In this type of attacks the goal is the same - to borrow more than deposited. But in this category attackers try to make the protocol think that the value deposited is high, or that the value borrowed is low. It is a success if an attacker deposits 1000 USD, but oracle manipulations make the protocol think that 5000 USD was deposited. It will allow to borrow 3000 USD value, and LTV check will pass.
The most obvious issues happen when a protocol takes prices from Uniswap pairs either by getReserves() or by balanceOf(). This is a redflag in the majority of cases. Even a beginner hacker knows it is easy to take a flashloan and set any price in the pair: either very high or extremely low. Only very old projects made such a mistake, or scammy projects with low liquidity.
But, when analyzing the biggest Lending hacks, you may find that the mispriced assets are LP tokens or shares in vaults. Let's take the Warp Finance as an example. https://rekt.news/warp-finance-rekt/
Warp Finance allowed LP tokens to be deposited as collateral. LP tokens usually are not so liquid, so the protocol introduces some logic to price these tokens.
In Warp the team calculated LP token price as [Pair TVL] / [LP tokens minted]. It sounds quite reasonable, but it was a bad idea for a Uniswap pair. The Uniswap pair keeps k constant, but TVL is not guaranteed to remain constant.
The TVL formula was: TVL = (reserve0 * price0) + (reserve1 * price1). The team took secure price feeds (TWAP). Also, k is always constant, but the whole TVL return can go up and down dramatically when large swaps happen.