Oracle manipulation is an attack carried out by hackers to change data provided by an oracle. Thus, smart contracts that use it will operate with incorrect data. So, this is the challenge for decentralized finance (DeFi).
Decentralized finance is one of the most exciting innovations in the blockchain world today. With DeFi, we can access various financial services without the need to involve authorized third parties, such as banks, exchanges, or companies. DeFi gives us freedom, transparency and efficiency in transactions.
However, DeFi also has its own challenges and risks, one of which is oracle manipulation. What is oracle manipulation and how does it impact the DeFi ecosystem? Let's look at the explanation in this article.
What is an Oracle and Why is it Important for DeFi?
Oracle is a term used to refer to a system that connects the blockchain world with the real world. Oracle provides the external data that smart contracts need to function properly. This external data can be asset prices, weather information, sports results, news, and so on.
Oracles are critical to DeFi. This is because many DeFi applications rely on asset price data to perform operations such as lending, swapping, insurance, and more.
For example, a DeFi lending protocol needs to know the price of the assets used as collateral or loans, in order to determine liquidation values, interest, and other terms.
However, oracles are also a weak point for DeFi, because the data provided by oracles can be inaccurate, not up-to-date, or even fake. This can happen because the oracle itself is a smart contract that can be manipulated by irresponsible parties.
What Is Oracle Manipulation and How Does It Work?
Oracle manipulation is an attack carried out by hackers to change data provided by an oracle. Thus, smart contracts that use it will operate with incorrect data.
Oracle manipulation is usually done to create arbitrage opportunities, i.e. take advantage of asset price differences across platforms.
Oracle manipulation can be done in various ways, depending on the type and source of the oracle data used. In general, there are two types of oracles, namely on-chain oracles and off-chain oracles.
On-chain oracles are oracles that retrieve data from sources within the blockchain, such as decentralized exchanges (DEXs) or other DeFi protocols. On-chain oracles tend to be faster, cheaper, and easier to integrate, but also more vulnerable to manipulation.
One way to manipulate on-chain oracles is to use flash loans, which are loans made and returned in one transaction.
With flash loans, hackers can borrow large amounts of assets from a DeFi platform. Then, hackers use it to influence asset prices on other platforms used as data sources by oracles.
Once an asset's price changes, hackers can exploit the price difference to gain profits from other platforms that use the same oracle. Then, the hacker returns the flash loan and leaves a net profit.
One example of an on-chain oracle manipulation case is the Harvest Finance hack in October 2020. In this case, hackers managed to steal around $24 million from a DeFi protocol that provides lending and yield farming services.
The hacker used a flash loan of $50 million from another DeFi platform. Then, the hacker used it to change the price of USDC and USDT on the Curve exchange, which is used as a data source by the Harvest Finance oracle.
Meanwhile, off-chain racles are oracles that retrieve data from sources that exist outside the blockchain, such as centralized exchanges (CEXs), websites, or APIs. Off-chain oracles tend to be more accurate, trustworthy, and diverse.
However, these oracles are slower, expensive, and difficult to integrate. One way to manipulate off-chain oracles is to attack the oracle nodes that are tasked with retrieving and sending data to the blockchain.
By attacking an oracle node, hackers can disrupt, change, or delete the data sent by the node. Thus, smart contracts that use it will receive incorrect data.
Hackers can also try to control the majority of oracle nodes in a network, thereby deciding what data to send to the blockchain.One example of an off-chain oracle manipulation case is the bZx hack in 2020.
How to Prevent Oracle Manipulation?
Oracle manipulation is a real threat to the DeFi ecosystem. Because, this could cause huge losses for DeFi users and developers. Therefore, it is important for us to prevent and overcome oracle manipulation in the following ways:
Choosing the right oracle
Not all oracles are suitable for all purposes. We have to consider factors like speed, cost, security, and availability of data provided by the oracle. We must also choose an oracle that is reputable, transparent, and verified.
Using decentralized oracles
A decentralized oracle is an oracle consisting of many nodes that communicate with each other and reach a consensus on the data to be sent to the blockchain.
Decentralized oracles are more difficult to manipulate, because hackers must attack a large number of nodes to change the data. Examples of decentralized oracles are Chainlink, Tellor, and Band Protocol.
Using oracle which has security mechanisms
An oracle that has a security mechanism is an oracle that has features that can prevent or detect manipulation, such as time limits, deviation limits, volume limits, and others.
Oracles that have security mechanisms can reduce the risk of losses due to manipulation, because they can cancel or warn suspicious transactions. Examples of oracles that have security mechanisms are Uniswap V2 and UMA.
Using oracles that have economic incentives
Economically incentivized oracles are those that reward or punish oracle nodes based on their performance and honesty. Oracles that have economic incentives can increase the motivation and accountability of oracle nodes.
This is because they will gain profits if they provide correct data, and lose profits if they provide incorrect data. Examples of oracles that have economic incentives are Augur, Witnet, and Kleros.
Read also:
What are Nodes and How They Work in Blockchain
What is the Interest Rate in Defi?
What is the Interest Rate in Defi?
What is a Decentralized Exchange (DEX)?
DISCLAIMER: This article is informational in nature and is not an offer or invitation to sell or buy any crypto assets. Trading crypto assets is a high-risk activity. Crypto asset prices are volatile, where prices can change significantly from time to time and Bittime is not responsible for changes in fluctuations in crypto asset exchange rates.
Comments
0 comments
Please sign in to leave a comment.