Zhukovsky, D. and Khan, M. T. ORCID: https://orcid.org/0000-0002-5752-6420 (2025) Vulnerability analysis of Web 3.0 based decentralised oracle networks. In: 2025 IEEE International Conference on Cyber Security and Resilience (CSR), Chania, Crete, Greece, 2025. IEEE Xplore . Institute of Electrical and Electronics Engineers, Inc. (IEEE), Piscataway, New Jersey, pp. 1106-1112. ISBN 979-8331535919 (doi:10.1109/CSR64739.2025.11130021)

PDF (VoR) 51784 KHAN_Vulnerability_Analysis_Of_Web_3.0_Based_Decentralised_Oracle_Networks_(VoR)_2025.pdf - Published Version Restricted to Repository staff only Download (947kB) | Request a copy

Abstract

The Web 3.0 digital economy is an emerging critical infrastructure that relies on oracle networks to provide trusted off-chain data to on-chain smart contracts, enabling decentralized value exchange. However, these networks are critical points of failure. If compromised, they can destabilize smart contracts, cause substantial financial losses, and undermine trust in decentralized systems. This paper presents early findings on previously underreported vulnerabilities in Solana-based oracle networks like Pyth and Switchboard. We identify three overlooked attack vectors: (1) bit-flip attacks, where minor data corruptions bypass sanity checks; (2) market-price access attacks, which exploit timing gaps in data reads; and (3) price aggregation attacks, where adversaries manipulate aggregated prices using the oracle’s own logic. Existing detection approaches fall short due to limited precision, inadequate modeling of contract-oracle interactions, and poor visibility into aggregation processes. To address these gaps, we implement lightweight real-time infrastructure and delta-decision procedures to effectively detect and analyze these emerging threats.

Item Type:	Conference Proceedings
Title of Proceedings:	2025 IEEE International Conference on Cyber Security and Resilience (CSR), Chania, Crete, Greece, 2025
Uncontrolled Keywords:	semantic web, digital economy, Smart contracts, switches, vectors, real-time systems, delays, logic, monitoring, resilience, oracle networks, latency attacks, bitflips, price access manipulation, price aggregation, Solana
Subjects:	Q Science > Q Science (General) Q Science > QA Mathematics Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / School / Research Centre / Research Group:	Faculty of Engineering & Science Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS)
Last Modified:	26 Nov 2025 08:28
URI:	https://gala.gre.ac.uk/id/eprint/51784

Actions (login required)

View Item

Downloads