Exchange Rate Manipulation Explained in Detail
An exchange rate converts one unit into another: assets to shares, wrapped tokens to base assets, LP tokens to reserves, or collateral tokens to debt value.
If that rate can be moved cheaply, a protocol may overmint, overvalue collateral, undercharge redemptions, or create bad debt.
Smart contract example
collateral value = token amount * exchange rate * market price
Each input must be trustworthy and scaled correctly.
Exchange Rate Manipulation in Auditing
Exchange rates often sit between internal accounting and external prices. They can look like simple math while carrying assumptions about liquidity, freshness, and who can update state.
Auditors review rate sources, update rules, and consumers.
Red flags in code
-
Rate comes from one manipulable contract state.
-
No bounds, freshness, or sanity checks.
-
Rate jumps are accepted without delay.
-
Market price feeds and exchange rate feeds are confused.
-
Decimal scaling differs between collateral and debt paths.
How to test or review it
-
Map every rate source and consumer.
-
Test sudden jumps, zero rates, stale rates, and extreme rates.
-
Manipulate vault, pool, or wrapper state before the rate read.
-
Check fallback behavior and circuit breakers.
-
Verify final units after token decimals and oracle scaling.