Cryptohacks: Oracles – The Invisible Backbone Of DeFi And Applied Blockchain Apps

Listen to this article

Over the past 18 months, decentralized finance (defi) has become a thriving alternative to the legacy banking system – an open, trustless sector whose near $200bn valuation rivals the GDP of many nation states. If ranked on this basis, defi currently sits just outside of the top 50. 

The decentralized applications (dApps) that spread like endless tentacles through the defi landscape allow anyone in the world to permissionlessly lend, borrow, save, trade, and more using digital assets – all they need is an internet connection and a compatible Web3 wallet. The days when one had to make an appointment with a bank manager to open an account or apply for a loan seem to belong to antiquity.

Much of the credit for defi’s meteoric rise goes to the Ethereum blockchain and its smart contracts, self-executing agreements that eliminate the need for a third party. If Ethereum represents the building where the transaction occurs, smart contracts are the name above the door: no smart contracts, no defi. For this reason, they are often described as the backbone of the industry. Yet, there’s a second and perhaps equally important piece of the infrastructure puzzle that makes defi possible: oracles.

Oracles: Why Blockchain Needs Them

Whether it’s lending markets, decentralized insurance products, liquidity aggregators, derivatives protocols, algorithmic stablecoins or something else, the vast majority of defi apps rely heavily on oracles, middleware entities that connect smart contracts to resources outside of their native blockchains. Without oracles, blockchains are like computers without internet access – valuable but largely impotent on the connected and interoperable front.

Often referred to as hybrid smart contracts, the combination of blockchains (immutable on-chain code) and oracles (secure off-chain data) creates a powerful synergy that sets the stage for advanced blockchain applications. Oracles enable formerly enclosed networks to consume reliable external information and interact with legacy systems, resulting in smart contracts that can react to real-world events and integrate with established business processes.

Oracles are more than just data feeds that connect smart contract networks such as Ethereum to valuable off-chain information. As well as responsively fetching external data (typically up-to-date price feeds) and delivering it on-chain, they represent a filtration system that verifies the trustworthiness of such information – a critical role when external inputs trigger the automation of high-value transactions.

While Ethereum remains the market-leading defi blockchain, it has at times suffered from serious network congestion and skyrocketing gas fees to process transactions. When the cost of obtaining the most recent price data gets prohibitively high, low-cost alternatives – Binance Smart Chain (BSC), Algorand, Solana, etc., start to look more appealing.

The Great Oracle Arms Race

One person who recognizes the need for reform in oracle transaction processing is Ruitao Su, co-founder of Polkadot’s liquidity hub Acala.

In a recent appearance on the ZK Podcast, he explained: “When the Ethereum network is congested, oracle transactions are actually competing with all other transactions out there. So what we do with Acala is, we think oracle transactions are very important. It should be prioritized and it shouldn’t be liable for typical gas costs, because the oracle providers are actually contributing to the network. We should be incentivizing and rewarding them instead of charging them gas fees.

“So that’s why we took this customizability and said, oracle transactions on Acala will be free. Once you get listed and you are an oracle contributor, you can submit price feeds on the blockchain for free.”

Acala operates a network of oracle node operators, aggregates multiple external price feeds, and provides a medianized reference price. Last month, the platform integrated Chainlink, the most widely used decentralized oracle network (DON) in defi, to power the launch of its parachain.

As with blockchains, competition between oracle providers is fierce: virtually all networks profess themselves to be the safest, most user-friendly, and easiest to integrate. If Ethereum leads the defi race, Chainlink is in pole position among oracles at present, with over $40 billion worth of smart contract value secured by its network.

“Tens of billions of dollars are secured by Chainlink across the leading defi, lending and gaming protocols, across multiple chains throughout the blockchain industry,” says the company’s Co-Founder Sergey Nazarov, “In some chains that are focused on defi, we secure as much as 90 percent of their value locked within dApps.”

A chain-agnostic platform with its own Top 20 native asset (LINK), Chainlink’s oracle infrastructure features a network of independent, Sybil-resistant nodes that harvest data from a range of off-chain sources, before validating it via what’s known as the Chainlink Aggregating Contract. LINK tokens, meanwhile, are used to pay node operators for their work, with prices set according to market demand for the data itself.

The First Product-Market Fit: Price Feeds

For many, oracles are synonymous with their first product-market fit application – price feeds – which are commonly used in defi transactions, particularly those related to loan issuance, derivatives, and stablecoins. 

Protocols such as Maker, for example, depend on a price feed to determine the value of the underlying collateral backing the asset. Oracles also provide data about the market price of collateral assets in Maker Vaults, enabling the platform to know when to trigger liquidations. 

In this sense, oracles can function as autonomous auditors, monitoring for fraudulent activity in real-time. A swathe of stablecoins – Paxos’ PAX, TrustToken’s TUSD, and even BitGo’s Wrapped Bitcoin (WBTC) – leverage oracles to prove the collateralization of their tokenized assets, ultimately protecting users from fractional reserve practices or black swan events.

As the more traditional commodities come onto blockchains (tokenized stocks, oil, precious metals, etc), proof of reserves is likely to become a necessity for asset issuers.

“Without the external financial market data that oracles provide, you can’t really build defi,” explains Sergey Nazarov, “Most of defi is built using the ‘hybrid smart contract’ model, which combines on-chain code and off-chain systems using oracle networks.”

Clearly other blockchains developers are singing from the same hymn sheet. No sooner had Cardano launched smart contracts than its Chainlink integration was announced. Ava Labs President John Wu, meanwhile, says many defi projects building on the Avalanche blockchain remain “in integration mode, waiting for functionality such as oracles.”

Although there is little to stop smart contract developers from designing their own oracles or querying freely available data feeds, cautionary tales abound: on several occasions defi protocols have lost millions of dollars due to unaudited, centralized oracles being compromised by sudden shifts in market liquidity or flash loan exploits. In the latter scenario, bad actors cleverly manipulate the price of tokens via flash loans, enabling them to buy said tokens at a vastly reduced rate. If oracles are decentralized, such attacks are far trickier to execute.

Of course, price reference data isn’t the only kind of off-chain information oracles can supply.

The Evolution of Oracles

In its formative phase, the vast majority of dApps have been financial, but that’s starting to change with projects increasingly turning to oracle networks for all sorts of events-based outcomes. For example, oracle networks can power parametric insurance contracts by delivering weather data from Google Cloud or Accuweather to trigger the settlement of a crop insurance claim. Indeed, projects such as Etherisc and Arbol are already using hybrid smart contracts to enable farmers to hedge against weather risk. 

“Last year, nearly two-thirds of global weather catastrophe damages were not covered by insurance programs,” notes Arbol CEO Sid Jha, “Our platform uses smart contracts and immutable climate data to give farms and businesses that would otherwise not have access to weather insurance the ability to take out a policy covering their land or area against risks like excess rainfall.”

In the case of Arbol, oracles report when a certain level of rainfall has occurred, triggering the execution of the smart contract and with it, the client’s payout, all without the need for a subjective loss assessment by an adjustor or protracted claims process.

Oracles are also fundamental to prediction markets. Last year, derivatives exchange FTX offered users the unique opportunity to buy futures contracts according to who they believed would win the US Presidential election: Trump or Biden. Elsewhere, dedicated prediction protocols have sprung up, allowing users to trade the outcome of various events: in fact, users can create their own markets and earn a cut of the trading fees. Oracles, of course, come into play by verifying the result. 

According to Sergey Nazarov, “Data delivery is just phase one for oracle networks. As we outlined in the Chainlink 2.0 whitepaper, oracle networks are rapidly moving beyond data delivery and into the realm of off-chain computation. 

“Essentially, they will power any sort of decentralized service that a blockchain simply cannot do on its own, whether that’s generating privacy, scalability, randomness and more on behalf of smart contracts.”

Chainlink has already started to roll out computational functionality for its oracle networks, with new features like Keepers for automating smart contract functions when predefined conditions are satisfied, Off-Chain Reporting for scalable, low-cost data aggregation, and Verifiable Randomness Function (VRF) for generating provably fair random numbers. The latter has been utilized by a slew of NFT projects such as EtherCards, where verifiably random NFT drops are deemed necessary to ensure fair community distribution.

And what of the future? According to Ethan Illingworth, Head of Blockchain for decentralized cloud computing network CUDOS, the data feeds of tomorrow will easily surpass those we see today.

“Fewer points of failure, more richness of data,” says Illingworth, “Oracles will become more decentralizable and thereby secure as technologies improve, while the data they serve from the off-chain world will grow in both volume and complexity due to base-layer throughput improvements and scalable compute chains.”

A New Standard for Cross-Chain Interoperability?

With evolution in mind, Chainlink has introduced plans for its Cross-Chain Interoperability Protocol (CCIP), a new standard for decentralized inter-blockchain messaging, data, and token movements that would run atop the eponymous network. 

The company also released details of a Programmable Token Bridge that leverages CCIP, enabling developers to transfer tokens across blockchains in a highly secure way. The first confirmed user will be $16 billion lending giant Celsius, which will use the protocol to participate in defi across multiple chains.

“Interoperability between smart contracts that all run on Ethereum has been a major source of innovation in defi,” notes Nazarov, “With CCIP, blockchain applications will be able to interoperate across chains, creating cross-chain smart contracts which we believe will open the doors for all sorts of new and exciting cross-chain defi use cases.”

Interoperability is a goal of rival oracle service Umbrella Network too, having just launched on Ethereum, the community-owned, layer-2 platform has developed a cross-chain bridge to connect Ethereum and Binance Smart Chain (BSC), giving users the ability to transfer assets between both networks. 

“As we expand into other chains, we’re going to essentially have a cross-chain messaging component that will allow the transfer of data and assets,” explains Umbrella’s Head of Marketing John Chen.

Back To The Future

Evidently decentralized finance depends on more than just blockchain, with smart contracts and data oracles representing two indispensable pieces of the puzzle. Of course, it’s also up to individual projects to design applications that people wish to interact with.

Although speculation has been the predominant defi use case thus far, the advent of gamified finance, not to mention blockchain-based insurance, prediction markets, governance, supply chain management and digital identity, hint at an exciting future. 

Teams who overlook the necessity of oracles may be in for a rude awakening. As the old saying goes, “garbage in, garbage out” – so accessing a dependable data feed is critical for long-term success. Data services providers that overlook oracles do so at the peril of their Web3 existence.