Oracles sit right at the heart of every DeFi protocol—they’re crucial, and because of that, they’re also a favorite target for attacks. At Falcon Finance, we don’t just tick boxes and call an oracle “secure” or “insecure.” Instead, we treat oracle security as a moving target: How much does it actually cost to mess with the price? When does an attack start to make financial sense for someone? That’s where manipulation cost curves come in.
These curves aren’t just theoretical—they map out the real-world money, time, and coordination it takes to push oracle prices far enough to pull value out of the protocol. We don’t pretend attackers won’t try. If attacking an oracle is cheap, someone out there will absolutely have a go. Our job is to make those attacks so expensive or risky that they just aren’t worth it.
Falcon Finance starts with multi-source oracle aggregation. We pull in prices from all over—different venues, chains, and data providers. We don’t treat them all equally, though. Sources with deeper liquidity and better track records get more weight. This immediately makes life harder for would-be attackers. It’s not enough to move one market; you’d have to wrangle several at once.
But just aggregating isn’t enough. We go deeper and actually model how much capital you’d need to move the price, and how the impact changes as you push harder. Thin, illiquid markets count for less, and we use time-weighted averages (TWAPs) so quick, temporary spikes don’t mess with the protocol. Basically, if you want to attack, you’ll need to keep up the pressure—and the capital—for longer stretches.
Then there’s latency. Fast oracles make it way too easy for flash-loan attacks. So for sensitive actions like liquidations or minting checks, we add a deliberate delay. Attackers can’t just hit and run—they have to hold their risky, manipulated position longer, which ramps up their exposure.
Not every part of the system relies on oracles in the same way. Falcon Finance separates “soft” from “hard” dependencies. Some things, like UI prices or warning banners, can live with looser, faster oracles. But for the big stuff—collateral values, liquidations—we use slower, stricter, more conservative data feeds. If one feed fails, the damage stays contained.
On top of that, we’ve built in circuit breakers. If our price feeds start to disagree by too much, we don’t just plow ahead—sensitive operations pause or switch to a degraded state. An oracle attack turns into an alert, not an instant disaster.
For an attacker, it’s all about the math: can they squeeze out more value than they spend and risk? Our goal is simple—always keep the price of attacking higher than the potential payoff, even when markets are thin or volatility is high.
Bottom line: Falcon Finance doesn’t see oracle security as a checkbox—it’s an ongoing economic battle. By constantly modeling attack costs and building in friction at every step, we make it much harder for anyone to threaten USDf’s solvency or user trust with a cheap oracle exploit.