Papers
Topics
Authors
Recent
Search
2000 character limit reached

Oracle Extractable Value (OEV)

Updated 4 July 2026
  • Oracle Extractable Value (OEV) is a subset of MEV that exploits oracle-driven state transitions to trigger liquidations and arbitrage opportunities.
  • Research demonstrates that manipulation of on-chain spot oracles in CPMM systems enables liquidators to execute optimized, sequential trades for profit.
  • Findings indicate that fee mechanisms and cross-chain timing asymmetries play a crucial role in mitigating OEV and influencing extraction strategies.

Searching arXiv for papers on Oracle Extractable Value and related MEV taxonomy. {"query":"Oracle Extractable Value OEV DeFi liquidations oracle manipulation MEV arXiv", "max_results": 10} Searching arXiv for cross-chain MEV and oracle-related extraction. Oracle Extractable Value (OEV) is a subclass of extractable value in which profit arises because oracle-dependent state transitions create monetizable opportunities, most prominently liquidations and oracle-induced arbitrage. In the most direct formulation, an oracle update changes downstream protocol state, and the actor who can anticipate, accelerate, delay, order around, or manipulate that update captures the resulting profit. Recent work treats OEV both as a specialization of maximal extractable value in oracle-consuming DeFi systems and as a concrete mechanism in which a liquidator manipulates an on-chain spot oracle within a block, triggers liquidation, and closes the position through a sandwich sequence (Sadeghi et al., 12 Feb 2026). In broader taxonomic terms, OEV fits naturally within single-domain and cross-domain extractable value, and within the distinction between potential extractable value and realized extracted profit (Mancino et al., 8 Mar 2026).

1. Conceptual scope and relation to MEV

OEV is narrower than general MEV. General MEV includes arbitrage, sandwiching, liquidations, and ordering games; OEV is the subset caused by oracle-driven state transitions. In this framing, the oracle update is not merely informational. It is a value-revealing event that can immediately alter liquidation eligibility, collateral valuation, or protocol solvency conditions, thereby creating a race for extraction (Sevim et al., 2 Jun 2026).

This distinction matters because the object of extraction shifts. In classical mempool-centric MEV, the exploitable object is often a pending user transaction. In OEV, the exploitable object is the oracle-dependent state change itself. A lending protocol that liquidates when a borrower’s health factor crosses a threshold is therefore an archetypal OEV environment: when the oracle moves, the protocol’s admissible action set changes discontinuously, and the first actor to exploit that change can seize value (Mancino et al., 8 Mar 2026).

The broader MEV literature provides the underlying analytical template. Work on AMM extraction formalizes MEV as the gain obtainable by an adversary that can observe pending transactions, reorder them, insert its own transactions, and possibly drop others. It models the game as zero-sum and characterizes adversarial profit as the increase in the adversary’s net worth under an optimal sequence (Bartoletti et al., 2021). This methodology transfers to OEV, but the concrete mechanism differs: instead of exploiting only AMM state transitions, OEV exploits oracle updates or oracle-dependent downstream transitions.

A common misconception is that OEV requires an external oracle network in the narrow sense. The liquidation model of a lending protocol that consumes a constant-product AMM spot price shows that OEV can also arise when the “oracle” is simply an on-chain instantaneous reserve ratio. In that case, intra-block manipulation of the AMM state is already oracle manipulation in the economically relevant sense (Sadeghi et al., 12 Feb 2026).

2. Intra-block OEV in lending protocols with CPMM spot oracles

A concrete OEV model is developed for a stylized Aave-like lending protocol that prices collateral directly from a constant-product market maker (CPMM) spot price. The borrower posts risky collateral cc, owes debt bb, and is governed by a liquidation threshold or haircut θ\theta. The protocol’s compact health-factor representation is

HF(c,b,A,B):=θBcAb,HF(c,b,A,B) := \frac{\theta B\,c}{A\,b},

where AA and BB are the CPMM reserves of the collateral and debt assets. Since the oracle is the AMM’s instantaneous price,

p0=B0A0,p_0 = \frac{B_0}{A_0},

any reserve manipulation directly changes liquidation eligibility (Sadeghi et al., 12 Feb 2026).

The CPMM is modeled in Uniswap v2 style with transaction fee γ\gamma. If aa units of collateral are sold into the pool, the invariant becomes

(A0+a(1γ))(B0b)=A0B0,(A_0+a(1-\gamma))(B_0-b)=A_0B_0,

with output

bb0

The reserve update is therefore

bb1

and the new spot price is bb2. Because the lending protocol consumes this reserve ratio directly, the AMM’s execution mechanics and the liquidation condition are inseparable (Sadeghi et al., 12 Feb 2026).

From the liquidator’s perspective, liquidation is posed as a dynamic program. The liquidator chooses a liquidation size bb3, subject to collateral exhaustion, a debt repayment cap, and a health-factor restoration constraint. The feasible domain is

bb4

where

bb5

is the collateral-exhaustion bound, bb6 is the repayable-fraction bound with maximum repayable fraction bb7, and bb8 is obtained by solving the post-liquidation health-factor threshold condition bb9 (Sadeghi et al., 12 Feb 2026).

A central result is that the optimal liquidation policy is not to liquidate the whole position immediately. The paper proves that the profit-maximizing liquidator should execute a sequence of small marginal liquidations until the health factor reaches the closing-factor threshold θ\theta0, and then make a final finite liquidation if possible. The stated intuition is that small trades preserve better execution pricing under the CPMM, and the result is formalized through a profit subadditivity argument (Sadeghi et al., 12 Feb 2026).

OEV enters when this liquidation program is embedded inside a sandwich attack. The attacker first sells collateral into the CPMM, depressing the spot price and lowering the borrower’s health factor: θ\theta1 Liquidation then occurs at the manipulated oracle price, after which the attacker repurchases the initially sold collateral. The full objective is

θ\theta2

where θ\theta3 and θ\theta4 are the post-liquidation reserves. In this formulation, OEV is the incremental value created by using the manipulated reserve ratio as an oracle input to a separate lending protocol (Sadeghi et al., 12 Feb 2026).

3. Transaction fees, feasibility bounds, and the economics of manipulation

Within this CPMM-oracle model, transaction fees are a security parameter rather than merely a revenue source for liquidity providers. The paper shows that fees reduce the profitability of the manipulative sale, the repurchase leg, and the liquidation spread. More strongly, it proves a hard feasibility bound for the attacker’s preliminary trade size: θ\theta5 This bound comes from the requirement that the attacker must be able to buy back the collateral and close the sandwich without reverting (Sadeghi et al., 12 Feb 2026).

The asymptotic behavior differs sharply between the zero-fee and positive-fee cases. If θ\theta6, the attack can asymptotically extract the collateral’s liquidation value. If θ\theta7, limiting profit tends to θ\theta8 as θ\theta9, because the buyback cost explodes. This is the paper’s strongest fee-based conclusion: fees can render manipulation fundamentally unprofitable, not merely less profitable (Sadeghi et al., 12 Feb 2026).

The numerical example in the same work identifies a critical threshold HF(c,b,A,B):=θBcAb,HF(c,b,A,B) := \frac{\theta B\,c}{A\,b},0 bps above which all sandwich attacks are unprofitable. It further reports that even a HF(c,b,A,B):=θBcAb,HF(c,b,A,B) := \frac{\theta B\,c}{A\,b},1 bps fee makes every positive HF(c,b,A,B):=θBcAb,HF(c,b,A,B) := \frac{\theta B\,c}{A\,b},2 yield negative expected profit in the example, despite the liquidation component becoming positive once the health factor crosses HF(c,b,A,B):=θBcAb,HF(c,b,A,B) := \frac{\theta B\,c}{A\,b},3. The article-level implication is precise: a spot-oracle design based on a CPMM may remain immediately responsive while being endogenously hardened by its own fee parameter, without introducing the latency of time-weighted averages or medianization (Sadeghi et al., 12 Feb 2026).

There is, however, a trade-off. The same paper notes that if

HF(c,b,A,B):=θBcAb,HF(c,b,A,B) := \frac{\theta B\,c}{A\,b},4

the derivative of liquidation profit is zero, and if HF(c,b,A,B):=θBcAb,HF(c,b,A,B) := \frac{\theta B\,c}{A\,b},5 becomes too high relative to the liquidation bonus HF(c,b,A,B):=θBcAb,HF(c,b,A,B) := \frac{\theta B\,c}{A\,b},6, liquidators may cease to participate, allowing bad debt to proliferate because liquidation is no longer profitable (Sadeghi et al., 12 Feb 2026). This makes fee design a joint market-design and risk-management problem rather than a one-dimensional anti-manipulation knob.

4. Speculative OEV on L2s and cross-chain oracle-latency asymmetries

A second major strand of OEV research studies speculative liquidation races on Layer-2 systems. In this setting, the key novelty is speculative OEV: searchers do not wait until an oracle update is visible on-chain and then react; instead, they predict that an update is imminent and repeatedly submit liquidation transactions in the hope that one is included in the same block as the update or immediately after it. This behavior is especially salient on Arbitrum, Base, and Optimism, where there is no public mempool and extraction therefore becomes probabilistic (Sevim et al., 2 Jun 2026).

The empirical study of speculative OEV analyzes 63 Chainlink feeds, 12,009 price updates, over 100,000 oracle observations, and 2,986 Aave liquidations across Arbitrum, Base, Ethereum, and Optimism. On October 10, 2025, it identifies 64 speculative liquidators on Aave, corresponding to 57% of all detected liquidators, and 831 successful speculative liquidations, corresponding to 39% of all successful liquidations across the three L2s in the abstract’s summary. In the full counts across Arbitrum, Base, and Optimism, speculative liquidators are 56.64% of detected liquidators, and they account for 831 out of 2,156 successful liquidation events, or 38.54% (Sevim et al., 2 Jun 2026).

The paper’s detection methodology has two parts. First, it identifies same-block liquidations by collecting liquidation events and Chainlink NewTransmission events, grouping them by block number, discarding oracle updates in the same block that occur after the liquidation via transaction index, and flagging a liquidation as oracle-triggered if an earlier same-block update touches the relevant oracle contract. Second, it classifies a liquidation as speculative if, within a 10-block-before and 10-block-after window, there exist additional transactions with the same destination and identical calldata either in the same block or in adjacent blocks. A liquidator address is then classified as speculative if at least one of its successful liquidations is speculative and all of its successful liquidations are speculative (Sevim et al., 2 Jun 2026).

The cross-chain result is that independent Chainlink decentralized oracle networks consume largely identical off-chain price data nearly simultaneously but publish updates at different times. Optimism updates tend to lead updates on Arbitrum, Base, and Ethereum. Reported true-positive counts are 498 for Arbitrum, 414 for Base, and 188 for Ethereum, with Optimism leading the native update in 66.5%, 63.5%, and 76.6% of true-positive cases, respectively. Average lead times are 19.40 s for Arbitrum, 26.65 s for Base, and 26.95 s for Ethereum; average “after” times are 10.79 s, 12.81 s, and 8.79 s, respectively (Sevim et al., 2 Jun 2026).

The paper also gives a concrete example: a BTC-collateralized Aave position on Arbitrum would have crossed below health factor HF(c,b,A,B):=θBcAb,HF(c,b,A,B) := \frac{\theta B\,c}{A\,b},7 using the Optimism feed at least 6 seconds before the native Arbitrum feed. It evaluates a baseline strategy of watching Optimism and continuously broadcasting liquidation transactions on the target chain until the native update arrives. At HF(c,b,A,B):=θBcAb,HF(c,b,A,B) := \frac{\theta B\,c}{A\,b},8, reported success rates include 96.7% for Arbitrum ETH/USD, 91.3% for Arbitrum BTC/USD, 81.8% for Base ETH/USD, and 80.7% for Base BTC/USD, with the associated cost measured as the number of blocks during which the bot must continue broadcasting (Sevim et al., 2 Jun 2026). This suggests that, in cross-chain settings, oracle publication latency itself can become a predictive signal and hence a source of OEV.

5. Formalizations, measurement problems, and relation to cross-domain extraction

The formal treatment of OEV inherits the basic MEV idea that extraction is an optimization over admissible action orderings. One recent systematization defines single-domain extractable value as

HF(c,b,A,B):=θBcAb,HF(c,b,A,B) := \frac{\theta B\,c}{A\,b},9

and cross-domain extractable value as

AA0

Under this lens, oracle updates are simply state-changing actions whose timing and ordering affect the reachable profit set. The same work emphasizes the distinction between potential extractable value and realized extractable value, with realized profit bounded above by the theoretical maximum (Mancino et al., 8 Mar 2026).

A related cross-domain formalization defines extractable value in domain AA1 as a balance delta induced by an action sequence,

AA2

and maximal extractable value as

AA3

Its cross-domain generalization,

AA4

is not oracle-specific, but it is directly adaptable to cases in which an oracle update in one domain alters the opportunity set in another (Obadia et al., 2021).

Measurement remains difficult. The SoK on MEV stresses that realized extraction is often only a lower bound because private order flow, proposer-builder separation, and cross-domain coordination can make opportunities partially unobservable (Mancino et al., 8 Mar 2026). The speculative-OEV study reinforces this point empirically: repeated identical liquidation attempts, high revert rates, and the absence of a public mempool imply that much of the competitive process is only indirectly visible through same-block execution patterns and clustered transaction spam (Sevim et al., 2 Jun 2026). A plausible implication is that measured OEV may systematically understate latent oracle-driven opportunity.

6. Mitigation strategies, verification, and open design tensions

Mitigations for OEV operate at several layers. At the market-design layer, the CPMM-oracle liquidation model argues that transaction fees can harden spot oracles endogenously by eliminating profitable intra-block manipulation without the latency of time-weighted averages or medianization (Sadeghi et al., 12 Feb 2026). At the sequencing layer, the MEV SoK lists encrypted mempools, fair ordering protocols, batch auctions, commit-reveal, proposer-builder separation, shared sequencers, intent-based protocols, and ZK verification as mechanisms plausibly relevant to reducing or redistributing oracle-triggered extraction (Mancino et al., 8 Mar 2026). The speculative-OEV study further points to Smart Value Recapture (SVR) and sealed-bid auctions for liquidation rights, and notes that SVR was active only on Ethereum during the study period, not on the analyzed L2s (Sevim et al., 2 Jun 2026).

At the contract-analysis layer, oracle risk can be modeled as bounded deviation rather than only as an ordering problem. The framework OVer analyzes DeFi contracts under skewed oracle inputs, using symbolic summarization and SMT solving to identify admissible parameters and generate guard statements. Its basic oracle deviation model is

AA5

and its central safety obligation is

AA6

Across 9 DeFi protocols and 1 fictional protocol, it reports that many deployed parameter settings are inadequate under historical oracle deviations. Reported deviation limits include 0.08 for Aave with AA7, 0.17 for Compound with AA8, 0.09 for Morpho with AA9, and 0 for Solo and Beefy in the listed configurations; observed deviations reach about 0.1390 on Chainlink and about 0.4248 on Uniswap (Deng et al., 2024).

These two mitigation directions are not equivalent. Fee-based hardening targets profitable manipulation of an on-chain spot oracle. Deviation-bounded verification targets unsafe protocol logic under skewed or stale oracle inputs. Cross-chain speculative OEV introduces an additional layer, because the exploitable signal may come not from manipulating a local price feed, but from observing timing asymmetries across independently operated oracle networks (Sevim et al., 2 Jun 2026). This suggests that OEV is best understood not as a single attack primitive but as a family of extraction mechanisms arising wherever oracle-dependent state transitions, transaction ordering power, and latency asymmetries intersect.

The main limitations in the current literature are explicit. The CPMM-liquidation model assumes flash-loan access and ignores gas costs, making it an upper bound on attacker profitability, and it studies a stylized single-DEX, single-collateral setting (Sadeghi et al., 12 Feb 2026). The speculative-OEV study is centered on Aave liquidations and Chainlink feeds on selected L2s (Sevim et al., 2 Jun 2026). The cross-domain formalizations recognize oracles as likely sources of extractable value but do not provide feed-specific trust models or oracle-delay action spaces (Obadia et al., 2021). Accordingly, a comprehensive theory of OEV remains distributed across liquidation theory, oracle-system timing analysis, sequencing design, and formal verification of oracle-dependent smart contracts.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Oracle Extractable Value (OEV).