Last updated: February 06, 2026

SCWE-112: Reliance on Low-Liquidity Spot Prices

Stable Version v1.0

This content is in the version-(v1.0) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships

• CWE-346: Origin Validation Error
  https://cwe.mitre.org/data/definitions/346.html

Description

Using a single on-chain DEX spot price from an illiquid pool lets attackers move the price with small trades or flash loans, then exploit inflated/deflated valuations for lending, liquidations, or swaps.

Remediation

• Require minimum liquidity thresholds and sanity bounds before trusting a pool.
• Use robust oracles (Chainlink, TWAP, median of multiple feeds) instead of raw spot prices.
• Apply deviation checks against reference feeds and revert when deviation exceeds limits.

Examples

Vulnerable

pragma solidity ^0.8.0;

contract Lending {
    IUniswapV2Pair public pair;

    function getPrice() public view returns (uint256) {
        (uint112 r0, uint112 r1,) = pair.getReserves();
        return uint256(r1) * 1e18 / r0; // trusts small pool
    }
}

Fixed

pragma solidity ^0.8.0;

contract Lending {
    IAggregatorV3 public chainlink;

    function getPrice() public view returns (uint256) {
        (, int256 price,,,) = chainlink.latestRoundData();
        require(price > 0, "stale");
        return uint256(price);
    }
}