Understanding Vulnerabilities and Safeguards in Blockchain Oracles

In the presentation below, Sasa Milic, an independent researcher, presented on oracle hacks that have occurred in the past two years and the various conclusions that can be drawn from them.

Below is a glossary of key concepts mentioned during Sasa’s talk, intended as a supplement to her video presentation.

WHAT IS A BLOCKCHAIN ORACLE?

Native blockchain data (e.g., ownership and transfer of tokens) are validated by every node in the network. This validation process makes the network tamper-proof (except in the case of a 51% attack). However, a consequence of this tamper resistance is the limited access to external data sources, since such data—and its transmission—can be easily tampered with.

To create complex blockchain applications—beyond simple token transfers—you need access to external data. For example, most decentralized finance (DeFi) applications require price data (e.g., to get a strike price or keep a stablecoin pegged to 1 USD). Indeed, asset prices are still the most common type of data generated and processed by blockchain oracles.

WHAT ARE ORACLE HACKS?

Oracle hacks occur when attackers exploit vulnerabilities in the design or implementation of Oracle networks. In such a hack, the attacker usually manipulates the oracle to feed incorrect data into a blockchain contract. This often leads to funds being erroneously transferred, typically to the hacker’s account. The core of these attacks lies in compromising the data integrity that smart contracts rely on, resulting in financial losses or other disruptions.

At the beginning of her presentation, the speaker clarifies that most of the losses attributed to Oracle hacks are actually due to market manipulation attacks rather than a flaw in the Oracle design. Sasa divides Oracle hacks into two significant categories: statistical/data errors or errors in integration.

CONFIDENCE INTERVALS

Confidence Intervals refer to a range of values used to estimate the true quantity of a particular parameter. These values are accompanied by a percentage, typically ranging from 95% to 99.9%, that represents the degree of confidence in that interval.

An example of a confidence interval is an estimate of the price of Bitcoin as [$29,504, $29,507] with a 99% confidence level which means that the publisher is 99% confident that the price of Bitcoin at that time will fall between the given values.

Some oracle protocols, like Pyth, require price publishers to provide a confidence interval report to build transparency and confidence.

OUTLIER DETECTION AND REMOVAL MECHANISMS

Outlier detection, also known as anomaly detection, refers to the various techniques and processes used to identify and eliminate outliers in data. Outliers refer to data points that significantly deviate from the data pattern. For instance, if an oracle provides price data to be $100, $101, $200, $99, $102,$10, and so on, $200 and $10 should be flagged as outliers.

Outliers are identified by applying statistical methods to remove data points that exceed pre-defined boundaries. Outlier detection mechanisms are crucial because they improve data integrity and reduce biases, though the speaker questions their effectiveness in the context of oracle networks.

ORACLE AGGREGATION FUNCTION

Oracle Aggregation Function refers to an algorithm that plays a crucial role in improving the quality of oracle data by combining multiple data inputs from different oracles into a single, aggregated value.

Some of the most popular algorithms used are Median Price Value, Volume-Weighted Average Price (VWAP), and Time-weighted Average Price (TWAP). The last two are becoming increasingly popular because they are more manipulation-resistant. VWAP calculates an average price based on trading volume, where sources with larger trading volume weigh more than others, while TWAP calculates an average price based on time intervals.

This article on Chainlink’s blog details the differences between TWAP and VWAP price aggregation.

DISPUTE PERIODS

Dispute periods are specific time frames during which participants can challenge the validity or accuracy of data provided by oracles. It is a natural step after data aggregation to resolve suspected technical errors, inconsistencies, or manipulations.

These disputes are eventually resolved through voting or an arbitration protocol like Kleros. Chainlink 2.0 is an example of a two-tiered oracle network that has a second layer for dispute resolution.

SANITY BOUNDS

Sanity bounds, also known as sanity checks, are pre-defined thresholds or limits used to validate the data provided by oracles before it is accepted for aggregation. It is an example of outlier detection mechanisms utilized by protocols.

These bounds ensure that the price data falls within reasonable and expected ranges. If the data provided by an oracle lies outside the sanity bounds, it is considered invalid and is not included in the aggregation process. This article discusses the use of sanity bounds as a manipulation mitigation method for price oracles.

Connect with Sasa Millic:

LinkedIn
Twitter
Medium
Youtube

The Blockchain Oracle Summit is the world’s only technical summit that dives deep into the use cases, limitations, and impacts of oracles on the wider blockchain ecosystem. Leading speakers worldwide gathered in Paris to share their work and experience building and using oracle solutions. Article by Michael Abiodun.