ProMutator: Detecting Vulnerable Price Oracles in DeFi by Mutated Transactions

This paper presents ProMutator, a scalable security analysis framework that detects price oracle vulnerabilities before attacks occur. ProMutator's core idea is to simulate price oracle attacks locally by mutating the data needed for price calculation. ProMutator analyzes existing transactions to reconstruct probable DeFi use patterns, thereby reducing the required simulation runs drastically. ProMutator does not require any examined contracts' high-level source code. Additionally, ProMutator generates a report for each detected vulnerability to facilitate further investigation. In our evaluation, ProMutator successfully discovered five out of six known and 27 new price oracle vulnerabilities in DeFi protocols. Index Terms-DeFi, price oracle, price oracle attack ? 2021 IEEE.