The DeFi space we know today is a result of years of development, with each innovation prompting new use cases and the creation of new products. But some blockchain lovers argue that innovations come at a cost of reduced decentralization. Thus, price oracles instigated a discussion on “The Oracle Problem” regarding the mere idea that relying on a single source of information pushes blockchain to sacrifice decentralization-related benefits, creates a possible single point of failure and introduces the idea of putting trust back into the system.
Let's uncover whether price oracles do more good than harm by facilitating the development of new DeFi products or whether they pose a threat to security and decentralization.
What is a Price Oracle?
Blockchain oracles are a bridge between the real world and the network, providing the information needed for smart contract execution. An oracle as such isn't a source of information but rather a tool to query, retrieve, verify and provide a blockchain with off-chain data. Oracles can source all sorts of information: successful completion of an event, geodata, random number, etc. In particular, price oracles report on price changes. Once a smart contract receives the input information, it acts in response to it.
Price oracles can be further categorized into off-chain and on-chain, centralized and decentralized.
On-chain price oracles, often called software oracles, get their data from on-chain sources and thus are able to send it in real-time. For example, Uniswap provides time weighted average price oracles that have been integrated into dozens of DeFi projects.
Off-chain or hardware oracles store and compute information off-chain and only then make an input on the blockchain. For example, Compound relies on the Open Price Feed which provides off-chain price data. A number of Reporters like Coinbase Pro and Bittrex sign a message about prices with a private key.
Centralized oracles input data validated by a single operator, which is also a single entity that’s responsible for everything.
Decentralized oracles rely on multiple independent sources that report the data without coordinating with one another and the protocol evaluates the input from all the nodes.
Each type of price oracle has its strong and weak points and it's up to a project to decide which type to integrate. We'll look at price oracles as a single technology.
Benefits of Price Oracles
The biggest benefit of price oracles is the number of new blockchain use cases they introduce. Without oracles, smart contracts would have been limited to the scope of information within their own networks. Oracles connect the chain with the outside data, a fact that is crucial for the operations of many DeFi projects.
How price oracles are used in DeFi:
Lending protocols rely on price oracles to avoid under-collateralized loans: price oracles provide relevant data on the value of the underlying assets so the protocol knows when it drops in price and when to liquidate the position. For example, AAVE leverages Chainlink Price Reference Data contracts to determine the threshold for the liquidation of cryptocurrency-backed loans.
A similar principle applies to the stabilization of crypto-backed stablecoins like DAI. DAI's peg to USD is maintained by using collateralized debt denominated in Ethereum. Price oracles are utilized to report the value of ETH and determine the moment when DAI is insufficiently collateralized.
Derivative platforms in turn use price oracles to calculate the value of assets. For example, Perpetual Protocol pulls the spot price of each asset once every hour from Chainlink. Then, if the market price is bigger than the index price, long position holders pay a funding payment to short position holders or the other way around.
Index services use price oracles to inquire about index component prices.
Insurance smart contracts rely on price oracles to verify claims before reporting to the blockchain, thus preventing fraud. Nexus Mutual uses oracles for valuations of its multi-currency capital pool and for rebalancing its minimum capital requirement.
Decentralized prediction markets integrate price oracles to source the outcomes of off-chain events.
Without price oracles, all these blockchain applications would be impossible as smart contracts have no access to off-chain data or market changes and most events still occur outside blockchains.
Weaknesses That Come with Benefits
The major problem that arises with the integration of price oracles is the fact that it creates a single point of failure. An oracle is the only source of the input data sent to a smart contract and the information it receives triggers certain actions, regardless of whether it is rebalancing a stablecoin or liquidating a loan. Thus, an oracle controls how a smart contract is executed. If an oracle goes down, produces incorrect values, is manipulated or has a vulnerability, then the whole system is compromised.
The issue is often referred to as 'The Oracle Problem.' With the integration of oracles, blockchains that are meant to be trustless and decentralized could become vulnerable, since they have to trust that the oracle’s information is correct.
In the ideal scenario, an oracle should comply with the following characteristics:
- Nodes and oracles must be anonymous and have no way to identify each other.
- They should have no means of communication or sharing information.
- The submitted information must be hidden.
- The data an oracle inputs must be accurate, thus an oracle must rely on secure sources.
- There should be no loopholes for oracle manipulation.
- And lastly, an oracle must deliver information on time.
If one of the characteristics listed above is violated, an oracle and the whole system could become compromised. There are five major types of attacks related to mechanism vulnerabilities.
The first is price delays which may occur either intentionally or unintentionally but in either case, could lead to serious consequences. Network congestion can cause price delays and as a result, price deviations. Another factor contributing to the problem is that all on-chain events happen on block time while off-chain events follow linear time.
The second type is a majority attack which happens when a single entity owns a majority of nodes. It can report false data but still be in the majority, thus manipulating the outcome and smart contract execution.
Similar to the majority attack, when one node is able to share information with others in a set of a decentralized oracle, the other nodes may choose to report the same information. This becomes an issue when nodes share false information. This type of attack is called mirroring.
The next type of attack that may occur is data manipulation due to an oracle sourcing information from an unprotected source or is manipulated by a third party.
And lastly, if an oracle isn't secure in itself, it could have a bug that can be exploited.
What Could Go Wrong?
In the past year, a poorly integrated price oracle resulted in massive DeFi attacks with millions of funds stolen.
Warp Finance is an example of how a vulnerability in on-chain oracle implementation led to the loss of $7.7 million. The lending protocol allowed users to stake LP tokens as collateral to take out a loan. The number of assets a user could borrow was determined by the Uniswap LP token value that in turn was calculated using the amount and price of the assets in the pool and the total number of LP tokens. The attacker traded twice within the pool to manipulate the price. They exchanged a huge amount of one of the assets within the pool which affected the calculation of the price. The total value of the token greatly increased, followed by an increase in the unit price of the LP. Thus, the hacker managed to take out an uncollateralized loan.
Synthetix suffered a loss of $1 billion due to an oracle misreporting price information. The oracle input a price 1000x higher than the actual rate for Korean Won (KRW) and a trading bot simply took advantage of it. While the system was reporting the incorrect information, the bot conducted several transactions, making over $1b in profit.
The root cause of the Value DeFi attack and the loss of $6 million was also a vulnerability in its price oracle. The hacker took a flash loan and made a series of stablecoin swaps to manipulate the vault withdrawal method.
Then there is also the example of Cheese bank which also relied on an unsafe oracle. It lost $3.3 million and stopped operations. Harvest Finance, DDEX and bZx, were all exploited because of oracle manipulation.
Closing Thoughts
Price oracles are critical to the operations of many DeFi protocols. Oracles must be considered a crucial part of DeFi security. In the wave of DeFi hacks in 2020, many emphasized the role of flash loans in a number of the attacks, while unsafe oracles and oracle manipulation were often overlooked. DeFi companies must pay more attention to choosing price oracles and weight aspects like security, timeliness and decentralization.