Decentralized finance (DeFi) has become one of the most successful applications of blockchain and is widely regarded as the future of finance. DeFi's enormous success is based on real-world data that is not directly available on the blockchain. Furthermore, since a blockchain is deterministic, it cannot directly obtain in-deterministic data from the outside world (off-chain). As a result, oracles have emerged as a viable solution for supplying off-chain data to blockchain applications. This study conducts a thorough examination of DeFi oracles, starting with introducing DeFi oracle application scenarios, then moves onto characterizing them into several types based on their design factors. Finally, it analyzes and address the security aspects of oracles in DeFi and explores the risks associated with oracles, such as data inaccuracy, centralization, manipulation, and oracle failure, and proposes solutions to mitigate these risks by focusing on the Chainlink network.
TopIntroduction
An oracle is a third-party service or technology that helps integrate off-chain data with on-chain smart contracts in DeFi. Oracles are necessary to enable DeFi protocols to interact with the outside world because the blockchain is only capable of processing and verifying on-chain data and cannot access off-chain data sources. For example, Price Feeds: a limit order in a cryptocurrency trade, in which a person writes a smart contract to automatically sell an Ethereum (a cryptocurrency) token when the price reaches a certain target level. This contract requires access to real-time Ethereum prices in order to function. If the data obtained is inaccurate or not obtained in a timely fashion, it could lead to huge losses for a trader. Now ideally, this could have been easily solved by querying the REST API of some financial exchange. But the problem is in maintaining determinism, which is important so that different nodes that execute the contract can come to a consensus. In this case, allowing the smart contract to query the price off of the internet would result in disparities in values across nodes, making consensus impossible. The solution: an Oracle is made to provide accurate and reliable price data from external sources such as cryptocurrency exchanges as an external entity and post the data on-chain. Once the data is on the blockchain, smart contracts can access and use it. Here we suggest a potential trust architecture, a few promising building blocks for trustworthy DeFi oracles, and a set of metrics for designing security-centric oracles which aim to address its associated risks by focusing on security and reliability as their primary design goals.
There are several different types of oracles used in DeFi, including centralized oracles, decentralized oracles, and hybrid oracles that combine elements of both, all of which face the following common issues:
- a)
Centralized oracles rely on a single source of data and can be subject to a single point of failure or manipulation and hence is subject to a substantial cybersecurity threat landscape.
- b)
Whereas, decentralized oracles use multiple sources of data and consensus mechanisms to provide more secure and reliable data feeds. This dependence on a broad spectrum of data providers again introduces the possibility of an adversarial attack, in which an adversary bribes existing nodes or establishes nodes to produce a corrupt report. Collusion among Oracle nodes could also be problematic.
- c)
Oracle Failure: This can happen for a number of reasons, including network congestion, hardware failure, or human error. Such failures can lead to incorrect data being sent to smart contracts, resulting in significant financial losses.
- d)
Lack of Standards: The lack of standards in the DeFi ecosystem makes it difficult for developers to implement secure and reliable oracle systems. The absence of clear guidelines on how oracles should be integrated with smart contracts and data sources can lead to vulnerabilities.
TopBlockchain oracles are middleware entities that connect smart contracts to external data sources, such as market prices, weather information, sports outcomes, and so on. Oracles are essential for enabling smart contracts to interact with the real world and execute complex logic based on various inputs. However, oracles also introduce challenges and risks for the security and reliability of smart contracts, especially in decentralized finance (DeFi) applications that involve large amounts of value.
One of the main challenges of blockchain oracles is how to ensure the trustworthiness and quality of the data they provide. Depending on the source and type of data, oracles may be subject to manipulation, corruption, or inconsistency. For example, a malicious oracle may feed false data to a smart contract to trigger an undesired outcome, such as a liquidation or a payout (Caldarelli & Ellul, 2021). Alternatively, an oracle may be compromised by an attacker who gains access to its data feed or its private key. Moreover, different oracles may provide different data for the same query due to latency, network congestion, or aggregation methods.
To address these challenges, various solutions have been proposed and implemented in the blockchain space. Some of these solutions include: