A protocol founder wakes up at 4 AM to an urgent alert: five user positions have been liquidated. But something is off. The collateral was healthy, the users did nothing wrong, and the market barely moved. Yet somehow, $2 million in trades on a single DEX pool triggered a cascade that wiped out legitimate positions.
This isn’t a hypothetical scenario. It happened on Arbitrum in December 2023, again during the August 2024 market turbulence on GMX V2, and again on Moonwell in 2025. The culprit? Asset mispricing caused by a fundamental mismatch between traditional finance methodology (VWAP) and blockchain reality.
RedStone solved this problem years ago. We saw the vulnerability in volume-based pricing for AMM venues and built our entire methodology around liquidity-based price discovery instead. Here’s why that decision matters, and why protocols still using volume-weighted oracles are leaving their users exposed.
Why VWAP Isn’t The Best Fit For Financial Markets in Crypto?
Volume Weighted Average Price (VWAP) is the gold standard for market price discovery in traditional finance, and for good reason. When someone executes a multi-million dollar trade, that volume carries genuine information about the present value of an asset. There’s inertia behind it – institutional traders’ conviction, technical analysis, research, and risk assessment. A $100 transaction tells you almost nothing. A $10 million transaction tells you something significant about where sophisticated buyers or sellers believe fair value lies.
This logic works beautifully in traditional markets, where regulations, surveillance, and legal consequences enforce natural guardrails. However, blockchain changes the playing field entirely, introducing two structural factors that undermine VWAP’s assumptions at their core.
The Two Blockchain Anomalies
First, you get assets that shouldn’t be actively traded but remain open to manipulation. Liquid Staking Tokens (LSTs), such as wstETH, are perfect examples. These tokens appreciate predictably against ETH through staking rewards. There’s no economic reason for major trading activity, as the value relationship is mathematically defined. Yet low liquidity in LST pools creates an exploitable surface area. The December 2023 incident saw wstETH pricing spike from 1.1483 ETH to 1.4322 ETH, a 25% deviation, within minutes, purely from two large opposing trades executed in a single MEV block. All that without significant trading volume.
Second, blockchain has Automated Market Makers (AMMs). In traditional finance, if you try to execute a trade at an absurd price, counterparties simply won’t take it. There are humans in the loop running sanity checks. But AMMs are algorithmic. They execute any trade their code permits, regardless of how divorced from reality the price becomes. If liquidity is thin, you can spend relatively little to push prices to extreme levels. The AMM doesn’t question it, doesn’t verify it, doesn’t estimate.
That’s specifically why RedStone never uses VWAP to calculate prices from AMM DEXs. The methodology is fundamentally unsuited for automated market makers, where volume can be artificially generated at minimal cost. Instead, we built our system from the ground up around liquidity-based pricing, measuring manipulation resistance rather than trading volume.
With VWAP, Asset Mispricing Can Happen Anytime
Here’s what makes this particularly insidious: price manipulation in blockchain isn’t illegal. In traditional finance, deliberately manipulating prices can result in prosecution. In blockchain, it’s just a clever use of protocol mechanics. You can identify low-liquidity pools, execute trades that distort prices, and profit from the downstream effects, all while staying within the technical rules of the system. Doesn’t matter if it was a calculated action by a trader with bad intentions.
Even more concerning, manipulation can happen as a side effect of other activities. Front-running attacks routinely involve temporarily shifting prices to intercept trades, then reverting them. These attacks exploit the non-linearity of price impact at different liquidity levels. The manipulator isn’t even targeting the oracle, they’re gaming AMM mechanics. Oracles relying on VWAP still report these artificial prices as truth.
These incidents keep happening because the underlying methodology hasn’t changed. Protocols continue integrating volume-based oracles for AMM venues, and attackers continue exploiting the predictable vulnerability.
The Core Problem with VWAP
Here’s the paradox that traps protocols: the oracle can be technically correct and still completely wrong. If an AMM pool has low liquidity and someone executes large trades, the volume-weighted average price accurately reflects those trades. The oracle isn’t malfunctioning — it’s doing exactly what it was designed to do. The problem is that the trades themselves don’t represent real market value. They represent manipulation, or at best, transient price distortion. VWAP captures the price changes, but not the actual value behind them.
This is why low liquidity is such a strong vulnerability signal. The less money in a pool, the less it takes to move prices dramatically. And unlike traditional markets, where someone would notice and intervene, blockchain executes automatically. By the time anyone realizes what happened, traders are already liquidated, and their money is gone. All because of the oracles relying on VWAP.
The Liquidity-Based Alternative
The solution requires rethinking price discovery from the ground up. Historical data can be helpful here, but what’s more important is asking, “How hard would it be to manipulate this price?”
This means examining the slippage profile across different trade sizes. If the price impact is minimal, the source has genuine liquidity backing it. If a modest trade causes significant slippage and results in substantial price movement, the pool is vulnerable. Regardless of how much volume has historically traded there, typically.
The methodology works in real-time. Before each price update, verify the trustworthiness of the source. If manipulation were cheap, it would be a clear technical indicator to exclude that source from price calculation.
Source diversification amplifies this protection. Even if one pool has strong liquidity, oracles shouldn’t rely on it exclusively as liquidity in DeFi could move quickly from one venue to another. The current price should be aggregated across multiple venues, different chains, different AMMs, and different liquidity profiles. During the December 2023 wstETH incident, while Chainlink’s feed spiked 25%, oracles using this approach reported prices in the normal 1.145-1.15 range because they weighted liquidity, not volume.
Replacing VWAP with a liquidity-based methodology is a critical security step for all companies to ensure safe conditions for all DeFi participants.
What’s The Correct Way to Calculate Asset Prices?
Different AMMs structure liquidity differently. You can’t just check total volume within trading sessions. Uniswap V3 concentrates liquidity in specific price ranges. Curve optimizes for stable pairs. Balancer supports custom weighted pools. Each requires understanding its specific mechanics to accurately assess manipulation resistance.
This is why the approach must be systematic. There’s no universal benchmark where liquidity becomes “safe.” It’s determined by the asset, the attacker’s capital, and the potential profit from manipulation. A pool that’s secure for a $1 million market cap token becomes vulnerable for a $100 million one, because the incentive to attack scales with exploitable value.
What This Means for Protocol Security
If your protocol relies on price feeds for anything critical, like liquidations, collateral valuation, or settlement prices, you need to ask: could someone profitably manipulate the source of this data?
Volume-based methodologies assume the blockchain behaves like traditional finance. It doesn’t. Automated execution is emotionless, and regulatory protections don’t exist. These aren’t edge cases; they’re fundamental properties of the system.
The incidents on Arbitrum and GMX weren’t failures of technology. They were failures of methodology. The oracles worked exactly as designed. The design itself was wrong for the environment.
Liquidity-based pricing acknowledges the unique properties of blockchain and builds protection into the price discovery mechanism itself. It’s not about having more data sources or faster updates. It’s about understanding what makes a price trustworthy in an environment where manipulation is trivial and profitable.
Moving Forward
Your smart contracts might be audited by the best firms. Your economic models might be sound. Your team might be exceptional. But if your oracle provider can be manipulated, none of that matters.
Oracle selection isn’t a technical checkbox. It’s a security-critical decision that determines whether your protocol survives its serious attacks. The users who were liquidated on Arbitrum, GMX or Moonwell didn’t lose funds due to buggy code or economic exploits. They lost funds because the oracle reported a manipulated price as truth, and the protocol trusted it.
When evaluating oracle providers, look beyond brand image and ease of integration. Ask the hard questions: What’s their pricing methodology? How do they handle low-liquidity scenarios? What would it cost to manipulate their feeds? Have they experienced mispricing events, and how did they respond?
RedStone built liquidity-based pricing specifically to solve this problem. We’ve never had a mispricing incident from AMM manipulation because our methodology doesn’t rely on volume that can be artificially generated. We measure what actually matters: how much it would cost an attacker to move the price.
Your protocol’s security is only as strong as the data it trusts. Choose that data source carefully.
Want to learn more about oracle security in DeFi? Explore our technical documentation on liquidity-based pricing methodologies.
