Oracles and the Limits of Decentralisation

Oracles bridge the gap between blockchains and external systems, allowing smart contracts to function using data from real-world sources. Yet, their integration comes with challenges. The Oracle Problem underscores the conflict between the blockchain's decentralised nature and the inherent centralisation of oracles. Additionally, oracles can be vulnerable to manipulation, particularly in markets with limited liquidity or poorly designed protocols. This article discusses these issues and their impact on the DeFi landscape.

Introduction

A smart contract is a self-executing program where the terms of the agreement are written directly into lines of code. It operates on blockchain technology, ensuring that the contract is tamper-proof and transparent. When predefined conditions are met, the smart contract automatically executes actions, such as transferring funds between a buyer and a seller. Smart contracts play a central role in decentralised finance (DeFi). DeFi platforms leverage these contracts to create financial instruments that operate without intermediaries, like banks or brokers. The promise of DeFi and smart contracts is not only that they democratise access to financial services but also enhance efficiency and reduce costs. Through smart contracts, DeFi offers the potential of a transparent, secure, and permissionless financial ecosystem.

One limitation of smart contracts is that their operation often depends upon verifying that some real-world event has occurred. For example, a smart contract which insures against flight delays, requires an external data source which feeds flight data into the blockchain. Another example is that of an overcollateralised lending protocol which lends cryptocurrency to users who post collateral. The protocol needs to constantly monitor the value of the collateral, selling it off before it drops below the value of the loan.

This information is fed into the blockchain by oracles, providing a bridge between the closed system of the blockchain and the real world. Oracles must be trusted by everyone who participates in the smart contract, hence introducing a trusted intermediary and therefore an element of centralisation. Oracles aggregate and feed information that is both off-chain, such as the weather or the prices of real-world assets, and on-chain, such as the price of a cryptocurrency.

The Oracle Problem

Blockchains are unable on their own to retrieve information from the outside world, but this is by design. The reason is that blockchains are maintained and updated by the network nodes, which reach consensus on what is the current state of the blockchain. It is much more secure to achieve consensus if the state is determined only by data that is entirely contained within the blockchain and therefore it is easily verifiable, rather than on external data that come from different sources, allowing for subjectivity and randomness. This design architecture makes blockchains extremely secure and reliable, while at the same time preserving decentralisation, trustlessness and transparency. Oracles, on the other hand, are essentially trusted intermediaries that provide smart contracts with external information.  However, they can be manipulated, controlled by one party or provide unreliable information. The Oracle Problem refers to the tension between the decentralised and transparent nature of blockchains and the elements of centralisation that arise when introducing oracles. 

One way of bypassing the Oracle Problem is to provide enough economic incentives so that the users of the blockchain only report truthful information about outside events. If it is in their best interest to report truthfully, they are no longer trusted intermediaries, and the problem is resolved. A possible mechanism is voting. The users vote on whether an event has occurred (e.g. the flight was delayed) and the majority of votes determines what the smart contract considers to be true. The users whose vote agrees with the majority are rewarded with a payment and the smart contract is executed. Unfortunately, it has been shown that the only way that this mechanism works is if the users are completely indifferent as to what the true state should be, which means that they are not participating in the smart contract.¹ But this is impossible, because the anonymity of the blockchain allows all interested parties to vote in order influence the outcome of the smart contract. It is therefore inevitable that, whenever smart contracts require external information, trusted intermediaries such as oracles are introduced, limiting the decentralised nature of the blockchain.

Oracle Manipulation

Oracles not only introduce elements of centralisation in the blockchain, but they also provide a backdoor through which markets can be manipulated. In 2022, DeFi protocols lost around $400 million from oracle manipulation attacks.² To see how this can be done, consider the following example. Suppose that a lending protocol lends $2000 worth of ETH for every $3000 worth of token X that the borrower posts as collateral. The loan is overcollateralised because the borrower is anonymous, and he would have an incentive not to repay the loan if the collateral is less valuable. The protocol monitors the price of ETH and of X continuously by using an oracle that takes the price feed from a decentralised exchange. If token X has low liquidity, however, the borrower can profit using the following trades. He first buys large amounts of X, thus increasing its price. If the price of X doubles, then the same amount of collateral in token X can be used to borrow $4000 worth of ETH, instead of $2000. Right after borrowing the ETH, he sells the amount of X that he had bought, thus driving the price back down. His loan becomes undercollateralised and his collateral of X is sold off. However, he keeps the $4000 worth of ETH, which was acquired by forfeiting $3000 worth of X, hence making a profit.

To avoid this problem, oracles usually report not the last price but a time-weighted average price (TWAP), for example the average of the last 100 blocks. This makes it more expensive for an attacker to manipulate the price of X, because arbitrageurs will sell the token right after he buys it, making it difficult to sustain a high price for 100 blocks. For example, if the initial price of X is $1, the borrower would need to sustain a price of $2 for 100 blocks, before the TWAP oracle reports a price of $2. Interestingly, the move of Ethereum from Proof-of-Work (PoW) to Proof-of-Stake (PoS) makes it easier for an attacker to manipulate the price of a token. If the attacker runs a validator, then he is chosen randomly to produce blocks. Crucially, in PoS validators know in advance who is going to produce the next few blocks, whereas in PoW each block is assigned randomly while the current block is being published. If the attacker is chosen to produce 2 blocks in a row, then he can do the following. In the first block, he buys token X and inflates its price to $101. When the block is published, arbitrageurs will try to enter and sell X. However, the attacker controls the second block as well, so he includes his own transaction first that sells token X and restores its price back to $1. In that way, he has no losses, and in between he borrows ETH at the inflated price of the collateral. How expensive is it to control 2 blocks in a row? It was calculated that in Ethereum in August 2022, by staking $35 million of ETH, an attacker would control 2 blocks in a row every 65 days, on average.³ Moreover, staking ETH is rewarded hence there is no opportunity cost.

It is worth noting that the attack above is possible due to many factors. First, low liquidity of token X allows the market to be manipulated. Second, the oracle is poorly designed because it has only one source of information for the price of X. Finally, the lending protocol did not detect that a huge increase in the price of X was a result of an attack and therefore it should not lend money under these market conditions. The transparency of the blockchain also has two effects. On the one hand, it allows the attacker to have certainty about how each participant (oracle, protocol) will behave, making the planning of the attack easier. On the other hand, transparency facilitates easy identification of market manipulators, paving the way for legal actions. A case in point is the Mango markets incident, where the suspected perpetrator faced immediate prosecution by the SEC.²

Conclusion

While blockchain technology and smart contracts offer transformative potential for the financial sector, they are not without challenges. The Oracle Problem underscores the inherent tension between the decentralised and trustless environment of blockchains and the need for real-world data, which often introduces elements of centralisation. Oracles, though essential for many smart contract applications, can be susceptible to manipulation, especially in markets with low liquidity or poorly designed protocols. The shift from PoW to PoS in platforms like Ethereum further complicates the landscape, potentially making certain manipulative tactics more feasible. As the DeFi sector continues to evolve, addressing these vulnerabilities and ensuring robust, tamper-proof mechanisms will be crucial for its long-term success and adoption.

Footnotes

¹ For more details, see the paper “An impossibility theorem on truth-telling in fully decentralised systems” by R. Garratt and C. Monnet, which can be accessed at https://www.bis.org/publ/work1117.htm. 

² See https://www.chainalysis.com/blog/oracle-manipulation-attacks-rising/ for an analysis of oracle manipulation attacks by Chainalysis. 

³ For more details, see https://chainsecurity.com/oracle-manipulation-after-merge/.

Haftungsausschluss 

Aaro Capital ist der Firmenname von Aaro Capital Limited („Aaro“), einer Gesellschaft mit beschränkter Haftung, die in England und Wales unter der Nummer 11419585 registriert ist und ihren Sitz im 5. Stock in 10-12 Eastcheap , London, Großbritannien, EC3M 1AJ hat.

Das in diesem Dokument enthaltene Material wird zu allgemeinen Informationszwecken bereitgestellt. Aaro Capital Limited bietet keine Anlageberatung an und gibt auch nicht an, eine solche anzubieten. Auf die in diesem Dokument enthaltenen Informationen sollte sich nicht verlassen werden. Außerdem sollten diese Informationen nicht als Grundlage für eine Anlageentscheidung dienen oder für die Beurteilung der potenziellen Geeignetheit einer bestimmten Anlage herangezogen werden. Die in dieser Präsentation dargestellten Zahlen beziehen sich auf die Vergangenheit oder sind nur als Beispiele aufgeführt. Die Wertentwicklung in der Vergangenheit ist kein zuverlässiger Indikator für zukünftige Ergebnisse.

Dieses Dokument kann Informationen über Kryptoanlagen enthalten. Kryptoanlagen befinden sich im Entwicklungsstadium, und jeder, der Investitionen in diese Art von Vermögenswerten erwägt, sollte vorsichtig sein und sachgemäße Beratung zu den mit diesen Vermögenswerten verbundenen Risiken einholen, einschließlich (aber nicht abschließend) deren Volatilität, des Totalverlustrisikos und der fehlenden Regulierung bestimmter Marktteilnehmer. Obwohl die Geschäftsführer von Aaro Capital Limited angemessene Anstrengungen unternommen haben, um die Richtigkeit der in diesem Dokument enthaltenen Informationen sicherzustellen, können weder die Aaro Capital Limited noch ihre Geschäftsführer eine Gewähr oder Garantie für die Richtigkeit und Vollständigkeit dieser Informationen übernehmen.

Bitte befragen Sie Ihren eigenen, ausreichend qualifizierten Finanzberater, wenn Sie eigene Anlageentscheidungen treffen.