DeFi oracles, explained
What are oracles within the blockchain ecosystem?
Oracles are third-party services that allow smart contracts within blockchains to receive external data from outside of their ecosystem.
Oracles act as a data source that can be fed into a smart contract, which enables them to access real-time data that isn’t on the blockchain, which is most often the real-time price of assets. Even though oracles themselves aren’t data sources, they are layers that verify on-chain data related to real-world events and then submit the cumulative data to smart contracts.
Currently, companies operating in the decentralized finance space rely on oracles for real-time on-chain data. In fact, seven of the top 10 DeFi applications are supported by centralized or semi-centralized oracles for critical external information due to a lack of fast, secure decentralized oracles.
The need for oracles arises because blockchains do not have on-chain data saved in their ecosystems. To reference this data, this information is usually sourced from major crypto exchanges such as Binance and Coinbase, which have application programming interfaces that allow oracles to perform queries.
What are the types of oracles?
Oracles are classified based on the source of the information, the direction of the information and the degree of trust.
The source of the data can either be hardware or software. Hardware oracles collect data directly from the physical world and convert it to digital values that can be fed into smart contracts. These include barcode scanners and sensors that collect data actively or passively and transmit it to the smart contract. Software oracles get information from online sources, browsing their websites and thereby providing the most up-to-date information to the smart contract. For blockchains, this information usually comes from cryptocurrency exchanges.
The direction of information can be either inbound or outbound. While inbound oracles allow the network to send information from external data sources to smart contracts, outbound oracles permit smart contracts to send data to external sources.
Centralized oracles function as a single entity providing data from an external source to a smart contract operating with a set of security features. However, because there is only a single node responsible — similar to the traditional financial system where there is a single point of failure — it becomes less secure and more vulnerable to being corrupted and attacked by malicious data being fed into the smart contract.
Decentralized oracles, on the other hand, rely on multiple external sources to increase the credibility of the data provided to the smart contracts. Decentralized oracles work on the Schelling points game theory in which all participants provide data without colluding with one another, and the Schelling game determines whether the consensus data point or amendments proposed to the software are valid and acceptable, after filtering for any inaccuracies.
Why does the DeFi ecosystem need decentralized oracles?
Oracles are intermediaries that ensure trust in the DeFi ecosystem.
First of all, within the DeFi ecosystem, decentralized oracles are primarily used, as using centralized oracles goes against the ethos of DeFi products/applications. DeFi applications are financial tools that are built on a blockchain — in most cases, the Ethereum network.
The total value locked, or TVL, in DeFi is the total balance of Ether (ETH), Bitcoin (BTC) and ERC-20 tokens held in the smart contracts of DeFi applications. The fast rise in TVL from $675 million at the start of 2020 to past $7 billion in the third quarter of the year is an indication of the impact that blockchain oracles have in DeFi. The impact is also seen in the exponential year-to-date returns on investments in the tokens of major decentralized oracle providers Chainlink (with its LINK token) and Band Protocol (with its BAND token) when compared with Bitcoin.
The increasingly popular hybrid DeFi protocols, which offer decentralized networks while eliminating volatility, operate by connecting crypto assets to conventional financial instruments, especially those that are pegged to the U.S. dollar.
What are the risks of using oracles in DeFi?
The oracle problem and latency are the major risks of running oracles on a blockchain.
The oracle problem arises due to a trust conflict that centralized third-party systems bring to smart contracts and blockchain systems that are decentralized. Because the data provided by oracles is directly fed into smart contracts, which function based on this data, it’s evident that oracles hold hierarchical power in the execution of the smart contracts. Due to these immense implications, it’s critical for DeFi apps and protocols to have oracles with reliable data and little or no latency.
Broadly, oracle solutions can be classified into two categories: fast but insecure, and secure but slow. The first category mainly applies to decentralized oracles, as they have low latency rates. Due to a vulnerability to various game theory attacks, a majority of DeFi applications run on centralized or semi-centralized oracles.
Most decentralized oracles use the ShellingCoin mechanism, wherein independent sources report the data without coordinating with other sources. Due to the absence of this contact, these sources/agents report “true” data to the best of their capabilities while expecting other sources to do the same. This mechanism is vulnerable to various problems such as collusion between parties, signaling and even bribing. And in the event of a hacker attacking the data feed, known as a man-in-the-middle attack, there is no retaliation mechanism in place. Even a single incorrect value can have significant consequences for the applications relying on the oracle.
Centralized oracles fall under the “secure but slow” category. When pitted against decentralized oracles, these oracles are robust with elements of game theory. They utilize manual voting and “dispute rounds” to overcome attacks that attempt to manipulate their data. But because these methods entail longer wait periods, sometimes lasting weeks, DeFi applications are often discouraged from using them as their oracle of choice. However, despite their protection against game theory attacks, they possess counterparty risk and leave a higher chance of effective hacks due to a single point of failure, decreasing the security of DeFi applications in this particular regard.
How do DeFi applications overcome oracle limitations?
Robust security based on game theory in disputes can offer possible solutions to the oracle problem.
As seen in the security lapses of Synthetix and bZx, blockchain oracles are vulnerable to attacks from rogue hackers that want to exploit pricing anomalies by making oracles their target. Oracles are vulnerable to these attacks because they are, theoretically, outside the consensus mechanism of the blockchain, and thus, the security mechanisms of the blockchain don’t apply to them.
Spearheading the domain of oracle development are platforms such as Chainlink, Band Protocol, and Compound, with its Open Price Feed. Chainlink has partnered with giants such as Google, Oracle Corporation, Gartner, Binance and even China’s Blockchain Service Network, and it’s also in talks with SWIFT, which is the global standard for communications between financial entities.
What are the most popular DeFi protocols running oracles?
Open lending/borrowing protocols such as MakerDAO, Compound and Aave use oracles to fetch external data while running on the Ethereum blockchain.
MakerDAO is among the most popular DeFi open lending protocols, and its Dai token is pegged to the U.S. dollar and backed by crypto assets. MakerDAO utilizes an oracles module to determine the real-time price of assets. The module is composed of whitelisted addresses of oracles and an aggregator contract. The oracles send periodic price updates to an aggregator that determines a median price, which is then used as a reference price on the platform.
Compound is a money market protocol that allows users to earn interest and/or borrow assets against collateral. Similar to MakerDAO, Compound also uses oracles to gather price information that is then forwarded to its price feed, which is managed and controlled by “administrators” that are holders of Compound’s native token, COMP.