Protocols sometimes require additional information from outside the realm of the blockchain to function correctly. Such off-chain information is provided by oracles, which often are smart contracts themselves.
A vulnerability arises when protocols relying on oracles automatically execute actions even though the oracle-provided data feed is incorrect. An oracle with deprecated or even malicious contents can have is disastrous effects on all processes connected to the data feed. In practice, manipulated data feeds can cause significant damage, from unwarranted liquidations to malicious arbitrage trades.
Currently, the easiest ways to solve the oracle problem are decentralized oracles, such as:
- Chainlink is the largest decentralized oracle provider, and the Chainlink network can be leveraged to bring decentralized data on-chain.
- Tellor is an oracle that provides censorship-resistant data, secured by economic incentives, ensuring data can be provided by anyone, anytime, and checked by everyone.
https://consensys.github.io/smart-contract-best-practices/attacks/oracle-manipulation/