Oracle mocking

[arbaz-immunefi]

Vulnerability Type

This template is designed for developing attack proof of concepts (PoCs) that exploit vulnerabilities which rely on data returned by an oracle. Please note: When crafting a PoC which manipulates oracle data, the oracle manipulation must be achievable independently from the attack. Oracle mocking allows for easier testing of situations where the mocked oracle data is known to be achievable by other means. If the data returned is not achievable in normal operation of the Oracle, the vulnerability is not considered valid. The template supports manipulation of the following oracles:

Ethereum

Network	Oracle Provider	Library
Ethereum	Chainlink	Chainlink
Ethereum	Band Oracle	Band
Ethereum	Pyth Oracle	Pyth

Usage

The following attack contract demonstrates simple oracle data manipulation:

• OracleManipulationExample

Extend the MockOracleExample contract:

contract Attack is MockOracleExample { }

Please be aware that various oracles adhere to distinct mockOracleData structures and types.

To identify the specific naming parameters required, examine the library code. For instance, within Pyth, there exists a PriceFeeds library that contains all the bytes32 quotes for the pair.

For guidance on how to import and utilize the libraries, refer to the example provided below.

    import "../lib/MockPyth.sol";
    import "../lib/MockChainLink.sol";
    import "../lib/MockBand.sol";

    function initiateAttack() external {
        //1. PYTH ORACLE
        MockPyth.mockOracleData(PriceFeeds.Crypto_BNB_USD, 1337);

        //2. CHAINLINK ORACLE
        MockChainLink.mockOracleData(EthereumTokens.LINK, Fiat.USD, 1337);

        //3. BAND ORACLE
        MockBand.mockOracleData("STRK", "USD", 1337);
        _executeAttack();
    }

[janbro]

LGTM