add oracle manipulation

[davidekete]

No description provided.

[yann300]

The Oracle Manipulation tutorial has several issues that need addressing for beginner comprehensibility and accuracy:

Major Issues:

1. Missing Critical Files:
   - No complete Oracle.sol file with all necessary interfaces (IUniswapV2Factory, IUniswapV2Pair, IERC20, IWETH, IBUSD)
   - The test file imports ../src/Oracle.sol which doesn't exist
   - Missing interface definitions for IWETH and IBUSD
2. File Naming Inconsistency:
   - /vulnerability-example/vulnerabilty.md has a typo (should be "vulnerability.md")
3. Incomplete Code Examples:
   - The vulnerable contract in Vulnerability.sol is incomplete (missing imports and interfaces)
   - Test file references undefined interfaces

Content Accuracy Issues:

4. Technical Inaccuracies:
   - The getPrice() function has a critical bug: price = reserve0/reserve1 should account for token ordering and decimals
   - Missing explanation of which token is reserve0 vs reserve1 in the WETH-BUSD pair
   - Console output shows different values (1797984178269 vs 17 trillion mentioned in text)
5. Beginner Comprehensibility Problems:
   - Assumes familiarity with Uniswap V2 mechanics without sufficient explanation
   - No explanation of why division-based pricing is vulnerable
   - Missing step-by-step breakdown of how the attack manipulates reserves
   - Foundry setup instructions reference files that don't exist in this tutorial structure

Recommendations:

For Remix IDE compatibility, the tutorial needs:

1. Complete, self-contained .sol files with all interfaces included
2. Clear file structure that matches the import statements
3. Beginner-friendly explanations of DeFi concepts
4. Working examples that can actually compile and run
5. Fix the typo in the filename

The tutorial concept is educational and covers an important security topic, but requires significant fixes to be functional for beginners in Remix IDE.