economic-shape replay Lending Incident · October 11, 2022

Mango Oracle Pump

Reviewer-first evidence page for fixtures/replays/mango-oracle-pump. The claim boundary is scoped to the committed simulation inputs, canonical hash, and deterministic rerun listed below.

Canonical hash d2344f727c7b84ea9eb11573089c77bef6b66131d485ec90fbf65842e7c920e6

[ 01 ]

What broke

Outcome / verdict

oracle_bounds fired at tick 2. The recorded reason was field=`bad_debt` observed=26750.0 == expected=0.0.

Mango Markets' October 2022 exploit used a thin-market price pump and oracle-followed collateral valuation to support borrows that became unrecoverable after the price reverted.

Riptide does not replay Mango v3 bytecode, Mango account state, TWAP composition, or Serum/OpenBook venue execution. This case study models the oracle-pump-to-bad-debt geometry on Riptide's Solana lending fork.

Replay shape

The replay starts with a trader depositing 100 collateral at oracle price 100. At tick 1, the oracle is pushed to 500 and the trader borrows 35000, a borrow that is healthy only under the inflated price.

At tick 2, the oracle reverts to 100 and a liquidator settles the now-underwater position. The seized collateral cannot cover repay plus bonus, so the pool records 26750 bad debt.

[ 02 ]

Why it matters

This lending and margin-risk shape matters because oracle-followed collateral inflation can permit borrows that the post-revert price cannot sustain. The replay mirrors the economic geometry of the October 2022 Mango Markets exploit on a Solend-shaped toy lending fork, but it does not replay Mango v3 bytecode, TWAP composition, Serum/OpenBook venue state, or the incident slot.

Public reporting used to motivate the Mango oracle-pump shape. These references are historical context; the replay evidence is the committed fixture and canonical hash.

Secondary coverage

Chainalysis - Mango Markets exploit post-mortem (October 2022)

[ 03 ]

Reproduce

Start from a clean checkout, install the CLI, then rerun the committed replay configuration. The expected canonical hash is listed in Artifacts.

Install curl -fsSL https://riptide.run/install | sh Rerun cd fixtures/replays/mango-oracle-pump && riptide replay config.json --allow-invariant-violations

The public rerun script is mirrored as an artifact; this page renders the minimal command path so reviewers do not need to read generated comments.

[ 04 ]

Artifacts

Canonical hash d2344f727c7b84ea9eb11573089c77bef6b66131d485ec90fbf65842e7c920e6

Source path fixtures/replays/mango-oracle-pump

Source commit 2bca411f1a8a09313db0e4afcadf822e3442a73f

Evidence type economic-shape replay

`oracle_bounds` is the replay-scoped invariant name for the slide promise; it is bound to the toy lending pool's `bad_debt == 0` signal. The canonical evidence shows `oracle_bounds` fires once at tick 2.

T2 oracle_bounds field=`bad_debt` observed=26750.0 == expected=0.0

simulation-result.json manifest.json summary.md trace.md rerun.sh provenance.json

[ 05 ]

What this does not prove

a byte-level reproduction of Mango v3's program or the slot state from the incident,
an audit or safety claim about Mango Markets, Mango v3, or any deployed Solana perpetual-trading protocol,
a faithful model of multi-source TWAP oracle composition or order-book-driven price discovery — the toy fixture realizes the pump and revert as two single-tick price moves rather than as a structural matching-engine reaction.