Investigation Analyst at Inca Digital
Blockchain oracles, or off-chain data providers, are key players in the blockchain ecosystem - wielding as much if not more power than miners and protocols developers. Often misunderstood and overlooked, they suffer from constant misuse and security vulnerabilities. Licensing and endorsing professional oracles is key to improving the overall health of the blockchain ecosystem.
A fairly straightforward oracle use case is in futures smart contracts built by crypto trading venue FTX and other betting platforms that allow people to place bets on the next US president. Their oracles were supposed to be the media, such as CNN, calling the official win of one of the presidential candidates. Using the confusion around who had won the election on social networks and in traditional media, however, the betting platforms took it upon themselves to have the final say in the matter, creating a conflict of interest when it comes to calling the winner.
Next president betting odds from FTX, Betfair, and PredictIt - Nov 26, 2020 - electionbettingodds.com
To keep trading open, these platforms kept changing the expiration date and the nature of their futures contracts. On Feb 9, 2020, FTX gave unhappy TRUMPWIN token holders an opportunity to roll over their losses to a TRUMPFEB contract, which would mature if Trump is still in the office on Feb 1, 2021. The tactic of allowing losers to continue playing to accumulate even bigger debt is well-known among mafia-associated bookmakers.
Price and Trading Volume of TRUMPWIN/TRUMPLOSE (TRUMP) and TRUMPSTAY/TRUMPGO (TRUMPFEB) tokens on FTX - NTerminal
The problem gets even bigger when it comes to decentralized futures contracts. DeFi smart contracts cannot look up CNN news and have to rely on blockchain oracles. These automated systems are used to transmit real-world information onto the blockchain. Poorly coded, maintained, and often easily compromised, they cost the DeFi ecosystem millions every day.
Biggest DeFi Hacks and Exploits - NTerminal
Just in 2020, over $142M was stolen from Value Defi, Harvest, bZx, Akropolis, Origin, Cheese Bank, and other platforms by leveraging flash loans and other techniques to manipulate the price of the underlying tokens and buy them for cheap. On Nov 26, 2020, about $90M was liquidated on the lending platform Compound due to a potential exploit of one of the oracle data sources, Coinbase, where the price of DAI/USDC was artificially bumped up 30%. The price increase triggered the liquidation as a number of the loans were suddenly under the liquidation ratio.
Whether it is incompetence or fraudulent intent, the problem remains the same — oracles are not reliable as long as they remain under the control of betting/trading platform creators. Just like we value the independence and professionalism of journalists, we need to hold our oracles to the same standards.
There is no one easy solution to this fundamental problem. But one of the possible ways to approach it and mitigate risks is to license oracles, thus promoting professionalism and accountability in their work. Their services can also be expanded beyond pricing information to security audits and compliance reviews to act as stamps of approval for good-willing blockchain products. This will also eliminate the need to inspect every regulated blockchain product — as oracle licensing will create necessary incentives and accountability for market participants.
Create your free account to unlock your custom reading experience.