https://youtu.be/V2ciagItiqI?si=bCJSIS9lJwJSk04A&embedable=true In the presentation below, Sasa Milic, an independent researcher, presented on oracle hacks that have occurred in the past two years and the various conclusions that can be drawn from them. Below is a glossary of key concepts mentioned during Sasa’s talk, intended as a supplement to her video presentation. WHAT IS A BLOCKCHAIN ORACLE? Native blockchain data (e.g., ownership and transfer of tokens) are validated by every node in the network. This validation process makes the network tamper-proof (except in the case of a ). However, a consequence of this tamper resistance is the limited access to external data sources, since such data—and its transmission—can be easily tampered with. 51% attack To create complex blockchain applications—beyond simple token transfers—you need access to external data. For example, most decentralized finance (DeFi) applications require price data (e.g., to get a or keep a stablecoin pegged to 1 USD). Indeed, asset prices are still the most common type of data generated and processed by blockchain oracles. strike price WHAT ARE ORACLE HACKS? Oracle hacks occur when attackers exploit vulnerabilities in the design or implementation of Oracle networks. In such a hack, the attacker usually manipulates the oracle to feed incorrect data into a blockchain contract. This often leads to funds being erroneously transferred, typically to the hacker’s account. The core of these attacks lies in compromising the data integrity that smart contracts rely on, resulting in financial losses or other disruptions. At the beginning of her presentation, the speaker clarifies that most of the losses attributed to Oracle hacks are actually due to market manipulation attacks rather than a flaw in the Oracle design. Sasa divides Oracle hacks into two significant categories: statistical/data errors or errors in integration. CONFIDENCE INTERVALS Confidence Intervals refer to a range of values used to estimate the true quantity of a particular parameter. These values are accompanied by a percentage, typically ranging from 95% to 99.9%, that represents the degree of confidence in that interval. An example of a confidence interval is an estimate of the price of Bitcoin as [$29,504, $29,507] with a 99% confidence level which means that the publisher is 99% confident that the price of Bitcoin at that time will fall between the given values. Some oracle protocols, like , require price publishers to provide a confidence interval report to build transparency and confidence. Pyth OUTLIER DETECTION AND REMOVAL MECHANISMS Outlier detection, also known as anomaly detection, refers to the various techniques and processes used to identify and eliminate outliers in data. Outliers refer to data points that significantly deviate from the data pattern. For instance, if an oracle provides price data to be $100, $101, $200, $99, $102,$10, and so on, $200 and $10 should be flagged as outliers. Outliers are identified by applying statistical methods to remove data points that exceed pre-defined boundaries. Outlier detection mechanisms are crucial because they improve data integrity and reduce biases, though the speaker questions their effectiveness in the context of oracle networks. ORACLE AGGREGATION FUNCTION Oracle Aggregation Function refers to an algorithm that plays a crucial role in improving the quality of oracle data by combining multiple data inputs from different oracles into a single, aggregated value. Some of the most popular algorithms used are Median Price Value, Volume-Weighted Average Price (VWAP), and Time-weighted Average Price (TWAP). The last two are becoming increasingly popular because they are more manipulation-resistant. VWAP calculates an average price based on trading volume, where sources with larger trading volume weigh more than others, while TWAP calculates an average price based on time intervals. This on Chainlink’s blog details the differences between TWAP and VWAP price aggregation. article DISPUTE PERIODS Dispute periods are specific time frames during which participants can challenge the validity or accuracy of data provided by oracles. It is a natural step after data aggregation to resolve suspected technical errors, inconsistencies, or manipulations. These disputes are eventually resolved through voting or an arbitration protocol like . is an example of a two-tiered oracle network that has a second layer for dispute resolution. Kleros Chainlink 2.0 SANITY BOUNDS Sanity bounds, also known as sanity checks, are pre-defined thresholds or limits used to validate the data provided by oracles before it is accepted for aggregation. It is an example of outlier detection mechanisms utilized by protocols. These bounds ensure that the price data falls within reasonable and expected ranges. If the data provided by an oracle lies outside the sanity bounds, it is considered invalid and is not included in the aggregation process. This discusses the use of sanity bounds as a manipulation mitigation method for price oracles. article Connect with Sasa Millic: LinkedIn Twitter Medium Youtube The Blockchain Oracle Summit is the world’s only technical summit that dives deep into the use cases, limitations, and impacts of oracles on the wider blockchain ecosystem. Leading speakers worldwide gathered in Paris to share their work and experience building and using oracle solutions. Article by . Michael Abiodun Also published . here

Exploring the Economic Security of On-Chain Oracles: Key Insights from Uniswap Labs

How Liquity Plans to Break the Stablecoin Trilemma 

As the transmitters of truth on a blockchain, oracles are one of the most crucial aspects of technology’s next chapter. The goal of the Blockchain Oracle Summit is to bring builders, users and investors together, to accelerate growth in the oracle space. While scaling oracles to meet growing demand, careful attention needs to be paid to maintaining costs, decentralization, trust and more. Immutable blockchains need to be complemented by the most robust oracle networks. 

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

Understanding Vulnerabilities and Safeguards in Blockchain Oracles

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

How to Remove the Human Factor From DeFi Risk Management: The Key Concepts to Know

0VIX Launches Pre-mine, Introducing Unique Risk Management Feature

11 Commandments Of Smart Contract Designing

4 Decentralized Oracle Platforms that Bridge Real-World Data to the Blockchain

How Liquity Plans to Break the Stablecoin Trilemma

How to Remove the Human Factor From DeFi Risk Management: The Key Concepts to Know

0VIX Launches Pre-mine, Introducing Unique Risk Management Feature

11 Commandments Of Smart Contract Designing

4 Decentralized Oracle Platforms that Bridge Real-World Data to the Blockchain

How Liquity Plans to Break the Stablecoin Trilemma

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps