Blockchain systems are, by nature, purely deterministic in providing the cryptographic properties that ensure their functionalities. Without real-world data, our decentralized systems would be extremely limited, unable to provide many use cases, upon which the Web3 world is focused. It is here that the commonly known “Oracle Problem” comes into play, bridging the real world to decentralized networks, through the intermediaries known as Oracles.
Working with an oracle is, for most businesses, a compromise between the trust inherently born of the blockchain, and the external world and it’s uncertainty. Choosing the right Oracle can make this compromise less hefty, with certain trade-offs to make around performance, security, centralization, and more.
What an Oracle does
Smart contracts inherently lack the capability to readily access data sources beyond their native blockchain environment. This design principle prevents non-deterministic behaviors, which would otherwise compromise the reliability of the chain itself. Without external data inputs, however, smart contracts find themselves limited as to their computation capacities, thus a special kind of contract is required: the Oracle Contract.
The Oracle Problem
The Oracle Contract fundamentally communicates information through an external third party. This process of data retrieval now requires a degree of trustworthiness and security, this is crucial to prevent malicious data from compromising the integrity of smart contract outcomes. Thus, while it is possible for everyone to develop an Oracle, a certain degree of reputation is usually required to maintain an actual service provider.
Reputation, in this context, refers to the perceived trustworthiness of oracles and data sources, it can be measured by an aggregation of metrics, such as: performance, quality, and degree of decentralization. Several Oracles assign numerical values to oracle nodes to help identify their “reputation”, which often affects the amount of work that specific oracles are assigned, their voting power in decentralized systems, or even, reduced their rewards and/or stake.
The Polkadot Advantage
Parachains in the Polkadot ecosystem are built with the Substrate blockchain framework, which additionally allows that oracles are directly integrated into the logic of the blockchain (also known as the ‘chain runtime’) instead of adding them as a third party smart contract project. The direct integration is more efficient and allows for better interoperability with other direct runtime components such as AMMs, bridges or core building blocks of the blockchain.
Oracles in the Substrate and Polkadot ecosystem, are actually further integrated into the runtime. Instead of being an exception to their smart contracts, Substrate oracles are an essential focus of the Parachains. Thanks to this integration, these oracles are more efficient, and are able to provide computations beyond the capabilities of traditional smart contracts
Oracle Centralization
Part of the risks of using an oracle comes from the problems associated to having a centralized entity manage your data. If your oracle provider belongs to a single individual, or organization, you incur into a single point of failure: what happens if the provider goes down, or possibly worse, manipulates your data?
A centralized oracle can become a great security issue. If that is one of your concerns, you might want to explore decentralised solutions: decentralised oracles agree on the value of your data through consensus mechanisms, not unlike those your blockchain uses. It’s worth noting that the introduction of consensus might (especially in the presence of malicious actors) affect the performance, and thus the speed, at which new values are delivered to your smart contracts.
Choosing different types of Oracles can have an impact on your use case, what are the sources of the data coming from? Who can verify these sources?
Remember to always keep an eye out for the Transparency of the data, can the oracle provide their sources? how easy is it for you to verify the origin of the data? how is this delivered, what computations are handled by the service, and what computations are handled by the oracle?
Additional criteria for oracle definition
Commonly, an Oracle is a special type of smart contract that can communicate with the external world (e.g. Chainlink’s pallet) and does so in one of two ways:
Synchronously
The Oracle periodically receives data from the off-chain service and immediately provides the most recent value to Smart Contracts requesting the data
Asynchronously
In contrast to the synchronous oracle is its asynchronous version. In this version, the Oracle will emit an event upon receiving a request. The Service, upon observing the emission of the Oracle will update the Oracle contract with the most recent value.
Regardless of how they receive the data, Oracle contracts do not usually perform any computation to save up on gas costs, and instead directly return the data to the Smart contract that required it. How the Oracles return the data can vary a lot, it could use simple Request-Response patterns, or develop into more complex systems, such as a Publish-Subscribe mechanism, delivering data to all the Subscribers of the oracle
When choosing an Oracle you might have to make a trade-off between Performance, Security, Costs and Accuracy, achieving consensus on real-time data and constantly delivering updates is prone to increase costs in decentralized oracles, while getting data from single sources of truth makes you vulnerable to manipulation from the data providers. For this reason, in order to navigate this trade-off many projects use custom solutions, multiple oracles, or aggregate the data from multiple sources in their own smart contracts.
Risks
It’s important to acknowledge that the introduction of Oracles brings certain challenges to the Security of any blockchain. A lot of concerns can be raised about the accuracy of an Oracle, how can you guarantee the truthfulness of the values provides? What mechanisms are involved in the provision of their data? When choosing an Oracle, verify their reputation, does the Blockchain you are using provide any incentives for the Oracles? If not, the Oracle might have more to gain by providing inaccurate values.
As you choose an Oracle provider ask yourself, who owns this, and how might they profit from any malicious act?
Often enough, smart contracts can be exploited to create unexpected behaviours, thus creating arbitrage opportunities which can then put you at risk of losing your assets.
Famous attacks on smart contracts include:
- Reentrancy attacks abuse callback methods of smart contracts by calling the same method (i.e. an arbitrary withdraw() method) before the caller smart contract updates their balance, leading to possible multiple payments. Malicious async oracles can abuse reentrancy to increase the gas paid when issuing a request.
- Manipulation attacks abuse algorithms that calculate the price of token pairs (i.e USDT/ETH). By using flash loans to buy huge amounts of one token and drive up, or down, the price of the other, malicious users are able to manipulate oracle prices to get cheaper prices.
There are several example of Oracles being used to manipulate the contracts that use them:
- https://blog.chainalysis.com/reports/oracle-manipulation-attacks-rising/
- https://dailyhodl.com/2023/03/10/crypto-hackers-stole-386200000-from-defi-protocols-via-oracle-manipulation-attacks-in-2022-chainalysis/
- https://www.nefture.com/blog/oracle-exploit-the-go-to-crypto-hack-in-a-bear-market
Some criteria to keep in mind, from here are Security and Reputation.
Criteria for Choosing an Oracle
From what we have seen so far, we can define some key aspect when choosing your oracle:
- Data Accuracy: How reliable and accurate is the data provided by the oracle? Are the data sources dependable or are we at risk of using erroneous data? Which mechanisms are in place to validate the data fed to your smart contracts?
- Performance: How often, and how, are the values in the Oracle updated?
- Security: What measures are in place to ensure the oracle’s data source and transmission are secure? What security measures are in place? What potential breaches are you risking?
- Reputation: What is the oracle’s track record and reputation in the blockchain community? If the Oracle is centralised, what does the owner risk? If the Oracle is decentralized, who are the stakeholders?
- Degree of Decentralization: Is the oracle architecture decentralized to prevent a single point of failure? Is the oracle centralized, and thus in the hands of few individuals, or decentralised, and thus slower but possibly more truthful?
- Transparency: Does the oracle provide clear and transparent information about its operations?
- Cost: Let’s not forget a really important question, what are the financial implications of using a particular oracle?
Different use cases will vouch for different optimizations of these criteria:
- A DeFi platform will want the highest degree of security and accuracy, but this often comes at the cost of performance,
- A Supply Chain management platform will aim at Transparency, Healthcare will strive for Accuracy and Privacy and so on ask yourself which parameters are more optimal for your use case, and focus on Oracles which guarantee those.
Oracle Examples
Based on the mentioned criteria, some commonly known Oracles are:
Chainlink
The chainlink oracle network provides reliable ways for smart contracts to access, and verify, off-chain information. Chainlink nodes are independent, backed by various entities, and thus, not centralised, a reputation system evaluates the performance of the nodes, making sure reliable and consistent nodes build a positive reputation. Along with a network of oracle nodes, comes a network of Data providers, providing a degree of accuracy
You would be wise to consider the Chainlink oracle if your use case focuses on Decentralization, Security, and Accuracy.
Uniswap
Uniswap oracles aim to provide security and decentralization, with a focus on avoiding price manipulations. aimed mainly at decentralized trading, the Uniswap oracles can focus on providing prices in several formats, depending on your use cases
Uniswap can be particularly helpful for use cases requiring Decentralization, Security and Customizability.
Diadata
DIA is an oracle platform specialized in customizable data feeds, with a focus on transparency, customizability, and scalability. DIA collects trading data from several CEX and DEX, which can be delivered on-chain based on customizable triggers. The DIA oracles are mainly focused on trading of assets.
DIA is a strong option if your focus is on Performance, Customizability, and Transparency.
BandProtocol
Band Protocol is an oracle platform with a focus on high-quality, cross-industry oracles.
Band Protocol operates with a global pool of public validators which aggregate data from multiple data sources, oracles and sources can be customized through scripts which refine the desired data feeds. The oracles are optimized towards scalability and heavy computations, allowing for quick throughput.
Band Protocol prioritizes Speed, Decentralization, and Scalability.
Pyth
Pyth Oracles publish financial market data to blockchains in real time. thanks to high-fidelity data sourcing, the data coming from the network is reliable and accurate, while being up to date with the financial markets. Data providers are incentivised to participate from the tokenomics of the network.
Pyth Oracles focus on Accuracy, Throughput and Cost.
Conclusion
To Conclude, we hope to have refreshed the concept of Oracles and the significant role they play in the Web3 ecosystem, bridging the real, data driven world to the deterministic environment of blockchain. The information provided by these intermediaries provides essential information to smart contracts, without which, the ecosystem would soon collapse.
Oracles come in various forms, providing different strengths and weaknesses which are tailored to different use cases. With the immense benefits of Oracles, come great risks and challenges such as truthfulness, accuracy, and security, to name a few. In our rapidly evolving landscape, a deep understanding of the role of oracles is, and will continue to be, essential in the years to come.
About Amplitude
Pioneering the internet of fiat. Amplitude is the sister network of Pendulum on Kusama. It will act as a testing ground for Pendulum applications and network parameters and be powered by the AMPE token.
About Pendulum
Building the missing link between fiat and DeFi through a fiat-optimized smart contract blockchain based on Polkadot’s Substrate. Allowing traditional finance fiat services to integrate with DeFi applications such as specialized forex AMMs, lending protocols, or yield farming opportunities. Developed by SatoshiPay.
Keep your eyes on the Pendulum!
Website | Twitter | Telegram Announcements | Telegram Community | Discord | Docs |
