I have always maintained that DeFi is in its experimental phase. Thus, when DeFi fanatics try to compare finance with TradFi, it translates as outright ignorance to me. Essentially, the purpose of my preamble is to highlight the inherent risks present in the ecosystem, pointing to the long and tortuous journey ahead of us if we must get things right, much less engage in comparisons. blockchain Because two truths can co-exist, DeFi has come a long way. Since my arrival here, I have witnessed the highs and lows of the growing industry. While my participation was limited, my first watershed moment coincided with the 2021 bull run, when meme coins went crazy, by the first dog-themed token, Dogecoin. And the heartbreaking moments reflected in periods I lost money trading futures and, particularly, losing four figures during the Nomad cross-chain bridge . Every other exploit and hack the industry has witnessed, I either observed on the streets of Crypto Twitter (now Crypto X) or crypto media platforms like CoinTelegraph, but not as a victim. led exploit Yet, it leaves me no choice (then and now) but to acknowledge that security is a missing catalyst to DeFi's 100x adoption. Hence, this piece focuses on the ZkOracle primitive and its key role in securing DeFi and restoring its declining goodwill. What are ZkOracles? TLDR: ZkOracles are blockchain oracles that leverage zkSNARKs and Zkproofs to trustlessly transmit data on-chain while ensuring privacy, security,, and cost-efficiency. ZkOracles, known as zero-knowledge oracles, are an offshoot of blockchain oracles. Blockchain networks rely on oracles to access and import data from the real world. Such data could range from asset prices and weather information for insurance claims to IoT sensors for tracking goods in the supply chain and events in prediction markets. In relation to DeFi, oracles have been most useful in the lending realm. Smart contracts play a key role in automating operations within lending protocols. However, smart contracts operate as a siloed and deterministic entity and are unable to integrate external or off-chain data by themselves, especially when this is important to executing instructions they are embedded with. For example, in prediction markets, smart contracts could not determine the winner of a prediction based on an event without leveraging an oracle that reports the outcome. But how do Zkoracles work? Zkoracles improve on the inefficiencies of traditional blockchain oracles— some of which have affected DeFi in its entirety, contributing to an adoption blight. But one inefficiency that resonates more among these is security. According to , most exploits across the DeFi ecosystem have resulted from oracle manipulation risks, pointing to the vulnerabilities inherent in traditional oracles. Chainalysis In 2022, oracle manipulation exploits for over $400 million in stolen cryptocurrencies. The Mango Market in late 2022 perfectly describes how traditional oracles could be manipulated by hackers for personal gain. Avraham Eisenberg, the black hat hacker, had manipulated the price of $MNGO, the native token of the Solana-based DEX and lending protocol, using his profit (from the short-lived inflated Mango price) as a collateral to obtain a loan valued at $116 million. accounted exploit While the oracles Mango Market ($MNGO's price was transmitted to the protocol using the moving average of centralized exchange price feeds) functioned accurately, they were easily manipulable due to their centralized status. $MNGO's low liquidity equally contributed to enabling the manipulation as a relatively minimal amount was used to inflate its price. Although some lending protocols avoid listing assets with low liquidity, this is contrary to the essence of decentralized lending— part of which aims to enable the collateralization of long-tail assets. How ZkOracles Work in DeFi Lending Lending protocols rely on oracles to calculate collateral value, borrowing limits, interest rates, etc— all of which are important for the proper functioning of the lending process. As such, a miscalculation across any of these hallmarks could spell doom for a protocol, particularly lenders— a lender could be arbitrarily liquidated if an oracle misreports mjprice or his collateral value. Yet, while decentralized oracle networks like Chainlink attempt to circumvent this challenge through multiple data sources for accurate reportage, the cost of doing so is high, this means that the more nodes that query data sources and supply the prices to lending dApps, the more the transaction to update the data on-chain becomes. expensive The reason for this is because each validator (node) has to sign a cryptographic message stating the price they queried, (i.e. ETH/ USD) for reporting into the Oracle to update on-chain. The more signed messages, the higher the cost of the Oracle transaction is because it contains more data (more signatures) Usually, a few Oracle service providers try to avoid this by limiting the number of nodes (validators) on the Oracle network. But this also comes at a cost— security tradeoff, thus increasing the potential for manipulation. Meanwhile, ZkOracles sidesteps all of these challenges without the need for tradeoffs— neither on security nor decentralization. ZkOracles data privacy, security, and cost-efficiency. For lending protocols, ZkOracles consult multiple off-chain data sources for asset prices or any other relevant data (wallet balances, transaction activity, collateral value, interest rates), performing as many off-chain queries as possible without incurring costs, unlike traditional oracles. prioritize ZkOracles transmits the off-chain computation and ZkProof for it (which it generates with the help of zk-SNARKS) on-chain to the smart contracts on the protocol. The data is transmitted trustlessly and privately such that bad actors are unable to frontrun and manipulate. Despite the private transmission, a lending protocol's smart contracts can verify that the data is accurate using the Zkproof generated. Securing DeFi with ZkOracles ZkOracles belong to the category of decentralized fair oracles, which have been touted for their advantages, such as minimized manipulation risks as data obtained is tamper-proof. Moreover, they also create the window of opportunity for long-tail assets such as liquid staking derivatives (LSD) outside the dominating LSTs— Lido's stETH and Rocketpool's rETH to attain a collateralization status (users could deposit them as collateral to obtain loans). Examples of the less popular LSDs include ankrETH, frxETH, cbETH, swETH, and metaLSD, UnshETH. Vitalik Buterin had concerns regarding the threats stETH and rETH domination pose to Ethereum's decentralization, suggesting that stakers should begin staking ETH with other protocols. And regarding collateralization, most (stemming from the concept that LSTs could attain other use cases such as lending and restaking) protocols (Lybra, Prisma, Gravita, etc.) prefer to onboard the dominant LSDs. In the same vein, major oracle providers require a $100 million and above TVL for any LSD to integrate their price oracle, shutting the door on the less-patronized LSTs. expressed LSDFi However, the mechanism behind ZkOracles suggests that less dominant LSTs could aggregate prices in DeFi lending without depending on a centralized entity or meeting steep requirements such as having huge TVL or incentivizing liquidity. This precludes the possibility of manipulation, thereby reducing the likelihood of another high-impact exploit since Zkoracles cull data through different APIs with a Zkproof that shows that the prices fed to protocols are trustless and verifiable. Final Thoughts While oracles are one of DeFi's most important infra, they have also proven to be the industry's Achilles heel, given the number of exploits that have occurred from the attack vector in the past year. Although one may likely argue that the industry is still standing in spite of the exploits, I'm compelled to take a cue from Dan Elitzer's article, where he noted that Thus, that argument crumbles if we (DeFi folks) have our eyes set on mainstream adoption as a goal. "Why DeFi is Broken" "the frequency and severity of exploits are at least two orders of magnitude above what might be considered acceptable levels for mainstream adoption." But mainstream adoption aside, ZkOracles preserve the ethos of decentralization that Lido's dominance appears to be threatening as regards Ethereum by enabling the less-dominant LSTs to gain market share and enjoy more utility on LSDfi protocols. Interestingly, as Dan Elitzer also suggested, I imagine that individuals and institutions could deploy ZkOracles for personal use on lending protocols, barring the need to depend on a general oracle and reducing the scope of damage in the event of an exploit (if the oracle of a user is compromised, any damage is limited to the user). I'd like to think of the integration of zkOracles into DeFi lending as killing three birds with a stone— privacy, decentralization, and security. Abbreviations ZKSNARKs - Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge CDP - Collateralized Debt Positions. LSDfi - LSD Finance DeFi - Decentralized Finance TradFi - Traditional Finance LST - Liquid Staking Tokens LSD- Liquid Staking Derivatives Long-tail assets - Assets with low volume or liquidity ankrETH - Ankr staked ETH frxETH - Frax ETH cbETH - Coinbase ETH swETH - Swell ETH stETH - Lido’s staked ETH

The is an opinion piece based on the author’s POV and does not necessarily reflect the views of HackerNoon.

Read My Stories

Too Long; Didn't Read

Download free Tech Leaders Productivity Report!

Securing DeFi: The Case for ZkOracles

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

0VIX Launches Pre-mine, Introducing Unique Risk Management Feature

11 Commandments Of Smart Contract Designing

4 Decentralized Oracle Platforms that Bridge Real-World Data to the Blockchain

How Liquity Plans to Break the Stablecoin Trilemma

Understanding Vulnerabilities and Safeguards in Blockchain Oracles

0VIX Launches Pre-mine, Introducing Unique Risk Management Feature

11 Commandments Of Smart Contract Designing

4 Decentralized Oracle Platforms that Bridge Real-World Data to the Blockchain

How Liquity Plans to Break the Stablecoin Trilemma

Understanding Vulnerabilities and Safeguards in Blockchain Oracles

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps