In 2021, a lot of buzz about first-party oracles was heard in the world of smart contracts and decentralized applications. The accompanying first-party vs third-party oracle debate is fascinating for some and utterly confusing for others.
Blockchain oracles get their data from Web APIs. A first-party oracle, where the API provider itself (the data source) is the oracle, publishes data directly to the blockchain. A third-party oracle is one where a third-party entity (other than the API provider) is the oracle. The third-party oracle calls the API to get data and then publishes it to the blockchain.
Why Third-Party Oracles?
Intuitively, the benefits of first-party oracles are obvious. If the API provider publishes data directly on-chain then the data doesn’t have to pass through an untrusted middleman. The API provider is the only entity that must be trusted before the data is etched in the immutable blockchain.
Currently, however, the oracle space is dominated by third-party oracles. Let’s take a step back and ask my favorite question — “Why?”
About a year ago Burak posed the question “
Existing oracle node software:
- is unstable to operate
- can’t self-recover
- has vague configuration recommendations
- requires auxiliary software
Traditional API providers don’t want to:
- be paid in cryptocurrency
- have costs in cryptocurrency
- stake cryptocurrency
For these reasons, API providers have, until now, opted not to run their own first-party oracles. But there is a huge demand for off-chain data on Web3, particularly in decentralized finance (DeFi). As a result, there has been a very lucrative opportunity for third parties to run oracle nodes and serve as middlemen between the API providers and the blockchains.
In short, third-party oracles currently dominate because it has been too difficult and risky for API providers to run first-party oracles.
The Game Has Changed
Day to day movement can feel excruciatingly slow, but it’s amazing what can be accomplished in a year! API3 spent the last year building Airnode, oracle software that addresses and eliminates all of the reasons API providers haven’t wanted to run their own first-party oracle in the first place. This development changes the game entirely.
With Airnode, API providers no longer have good reasons to choose not to run their own oracle software. We can finally realize the obvious benefits of first-party oracles, cutting out the third-party middlemen, increasing efficiency, and reducing risk.
But this development presents a new problem to overcome. We’ve been conditioned by middlemen with a profit motive to believe that third-party oracles are decentralized and that decentralized is always better. Let’s think through these questionable assertions.
Decentralization and Transparency
A core tenet of Web3 is decentralization. In order to avoid an attack on or manipulation by an individual, smart contracts rely on decentralization and consensus for security. Ethereum, for example, is a platform for trustless computing. You can’t trust the individual nodes but you can trust the decentralized network.
Another core tenet of Web3 is transparency. In order to have secure, trustless computing through decentralization and consensus the nodes must be transparent. Transparency is why we are able to “Don’t trust. Verify.” on Web3. Transparency can be seen from the source code level — Web3 is overwhelmingly open source — all the way up to organizational governance and the proliferation of DAOs.
Both decentralization and transparency help enable the trustless and permissionless computing environment of Web3. However, it’s important to understand when to apply each concept.
Transparency allows us to independently review and verify something from an individual. On its own, transparency doesn’t guarantee truth. An individual can lie and “transparently” provide false or misleading information to support the lie. Decentralization is a way to reduce the risk of an individual lying. It’s less probable that 3 out of 4 individuals will collude and lie than it is that one individual will lie.
It’s tempting, then, to conclude that everything should always aim to be more decentralized. In fact, that is often the point of view taken in crypto. But to always assume that is naive and foolish. In reality, decentralization is an engineering trade off. It can have benefits, but it also has costs. Deciding when it’s appropriate to decentralize something requires a cost benefit analysis. Do the benefits justify the costs?
Why First-Party Oracles?
It might seem like third-party oracles are preferable because we’re told they’re decentralized. But a further investigation shows this assumption is misguided.
While third-party oracles have solved the problem of connecting APIs to blockchains, they’ve introduced a new problem. In addition to trusting the API provider, we also have to trust the third party oracle in the middle. The typical way this new trust problem has been addressed is to follow the lead of the blockchains themselves and decentralize oracle nodes.
As stated before, the benefit of decentralization is that it reduces the risk of an individual lying. But the thing that’s decentralized when we’re talking about third-party oracle networks is the third-party oracle nodes, not necessarily the API providers. In fact, it’s quite normal for third-party oracle nodes to acquire their data from the same APIs. In some cases third-party oracle networks even “decentralize” data from only a single source and then “aggregate” it back together.
In these situations the only problem being solved by decentralization is the one created by third-party oracles. We can’t trust third-party oracle nodes and so we decentralize them to reduce the risk they introduced in the first place. And the reasons for needing them have been eliminated. We don’t need them anymore.
The risk of an attack on or by third-party oracle nodes exists, even if it’s reduced using decentralization. With first-party oracles the middlemen nodes are eliminated entirely so there is no third-party trust problem to solve. The added risk from third-parties is zero because there are none. In both cases the risk from the API provider is the same so with third-party oracles the overall risk is increased, even when those oracles are “decentralized”.
To further muddy the third-party oracle water, they are often not transparent about their data sources. This opacity violates a core tenet of Web3. First-party oracles, on the other hand, are inherently transparent. When the data source is the oracle, there is never any question about where the data comes from. The reputation of the API provider is brought on-chain with the data.
If there are multiple, truly independent sources of data then there can be value in decentralizing the data sources themselves. But when the API provider has a strong reputation, which many do, then the value added by decentralizing data sources can be low. It may even be harmful to decentralize and aggregate a very reputable data source with a less reputable source because it dilutes the quality of the data from the more reputable source. Of course, with opaque third-party oracles you would never know. You have no choice but to trust them.
Here we compare first-party oracles vs third-party oracles when the API provider has a strong reputation.
When the API provider has a strong reputation a “decentralized” network of third-party oracles sacrifices both transparency and efficiency in order to gain a dubious decentralization benefit that in many cases is actually harmful.
In the end it’s no contest. First-party oracles outperform third-party oracles in almost every way you can compare. The reasons for having third-party oracles in the first place have been eliminated by API3 and Airnode. The next generation of blockchain oracles are first-party.
As introduced in Burak’s recent article “
Also published here