By description, oracles are third-party services that enable smart contracts within blockchains to receive external data from outside of their ecosystem. They are designed to act as a data source that can be fed directly into a smart contract enabling them to access real-time data that is not on the blockchain. In most cases, they access the real-time price of assets.
Although the oracles themselves are not data sources, they act as layers that authenticate on-chain data related to the real-world events and then they submit the cumulative data to smart contracts.
Today, companies that are operating in the decentralized finance (DeFi) space rely heavily on oracles for real-time on-chain data. Notably, seven of the top 10 DeFi apps are entirely are supported by centralized or semi-centralized oracles for essential external information due to lack of fast, secure decentralized oracles.
The importance of oracles arises since blockchains have no on-chain data saved in their ecosystems. To refer to this data, the information is normally sourced from major crypto exchanges like Coinbase and Binance. They have application programming interfaces that enable oracles to perform queries.
Types Of Oracles
Oracles are classified according to the source of the information, the direction of the information, and the degree of trust. The source of the data can either be hardware or software. Hardware oracles are designed to collect data directly from the physical world; and change it into digital values that can be fed into the smart contracts.
They include barcode scanners and sensors that usually collect data actively or passively; and then transmit it to the smart contract. On the other hand, software oracles acquire information from online sources; browsing their sites, and then offer the most up-to-date information to the smart contract.
This information comes from crypto exchanges in the case of blockchains. The direction of information can be outbound or inbound. While the inbound oracles enable the network to send information from external data sources to the smart contracts; the outbound oracles allow smart contracts to send data to external sources.
Centralized oracles work as a single entity that offers data from external sources to a smart contract that functions with a set of security features. Nevertheless, since there is just one node responsible; the same as the traditional financial system where there is just one point of failure; it becomes less secure and highly vulnerable to being corrupted and exposed to malicious data being fed into the smart contract.
On the flip side, decentralized oracles rely on many external sources to enhance the credibility of the data that is provided to the smart contracts. They work on the Schelling points game theory where all participants give data without colluding with each other. The Schelling game determines whether the consensus data points or amendments proposed to the software are valid and acceptable after filtering for any existing inaccuracies.
Why Does The DeFi Ecosystem Require Decentralized Oracles?
Oracles are known intermediaries that enhance trust in the DeFi ecosystem. First, within the DeFi space, decentralized oracles are mainly used, as using centralized oracles goes against the ethos of DeFi products/applications. DeFi applications are financial tools that are designed and powered on a blockchain. In most cases, they are built on the Ethereum network.
The cumulative/total value that is locked, or TVL, in decentralized finance, is the total balance of bitcoin (BTC); Ether (ETH), and ERC-20 tokens held within the smart contracts of DeFi applications. The rapid surge in TVL from $675 million at the start of 2021 to over $7 billion in Q3 2021 is a major indication of the impact that blockchain oracles have in DeFi.
This impact is also evident in the exponential year-to-date returns on investment witnessed in the governance tokens; of major decentralized oracle providers; Band Protocol (with its BAND token) and Chainlink (with its LINK token) when compared with Bitcoin.
The largely increasing popular hybrid DeFi protocols that provide decentralized networks while shunning volatility, work by linking crypto assets to conventional financial systems particularly those pegged to the US dollar.
Risks Of Using Oracles In DeFi
The oracle problem and latency are the biggest risks of running oracles on a blockchain. Problems arise due to a trust conflict that centralized third-party systems introduce to smart contracts and blockchain systems that are decentralized. Since the data provided by oracles is directly fed into the smart contracts, which works according to this data, it is clear that oracles hold hierarchical power in the operation of the smart contracts.
As a result of these immense implications, it is vital for DeFi apps and protocols to have oracles that have reliable data coupled with little to no latency. Generally, oracle solutions can be classified into secure but slow and fast but insecure categories. The second category applies to the decentralized oracles since they have low latency rates.
Due to a vulnerability to different game theory attacks, most of the DeFi applications operate on centralized and semi-centralized oracles. A majority of the decentralized oracles utilize the ShellingCoin mechanism. In this case, independent sources report the data without coordinating with any other sources. Since this contact is absent, these sources/agents report “true” data to the best of their capabilities while they expect other sources to do the same.
This mechanism is known to be vulnerable to many problems including collusion between parties, signaling, and also bribing. In the case of a hacker attacking the data feed, referred to as a man-in-the-middle attack; there is no retaliation mechanism set in place. Even one incorrect value can have considerable consequences for the application that relies on the oracle.
Centralized oracles are classified under the “secure but slow” category. When they are pitted against the decentralized oracles, they are robust with elements of game theory. They use manual voting and ‘dispute rounds’ to overcome attacks that try to manipulate their data.
But since these methods comprise of longer wait periods, which last up to several weeks at times; DeFi applications are normally discouraged from using them as their oracle of choice. Nonetheless, despite their protection against game theory attacks, they have counterparty risk; and leave a higher chance of effective hacks because of a single point of failure, minimizing the security of DeFi applications in this specific regard.
How DeFi Applications Overcome Oracle Limitations
Robust security based on game theory in disputes can provide multiple potential solutions to the oracle problem. As witnessed in the security lapses of Synthetix and bZx, blockchain oracles are vulnerable to attacks from many rogue hackers; that want to exploit the pricing anomalies by making oracles their target.
Oracles are exposed to these attacks since they are, theoretically speaking, out of the consensus mechanism of the blockchain. Therefore, the security mechanism of the blockchain does not apply to them.
Spearheading the domain of oracle development are platforms like Band Protocol, Chainlink, and Compound, with its Open Price Feed. Chainlink has already partnered with giants like Gartner, China’s Blockchain Service Network, Google, Binance, and Oracle Corporation. It is also in talks with SWIFT, a global standard for communications between financial entities.
Most Popular DeFi Protocols Running Oracles
Open lending and borrowing protocols like UniSwap, MakerDAO, Aave, and Compound use oracles to get external data while operating on the Ethereum blockchain.
MakerDAO is among the most popular DeFi open lending protocols, and its Dai token is pegged to the US dollar and backed mainly by crypto assets. MakerDAO uses an oracles module that determines the real-time price of digital assets. The module comprises of whitelisted addresses of oracles and an aggregator contract.
The oracles send periodic price updates to an aggregator that finds a median price that can then be used as a reference price on the platform.
Compound, on the other hand, is a money market protocol that enables users to earn interest and borrow assets against collateral. Just like MakerDAO, Compound also uses oracles to gather price information that is later forwarded to its price feed. It is managed and controlled by ‘administrators’ that are holders of COMP, Compound’s native token.