In this article we look at type of economic attack on DeFi projects in the form of manipulation of price oracles.
What Are Price Oracles
On Ethereum, where everything is a smart contract, so too are price oracles. As such, it’s more useful to distinguish between how the price oracle gets its price information. In one approach, you can simply take the existing off-chain price data from price APIs or exchanges and bring it on-chain. In the other, you can calculate the instantaneous price by consulting on-chain decentralized exchanges.
Both options have their respective advantages and disadvantages. Off-chain data is generally slower to react to volatility, which may be good or bad depending on what you’re trying to use it for. It typically requires a handful of privileged users to push the data on-chain though, so you have to trust that they won’t turn evil and can’t be coerced into pushing bad updates. On-chain data doesn’t require any privileged access and is always up-to-date, but this means that it’s easily manipulated by attackers.
A further distinction can be made between off-chain and on-chain oracles, that is, whether they are centralized or decentralized.
Off-chain Centralized Oracle
This type of oracle simply accepts new prices from an off-chain source, typically an account controlled by the project. Due to the need to quickly update the oracle with new exchange rates, the account is typically an EOA and not a multisig. There may be some sanity checking to ensure that prices don’t fluctuate too wildly. Compound Finance and Synthetix mainly use this type of oracle for most assets
Off-chain Decentralized Oracle
This type of oracle accepts new prices from multiple off-chain sources and merges the values through a mathematical function, such as an average. In this model, a multisig wallet is typically used to manage the list of authorized sources. Maker and Chainlink use this type of oracle for ETH and other assets.
On-chain Centralized Oracle
This type of oracle determines the price of assets using an on-chain source, such as a DEX. However, only a central authority can trigger…