repay the loan atomically. The root problem is reading an instantaneous, manipulable spot price. I'd source prices from a decentralized oracle that aggregates off-chain exchange data, since an on-chain swap can't move that, and back it with a multi-block TWAP for on-chain pairs, plus staleness checks and a deviation circuit breaker so one weird block can't be acted on.

Weak: You just plug in Chainlink and you're safe, because Chainlink is decentralized so nobody can hack the price. Flash loans are really a reentrancy thing, so a reentrancy guard mostly handles it too.

Want questions matched to your role? Paste a job title, job description, or CV and get a personalized set, or go Pro to unlock the full bank.