Levana Protocol Oracle Congestion

On December 13, 2023, the Osmosis-based perpetuals protocol Levana lost approximately $1.15 million when attackers exploited stale price feeds during chain congestion. By inducing/leveraging Osmosis network congestion, attackers caused Levana's oracle to lag, then opened and closed perpetual positions at moments when the protocol's price was provably stale.

What happened

Levana's perp pricing depended on oracle updates that, under Osmosis congestion, fell behind real market prices. Over roughly two weeks, attackers systematically opened positions when the lagging oracle favored them and closed when it corrected — extracting ~$1.15M from the protocol's LP pool. The slow-bleed nature delayed detection.

Aftermath

• Levana paused, hardened oracle freshness/staleness checks, and pursued LP compensation.
• Detailed post-mortem on congestion-induced oracle lag.

Why it matters

Levana is a distinctive entry: the oracle wasn't manipulated by capital — it was outrun by congestion. The attack vector is time, not price-pushing. It generalises a subtle lesson beyond the usual flash-loan oracle story: a price feed is only as good as its worst-case latency, and an attacker who can induce or exploit chain congestion controls that latency. Perp/derivatives protocols must enforce hard staleness bounds (reject trades against feeds older than N seconds) and account for the chain's congestion behaviour — a requirement that doesn't appear in the standard "use a TWAP" advice and is precisely why Levana is worth its own entry.