Promise and Problems of the DeFi Oracle — When Data Fails
Decentralized Finance (DeFi) has had a meteoric rise over the last year. This spectrum of protocols and projects all hinges on the ability of code to replace trust. However, what happens when the data fails?
In the world of traditional finance, we typically rely on the banking system as an intermediary to execute our business. Companies constitute the networks that do business with banks to provide services to consumers. These companies’ industries include investing, credit, debt, money markets, lending, and insurance.
As a result, trust in these companies and banks is central. A customer deposits money and trusts that it will be there. The law enforces the bank’s obligation to make sure that the funds are already in the account.
When it comes to DeFi, there is no need to trust a third party, and all the profits can be pocketed by the user. The trust is secured by a piece of code on a blockchain, called a smart contract.
A brief refresher on smart contracts
The Ethereum blockchain is home to most DeFi protocols. Smart contracts are a program that sits on this blockchain.
The code for the smart contract allows financial transactions to occur based on conditions and rules contained within the smart contract’s code independently.
They offer significant potential to redefine the way independent entities engage in contractual agreements and exchange value. The agreement may involve any number of actions. Although the most common is releasing funds to appropriate parties under certain conditions.
The vending machine metaphor
In 1997, computer scientist Nick Szabo proposed a vending machine metaphor for a smart contract.
He explains that you can guarantee specific outputs with the right inputs, much like a vending machine where you input money and the right number, releases the desired snack.
A software program captures the logical relationship between inputs, actions, and sometimes outputs. Anyone can write a smart contract and deploy it to the network, although it does cost gas. According to Chainlink, over 90% of smart contract applications require some type of external data to be useful.
Currently, Application Programming Interfaces (APIs) enable access to the world’s data. These APIs enable insights as to how the world works. Without this data, smart contracts would have only limited on-chain applications.
Financial smart contracts need market information to determine settlements, insurance-related contracts need data from internet of things (IoT) nodes, and web data to determine how, when and to whom pay-outs should be made.
This is where oracles come in. They allow smart contracts to interact with off-chain APIs.
What is an oracle?
An oracle acts as a trusted, off-chain, real-time source of data that a smart contract requires to execute an action on the blockchain. The API supplies this real-time data. It can be provided by companies like Coinbase and Binance.
Blockchains are built to be entirely deterministic. Consensus is how the blockchain agrees on what the state of a data value is after a transaction. If one traces all transactions from the first block of the chain to the current chain, one should find that the blockchain state after the last block is added is the same as the blockchain state after the first block.
Sometimes, when APIs are used, each node in a blockchain can be in a wildly different state, depending on how the API interacts with that node. Therefore, procuring data via APIs has implications for determining of data on the blockchain. This is where oracles come in.
Oracles enter data on a blockchain through an external transaction, ensuring consensus on the blockchain. An oracle will get the API and then report it on-chain as a transaction.
This makes oracles vital to the process of executing and ensuring smart contracts. Oracles query and authenticate the external data used to commit smart contract conditions. Some even verify this data as well, although this isn’t universal.
“For many protocols in which price feeds are important, DeFi oracles end up becoming one of the lifebloods of the protocol, as they provide qualities like high reliability and real-time price data that in turn helps the platform operate much more efficiently and in a more trustworthy way,” says Kevin Tai, Co-Founder of Linear Finance.
“That being said, there are also different qualities of oracles, and not all are built the same,” he says.
Building consensus on the blockchain
However, oracles are not perfect and inscrutable. The whole premise of blockchain is decentralization and removing a central point of failure. This failure is often from an institutional third party.
By using oracles that procure data from sources that are often centralized, it seems that oracles can nullify the whole point of using a blockchain. If a centralized oracle is corrupted, then the data being delivered on-chain may be incorrect and lead to smart contracts giving very different outcomes.
Think of Szabo’s vending machine example. Suppose the vending machine registers a higher amount than what is deposited. In that case, it will allow dispensing of something more expensive, causing a discrepancy with the stock levels and the money in the machine.
In the case of the vending machine, there may be some recourse, as there is a company that operates the vending machine. Blockchain transactions are immutable and irreversible, so there is no recourse in the event of an incorrect outcome.
A variety of oracle options
The examples above also highlight the range of Oracles on offer. Each iteration offers a different degree of centralization. These are centralized oracles, distributed multi-sig oracles, DPos oracles, prediction market oracles, and decentralized oracles.
A centralized oracle is where a single third party provides the data. This brings with it faster data acquisition but a central point of failure. If the third party censors data or goes out of business, the smart contract can be left with no data.
The distributed multi-sig oracle provides the smart contract with data from multiple whitelisted sources, on which any central tendency statistical operation (median, average, mean, et.) can be carried out. However, this is still susceptible to manipulation.
The Dpos oracle system is where whitelisted staked nodes can provide data. However, they run the risk of losing their stake if the oracle provides lousy data. They can be incentivized to provide good data, but collusion between nodes must be prevented.
A prediction market oracle is where participants vote on the correct outcome by placing a bet on it. It works if 51% of participants are honest and don’t want to lose money. This is less likely to result in manipulated data than a centralized oracle.
However, in a betting scenario, an oracle can be bribed, become a user themselves, and rig a bet’s outcome such that it is in their favor.
“However, these Oracle types, like the Optimistic Oracle from UMA, rely on the economic guarantee that the cost of corruption or bribery is always higher than the profit from corruption,” says Chandler De Kock, Growth Strategist at UMA.
When oracles fail — some notable examples
There have been some notable incidents involving unexpected smart contract behavior due to issues with data provided by the oracle.
In November 2020, DeFi exchange Compound lost $89 million via a liquidation action (loans sold at a discounted rate) executed by a smart contract.
Compound’s platform allows users to lend cryptocurrency to other people. To borrow crypto, a user must put up collateral greater in value than the amount they borrow. If the blockchain notices that the collateral has suddenly become undercollateralized, then the smart contract forces the loan to be liquidated.
In the case of Compound, the principal factor contributing to this liquidation was oracle data obtained from the oracle CoinbasePRO. It fed the smart contract the price of DAI at $1.3. The normal price of DAI is around $1.
To understand what caused the liquidation, a hypothetical scenario is helpful. If someone took a loan for $100 when DAI was $1, and the value of DAI suddenly increased to $1.3, the amount borrowed would increase to $130. If the person overcollateralized, that is, put up collateral higher than the amount borrowed, say $125, then the customer would get liquidated.
Many users experienced this during the Compound incident, resulting in the mass liquidation. In this situation, there was no clear evidence that the price was manipulated. However, it is technically possible that a malicious actor fooled the smart contract into thinking that the price of DAI had shot up to $1.3.
A lesson from Synthetix
Another example is the 2019 oracle malfunction that affected the DeFi platform Synthetix. Almost lost $1 billion as a result of incorrect data reporting.
Synthetix exposes users to the prices of assets typically considered outside the crypto space, such as fiat currencies. The platform relied on multiple off-chain oracles that were periodically updated on-chain to solicit aggregated fiat currency pricing data.
In June 2019, one of the off-chain oracles supplying data for the price of the Korean Won reported the wrong price. This incorrect price was 1000 times higher than the actual price.
Since only two price oracles were available for the Koren Won, and data between oracles are aggregated to minimize the effect of outliers. As a result, the aggregation was not able to resolve the higher price into something closer to the actual price.
A bot designed to spot and exploit anomalous prices performed transactions totaling $1 billion in turnover. However, the bot was not designed for malicious purposes but for regular trading procedures, and the owner agreed to return the funds.
The future of the oracle
Despite the noted failures of oracles across the space, they play a crucial role in smart contracts’ wide and varied use.
“It is challenging and costly to build and maintain oracles, yet we as an industry cannot exist without them,” says Leo Cheng, Co-Founder of C.R.E.A.M Finance.
While there is often no way to predict where the DeFi space is headed, improved decentralization of oracles is a pretty good assumption. It is attractive because it aligns with the central values of DeFi and somewhat removes issues currently found in the space.
So far, these oracles have proven slow, expensive, and difficult to implement. This is because it is difficult to decentralize the process through which off-chain data makes its way onto the chain.
However, it is likely that these issues will be resolved gradually over time. Eventually improving the safety and experience of DeFi, as it attempts to make its way into the mainstream.
Back to the list