Anybody who is interested in using true decentralized finance in the future NEEDS decentralized blockchain oracles.
Blockchain oracles have been the culprit for billions of dollars lost in exploits and hacks.
We have carefully curated information to explain the difference between centralized and decentralized oracles. It is this difference which is responsible for either a safe DeFi protocol or an abject failure.
A centralized blockchain oracle is a single entity which is tasked with supplying a blockchain with reliable, real world data. As a consequence, centralized oracles are a single point of failure, and can break DeFi protocols.
To spot a centralized oracle, you can look for these characteristics:
Centralized oracles lack two key features of decentralization:
Centralized oracles fail for one of three main reasons: false attestation, no attestation, and multiple attestations.
The most common form of oracle failure is false attestation, or signing for an event which did not occur. For example, if I place a bet on the price of PLS going to 1 cent, I will be incentivized to see it do so. If I am in sole control of an oracle, I can simply put in that information erroneously to my benefit, and to the detriment of the ecosystem. Even without malicious intent, human beings can ‘fat finger’ the data and input incorrect information, breaking the system in a similar fashion.
This form of failure occurs when no data is provided to a smart contract at all. This could occur because of a financial incentive to stall the smart contract or a lack of financial incentive to provide information in the first place. This could also occur simply because of a technology failure at the node or an absence at the human level. Additionally, if an oracle provider has admin keys they can pause or halt price feeds at anytime.
This form of blockchain oracle failure occurs when two or more differing units of data are provided to a smart contract. This causes a failure if the blockchain has no method to determine which unit data is correct and which is incorrect. The oracle provider needs a consensus mechanism to include the correct data and censor the incorrect data.
Centralized and/or poorly designed blockchain oracle protocols are responsible for millions of dollars lost per year. Here are a few examples:
In November 2020, 89 million dollars worth of collateral was liquidated when the price of DAI within the Compound protocol rose above 1 dollar.
Think your day is bad? 89 million in liquidations on Compound Finance today, one whale lost 46 millionHow did this happen, Compound used Coinbase as a single source of price data.Should have used #chainlink, honestly grossly irresponsible to nothttps://t.co/YCUtY9jQKy
— Lark Davis (@TheCryptoLark) November 26, 2020
Compound is a DeFi protocol which allows users to mint a stablecoin loan (DAI) from their collateralized cryptocurrencies. The protocol relies on external price feeds to fetch the price of the stablecoin. The price of DAI is needed to understand whether or not the total value locked in collateral exceeds the value of the loan.
If the value of the loan > value of collateral, then the value of collateral is liquidated.
In this specific example, Compound took a singular price feed from the centralized exchange, Coinbase. The price of DAI on Coinbase shot up to $1.3 instead of $1. This raised the value of the loans and caused massive liquidations within the protocol.
The main reasons for the liquidations were:
In the summer of 2019, a trading bot took advantage of an oracle price feed failure. The bot was able to trade on the incorrect price feeds and obtain over a billion dollars worth of Synthetic-ethereum in only a few hours. Luckily, due to limited liquidity within the protocol, the owner of the bot agreed to return the ‘stolen’ funds.
While oracles play a significant role in DeFi, they’re a thorn in the flesh when they fail. Oracle failure is a big security risk in the DeFi market. We cannot ignore that as the DeFi market grows, oracle risk increases.
— Crypto RcKT (@Crypto__RcKT) May 24, 2022
Put simply, within the Synthetix protocol, the price of the Korean Won stablecoin (sKRW) traded at 1000x its normal price. A bot was able to capitalize on this highly inflated price and trade sKRW for synthetic Ethereum (sETH), amassing almost 37m sETH.
The main reasons for this exploit were:
A decentralized blockchain oracle is a distributed network of nodes which collectively provides reliable and accurate data to blockchains and their smart contracts. This data can be input by anybody and censored by some form of consensus. A decentralized oracle also does not have admin keys, governance via DAO, or any other form of centralized control.
The term decentralization is one of the most misused and overused words in the world of blockchain and cryptocurrency. Without clearly defining it and providing specific details, decentralization is nothing but a buzzword.
In the world of oracles, decentralization refers to the functionality of a DeFi protocol not being beholden to one single entity or group.
Let’s take a closer look at what that means in practice.
A decentralized blockchain oracle can work using a variety of different designs. With that said, you should look for similar principles when trying to identify a decentralized oracle with merit.
An admin key is a software function which allows the founders and creators to change the rules of their smart contract or protocol. For example, an admin key could be used to freeze deposits/withdrawals in a particular wallet or account. In the world of oracles, an admin key could be used to manually put in a data point, even against the group consensus.
A permissionless node refers to the idea that anybody can run a node and provide data to the protocol. There are many oracle services that require whitelisting participants (choosing who can participate). This goes against the spirit of decentralization, as each participant must go through a central entity. In addition to being able to provide data, each node must be able to censor the data provided. If an incorrect data point is provided, all other nodes need to be able to dispute that data point to have it changed.
Many founding teams will allocate a large portion of a protocols tokens to themselves. This is not inherently a bad thing, unless the token itself is used within the protocol for voting rights or the inputting of or censorship of data entry. Make sure that the oracle you are using does not have token distributions that allow for unilateral decision making which could enable bad actors.
As with any crypto and blockchain project, knowing what the founders and developers are up to is important. Do they keep you in the loop? Are they active on social media? Are they open and honest about their current affairs and their roadmap?
Tellor.io is a decentralized blockchain oracle project which provides data to a variety of blockchains and smart contracts. Tellor provides data using a network of reporters who can run data from their own personal computer using the Telliot software.
Learn more about the Tellor and Liquid Loans relationship here.
Join The Leading Crypto ChannelJOIN
Disclaimer:Please note that nothing on this website constitutes financial advice. Whilst every effort has been made to ensure that the information provided on this website is accurate, individuals must not rely on this information to make a financial or investment decision. Before making any decision, we strongly recommend you consult a qualified professional who should take into account your specific investment objectives, financial situation and individual needs.
Connor is a US-based digital marketer and writer. He has a diverse military and academic background, but developed a passion over the years for blockchain and DeFi because of their potential to provide censorship resistance and financial freedom. Connor is dedicated to educating and inspiring others in the space, and is an active member and investor in the Ethereum, Hex, and PulseChain communities.