In the presentation below, Dominik Muhs, Senior Security Engineer from ConsenSys Diligence, dives deep into the world of oracles, explaining how they can be broken and what would be required to prevent future manipulations. https://youtu.be/7W1DvBNGKbQ?embedable=true Here are some key concepts highlighted in the talk. What is ConsenSys Diligence? ConsenSys Diligence is the blockchain security and auditing arm of leading blockchain infrastructure provider, . Other than providing auditing services, Diligence has also released a range of blockchain security analysis tools to help developers examine their own smart contracts for any vulnerabilities prior to deploying them. ConsenSys Some of these tools include , and . Before joining Diligence, Dominik played a key role in the development of , a service that automatically breaks smart contracts on EVM chains, which formed the basis of MythX. Since 2020, Dominik has specialized in security testing and oracle manipulation. MythX Scribble Harvey Mythril At the beginning of his presentation, Dominik briefly runs through the different components that make up an oracle system. He references his presentation from Day 1 of the Blockchain Oracle Summit, where he dissects the various parts of an oracle system, based on written by his ex-colleague and current CTO of Ether Capital, Shayan Eskandari. this research paper For more from Shayan & Dominik’s talk, check out the recording . here Types of oracle data and their use cases: Dominik then provides some examples of the different types of oracle data that are available, as well as the relevant use cases. Some of these examples are listed below: Parametric insurance, such as makes use of smart contracts and real-world data to automate parametric insurance payouts. Watch by Etherisc CTO, Matthias Zimmermann on their use of oracles to provide decentralized insurance services. Flight delay & weather data: Etherisc’s insurance products this PRNG is an algorithm used to create a sequence of random numbers to be used in computer programs. (Verifiable Random Function) is an example of a blockchain random number generation service. It allows smart contracts to use cryptographically verified random values to power a variety of interesting use cases. Examples of these use cases include DeFi lucky draws, gaming, and NFT creation. Pseudorandom number generation ( ): PRNG Chainlink VRF Most DeFi applications require a stream of aggregated price data in order to settle financial contracts on-chain. Price feed oracles are used to provide real-time market data of assets like cryptocurrencies, commodities and FIAT currencies. An example of a price feed cited by Dominik, is the , which calculates the time-weighted average price (TWAP) of assets in a given . For more information, check out by ex-Uniswap Protocol Partnerships Lead, Connor Martin, who played a key role in developing the V3 oracle library from Day 1 of the Blockchain Oracle Summit. Token price feeds: Uniswap V3 oracle library Uniswap V3 liquidity pool this presentation Oracle Frontrunning & MEV Explained According to Dominik, one of the major vulnerabilities in oracle systems is the possibility of “frontrunning” due to in relation to oracles. MEV refers to the maximum profit that a miner can derive from inserting, rearranging or excluding certain transactions within the block they are in charge of. Miner Extractable Value (MEV) Users submit their transactions into a , which stands for Memory Pool. They consist of all transactions that are awaiting validation in order to appear within a certain block on-chain. These transactions would also include oracle price updates. Mempools are essentially databases of all pending transactions on the blockchain. mempool In order to extract the most revenue, transactions in public mempools are prioritized by miners based on the fees paid by the user. Therefore, there is the possibility for someone to influence the order of transactions by adjusting the amount of fees paid, also known as “sandwich trading”. In order to carry out a sandwich trade, a user would monitor the mempool for a large enough oracle price update and take advantage of arbitrage opportunities. For example, someone could execute a buy order right before a large price increase, and make a sell order immediately after the price is updated. “Displacement” is another criterion of frontrunning attacks highlighted by Dominik during his talk. According to him, these attacks are more of a threat to other layer 1 and layer 2  networks, where each transaction incurs much lower gas fees, compared to Ethereum. A displacement attack occurs when a malicious actor spams multiple transactions into a block in order to push out or “displace” another user’s transaction from the block. If that particular transaction happens to be an oracle price update, the malicious actor could end up triggering a dispute or slashing an oracle data reporter’s staked assets, for providing “false” data. This is because the price update that was supposed to happen was not allowed to take place within a specific block, thus delaying the oracle price update by a significant amount of time Depending on the oracle system, the malicious actor could also be rewarded for slashing a data reporter, which adds an additional economic incentive to do so. In essence, people would be able to profit greatly from systems that integrate with oracle data that is ‘frontrunnable’, and they can reap additional rewards from the oracle systems themselves by triggering disputes. More information on frontrunning attacks can be found in by ConsenSys Diligence. this article Case Study: Oracle behavior during the LUNA crash According to Dominik, simple, non-technical issues such as not having crystal clear documentation, as trivial as it may seem, can result in protocols being drained and millions of dollars being lost. To illustrate this, Dominik cited the example of the that took place during the chaos of the in May 2022. Blizz Finance exploit Terra LUNA crash With LUNA crashing at an unprecedented rate, Chainlink circuit breakers paused the LUNA price feed at a shade over $0.10. This is because, in DeFi, manipulators of low-liquidity tokens can cause “flash crashes” – dumping the price of a token in order to trick price feeds, exchanges, etc.. To prevent this, Chainlink created circuit breakers that can pause a price feed when a minimum value is reached in extreme market conditions. With LUNA trading under $0.02, exploiters were able to deposit LUNA that the Blizz Protocol still valued at $0.10. Attackers were, therefore, able to drain the protocol of most of their assets before developers could do anything about it. While another affected protocol, Venus, managed to deploy emergency funds to ride out the exploit, Blizz has not been active since May. The project was effectively ended by the erroneous implementation of oracles. Taking Blizz Finance’s at face value, the Blizz team felt the exploit was caused by Chainlink’s oracle pausing. and their supporters were quick to point out that the risks were outlined in their , and that out of the many, many protocols using Chainlink price feeds, only Blizz and Venus were exploited during the LUNA crash. final few tweets Chainlink documentation Dominik, meanwhile, says that while the documentation was there – it was not clear and obvious enough. While the Chainlink oracle acted as it was designed to, users that were unaware of its security features did not benefit at all. Where do we go from here? Dominik ends his presentation with a few words of advice for both oracle developers and users to ensure the safest possible use of oracles, which include; Use decentralized protocols instead of centralized entities Ensure that only the most accurate and high-quality data is being used by paying closer attention to validating oracle data instead of assuming accuracy Set standards for more comprehensive documentation for oracle services and educate users about security considerations, and exactly how to validate data properly Diversify data sources to avoid single points of failure. Get code reviews and penetration tests done as early as possible in the development process. Several things can be done in order for the ecosystem to improve as a whole. Introducing standards and best practices in the way oracle systems are used and developed would make it far easier to evaluate and manage the overall security of these networks. Standardizing oracle use would also help end users avoid issues that arise with the poor integration of oracles, similar to what happened during the Terra LUNA crash. Lastly, with each oracle system having its own approach to solving the oracle problem and different set of trade-offs, more honest communication about how each system is designed, and their true capabilities, would greatly help to improve the information asymmetry and boost the rate of innovation in the oracle space. Learn More Check out from the Blockchain Oracle Summit about Liquity’s use of oracles that inspired further discussion about the introduction of best practices for oracle implementation. Witnet’s Tomás Ruiz presented on their efforts in standardizing price feed interfaces in order to simplify the overall developer experience. Watch his talk . this presentation here The Blockchain Oracle Summit was the world’s first conference to fully focus on the importance of oracles and their design. Leading experts from across the industry gathered in Berlin to share their work and address challenges faced in the oracle space. Also published . here

How Oracles Act a Catalyst in Bridging Real World Assets On-Chain

Tomás Ruiz on the Standardization of Oracle Networks, its Challenge, and Call To Action

As the transmitters of truth on a blockchain, oracles are one of the most crucial aspects of technology’s next chapter. The goal of the Blockchain Oracle Summit is to bring builders, users and investors together, to accelerate growth in the oracle space. While scaling oracles to meet growing demand, careful attention needs to be paid to maintaining costs, decentralization, trust and more. Immutable blockchains need to be complemented by the most robust oracle networks. 

Can I Trust You? Ensuring Honesty in Decentralized Systems: Oracle Manipulation & OEV

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

0VIX Launches Pre-mine, Introducing Unique Risk Management Feature

(1/100) Crypto Countdown: Golem

A Research Report on the Trader $JOE DeFi Platform

07/03/2018: Biggest Stories in the Cryptosphere

05/02/2018: Biggest Stories in the Cryptosphere

01/06/2018: Biggest Stories in the Cryptosphere

0VIX Launches Pre-mine, Introducing Unique Risk Management Feature

(1/100) Crypto Countdown: Golem

A Research Report on the Trader $JOE DeFi Platform

07/03/2018: Biggest Stories in the Cryptosphere

05/02/2018: Biggest Stories in the Cryptosphere

01/06/2018: Biggest Stories in the Cryptosphere

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps