In the presentation below, Dominik Muhs, Senior Security Engineer from ConsenSys Diligence, dives deep into the world of oracles, explaining how they can be broken and what would be required to prevent future manipulations.
Here are some key concepts highlighted in the talk.
ConsenSys Diligence is the blockchain security and auditing arm of leading blockchain infrastructure provider, ConsenSys. Other than providing auditing services, Diligence has also released a range of blockchain security analysis tools to help developers examine their own smart contracts for any vulnerabilities prior to deploying them.
Some of these tools include MythX, Scribble and Harvey. Before joining Diligence, Dominik played a key role in the development of Mythril, a service that automatically breaks smart contracts on EVM chains, which formed the basis of MythX. Since 2020, Dominik has specialized in security testing and oracle manipulation.
At the beginning of his presentation, Dominik briefly runs through the different components that make up an oracle system. He references his presentation from Day 1 of the Blockchain Oracle Summit, where he dissects the various parts of an oracle system, based on this research paper written by his ex-colleague and current CTO of Ether Capital, Shayan Eskandari.
For more from Shayan & Dominik’s talk, check out the recording here.
Dominik then provides some examples of the different types of oracle data that are available, as well as the relevant use cases. Some of these examples are listed below:
Flight delay & weather data: Parametric insurance, such as Etherisc’s insurance products makes use of smart contracts and real-world data to automate parametric insurance payouts. Watch this by Etherisc CTO, Matthias Zimmermann on their use of oracles to provide decentralized insurance services.
Pseudorandom number generation (PRNG): PRNG is an algorithm used to create a sequence of random numbers to be used in computer programs. Chainlink VRF (Verifiable Random Function) is an example of a blockchain random number generation service. It allows smart contracts to use cryptographically verified random values to power a variety of interesting use cases. Examples of these use cases include DeFi lucky draws, gaming, and NFT creation.
Token price feeds: Most DeFi applications require a stream of aggregated price data in order to settle financial contracts on-chain. Price feed oracles are used to provide real-time market data of assets like cryptocurrencies, commodities and FIAT currencies. An example of a price feed cited by Dominik, is the Uniswap V3 oracle library, which calculates the time-weighted average price (TWAP) of assets in a given Uniswap V3 liquidity pool. For more information, check out this presentation by ex-Uniswap Protocol Partnerships Lead, Connor Martin, who played a key role in developing the V3 oracle library from Day 1 of the Blockchain Oracle Summit.
According to Dominik, one of the major vulnerabilities in oracle systems is the possibility of “frontrunning” due to Miner Extractable Value (MEV) in relation to oracles. MEV refers to the maximum profit that a miner can derive from inserting, rearranging or excluding certain transactions within the block they are in charge of.
Users submit their transactions into a mempool, which stands for Memory Pool. They consist of all transactions that are awaiting validation in order to appear within a certain block on-chain. These transactions would also include oracle price updates. Mempools are essentially databases of all pending transactions on the blockchain.
In order to extract the most revenue, transactions in public mempools are prioritized by miners based on the fees paid by the user. Therefore, there is the possibility for someone to influence the order of transactions by adjusting the amount of fees paid, also known as “sandwich trading”. In order to carry out a sandwich trade, a user would monitor the mempool for a large enough oracle price update and take advantage of arbitrage opportunities. For example, someone could execute a buy order right before a large price increase, and make a sell order immediately after the price is updated.
“Displacement” is another criterion of frontrunning attacks highlighted by Dominik during his talk. According to him, these attacks are more of a threat to other layer 1 and layer 2 networks, where each transaction incurs much lower gas fees, compared to Ethereum. A displacement attack occurs when a malicious actor spams multiple transactions into a block in order to push out or “displace” another user’s transaction from the block.
If that particular transaction happens to be an oracle price update, the malicious actor could end up triggering a dispute or slashing an oracle data reporter’s staked assets, for providing “false” data. This is because the price update that was supposed to happen was not allowed to take place within a specific block, thus delaying the oracle price update by a significant amount of time Depending on the oracle system, the malicious actor could also be rewarded for slashing a data reporter, which adds an additional economic incentive to do so.
In essence, people would be able to profit greatly from systems that integrate with oracle data that is ‘frontrunnable’, and they can reap additional rewards from the oracle systems themselves by triggering disputes. More information on frontrunning attacks can be found in this article by ConsenSys Diligence.
According to Dominik, simple, non-technical issues such as not having crystal clear documentation, as trivial as it may seem, can result in protocols being drained and millions of dollars being lost. To illustrate this, Dominik cited the example of the Blizz Finance exploit that took place during the chaos of the Terra LUNA crash in May 2022.
With LUNA crashing at an unprecedented rate, Chainlink circuit breakers paused the LUNA price feed at a shade over $0.10. This is because, in DeFi, manipulators of low-liquidity tokens can cause “flash crashes” – dumping the price of a token in order to trick price feeds, exchanges, etc.. To prevent this, Chainlink created circuit breakers that can pause a price feed when a minimum value is reached in extreme market conditions.
With LUNA trading under $0.02, exploiters were able to deposit LUNA that the Blizz Protocol still valued at $0.10. Attackers were, therefore, able to drain the protocol of most of their assets before developers could do anything about it. While another affected protocol, Venus, managed to deploy emergency funds to ride out the exploit, Blizz has not been active since May. The project was effectively ended by the erroneous implementation of oracles.
Taking Blizz Finance’s final few tweets at face value, the Blizz team felt the exploit was caused by Chainlink’s oracle pausing. Chainlink and their supporters were quick to point out that the risks were outlined in their documentation, and that out of the many, many protocols using Chainlink price feeds, only Blizz and Venus were exploited during the LUNA crash.
Dominik, meanwhile, says that while the documentation was there – it was not clear and obvious enough. While the Chainlink oracle acted as it was designed to, users that were unaware of its security features did not benefit at all.
Dominik ends his presentation with a few words of advice for both oracle developers and users to ensure the safest possible use of oracles, which include;
Several things can be done in order for the ecosystem to improve as a whole. Introducing standards and best practices in the way oracle systems are used and developed would make it far easier to evaluate and manage the overall security of these networks. Standardizing oracle use would also help end users avoid issues that arise with the poor integration of oracles, similar to what happened during the Terra LUNA crash. Lastly, with each oracle system having its own approach to solving the oracle problem and different set of trade-offs, more honest communication about how each system is designed, and their true capabilities, would greatly help to improve the information asymmetry and boost the rate of innovation in the oracle space.
Check out this presentation from the Blockchain Oracle Summit about Liquity’s use of oracles that inspired further discussion about the introduction of best practices for oracle implementation. Witnet’s Tomás Ruiz presented on their efforts in standardizing price feed interfaces in order to simplify the overall developer experience. Watch his talk here.
The Blockchain Oracle Summit was the world’s first conference to fully focus on the importance of oracles and their design. Leading experts from across the industry gathered in Berlin to share their work and address challenges faced in the oracle space.
Also published here.