Decentralized Finance (DeFi) is basically a movement to replace most, if not all, of the functions of the legacy financial system with smart contracts that remove the need for trusted third parties from the equation.
But as it exists today, DeFi does not exactly deliver on that goal. This is because the most interesting types of smart contracts still require the use of a trusted third party in the form of an oracle.
While developers and researchers in the DeFi space are working hard on the oracle problem, it’s unclear if they’ll be able to find a sufficient solution. And if oracles cannot be resistant to government regulation and corruption, then many of the key selling points of DeFi will vanish into thin air.
What are price oracles and why are they needed?
Around 2017, smart contracts became a buzzword that, like many other terms in the cryptocurrency space, began to lose meaning. A smart contract, in theory at least, is a contract that is enforced by code rather than the traditional court system. The problem is that many of these types of contracts involve oracles.
An oracle, simply put, is a trusted person or entity that brings real-world data into the blockchain world. If two parties are making a bet on a basketball game via a smart contract on a blockchain, the third party oracle lets the smart contract know the outcome of the game by publishing the associated data to the blockchain. This process is usually automated by software. For example, a bot can scrape NBA.com for scores of the games and automatically publish them to the blockchain. But whether it’s a person or software, it exists outside of the blockchain.
Oracles are needed because cryptocurrency networks like Ethereum have no knowledge of the outside world. There is no way for the Ethereum network to know the current ETH/USD exchange rate or who won the most recent U.S. presidential election without it being provided data from outside the blockchain.
This reality is known as the oracle problem. Indeed, this problem still exists (to varying degrees) in all of the DeFi applications that have launched up to this point.
What are the current problems with oracles?
Although you are currently able to place a bet on a sporting event and hedge your cryptocurrency holdings to a local fiat currency without handing custody of your cryptocurrency over to a third party, an oracle is still used to resolve those contracts.
This oracle can be malicious or incompetent, meaning the resolution of a smart contract dispute could go the wrong way. For example, if the oracle is hacked, the hacker is in control of the outcome, rather than the entity behind the oracle. Or if two parties bet on a sporting event, the loser might be able to simply bribe the oracle to report the wrong winner, which would result in the smart contract sending the funds to the losing bettor. Because the blockchain itself has no way of verifying the authenticity of the off-chain data provided to it by the oracle, this kind of fraud is possible. And while the winning bettor would certainly protest, blockchain transactions tend to be irreversible.
Put bluntly, the fact that there’s some code on a blockchain doesn’t help guard against a corrupted oracle. While DeFi is sometimes referred to as “money Legos,” critics claim the potential problems associated with oracles make “money Jenga” a more correct analogy.
People have been working on some of the key ideas behind DeFi for nearly as long as Bitcoin itself. For example, a white paper for Mastercoin (now called Omni) was released in January 2012, and it discussed some of the smart contracts that are popular in DeFi today such as initial coin offerings and stable assets. The oracle problem, however, remains.
“They're all completely terrible, and still no one appreciates the oracle problem at all,” Bitcoin Hivemind and Drivechain creator Paul Sztorc told LongHash when asked about the state of DeFi oracles today.
Sztorc gave a presentation on the problems with the various oracle solutions that have been proposed over the years, including his own Bitcoin Hivemind project, at the 2017 QCon event in London. One of the key problems he focused on was the oracle’s incentive to take bribes from users or become a user themself and rig the outcome of a bet in their favor. Sztorc also touched on issues related to oracle data being resold at a lower cost after it has been made public, which may make it more difficult for oracles to get paid for their work.
During his talk, Sztorc used the metaphor of putting money into a black box to explain the issue with oracles. From his perspective, if Alice and Bob bet each other $5 on something with the use of a blockchain oracle, the oracle that makes the final call on the outcome of the bet effectively becomes the custodian of that money held in the black box and can make side-deals with Alice or Bob.
A key innovation with Bitcoin was that it allowed a digital financial system to exist without the need for a trusted third party to process transactions. This allowed the network to remain unregulated, permissionless, and impractical to shut down. The problem with DeFi, at least how it exists today, is that it reintroduces the third party security hole by way of the oracle.
“Kind of the ethos of Bitcoin is you control your own money, and by putting it in the hands of someone else, you are kind of not operating in that world anymore,” said Sztorc near the conclusion of his 2017 presentation.
In Sztorc’s view, zero (or potentially negative) progress has been made since Edmund Edgar’s Reality Keys solution appeared roughly six years ago. However, Edgar disagrees with this assessment (more on that later).
“My opinion is that over time, Bitcoin and Ethereum have gone mainstream, and drawn in people who have less skill, less experience, and are less interested in actually solving an interesting problem,” added Sztorc. “They just want to get involved quickly. So, there has been renewed attention but still no progress.”
In addition to issues around trust, oracles are a potential target for regulators. Abra can be seen as a case study of sorts in this area.
Synthetic assets were Abra’s attempt to build a global, permissionless bank. All of the assets held in an Abra wallet were, at one time, simply Bitcoin hedged to the price of those assets via smart contracts on the Bitcoin blockchain. The basic idea was that a user would be able to hold anything from U.S. dollars to Apple stock on their smartphone via the Abra app, but the real, underlying assets were Bitcoin tracking the prices of those holdings via an oracle.
As indicated by a recent document on stablecoins released by the Financial Stability Board (PDF), prohibiting the development of decentralized stablecoins is a potential option for governments that do not wish for these types of systems to exist, and the oracle is an obvious centralized point of failure that could be targeted by regulators and lawmakers.
“We don’t run any synthetic assets anywhere anymore,” Abra CEO Bill Barhydt told LongHash. “Everything is native. It was for a combination of legal uncertainty and cost reasons. I’d say the technology was wildly successful but the application slightly ahead of its time.”
As a side note, the oracle problem has been a key criticism of Ethereum itself since before it was launched. Indeed, it’s questionable if a smart contract that necessitates the use of an oracle should even be considered a smart contract at all, since the results aren’t actually guaranteed by on-chain code.
What are the potential solutions to these oracle issues?
If trust in centralized oracles is the problem, then trustless decentralized oracles could be the solution. But this has proven very difficult to develop.
“The legal issues are mostly a function of decentralization,” said Barhydt. “If there is an off switch there is likely a regulated entity somewhere. As of today true DeFi is still a dream. Decentralizing the oracle function, if possible, to eliminate that off switch will go a big way towards realizing the DeFi dream.”
Some of the projects working on decentralized solutions to the oracle problem include Augur, Bitcoin Hivemind, and Chainlink. The general excitement about a potential solution to the oracle problem was on display with Chainlink last year, as the network’s underlying LINK token was one of the few coins to outperform Bitcoin in a historically bad year for altcoins. However, it should be noted that Ethereum creator Vitalik Buterin recently shared his belief that Chainlink is not sufficiently decentralized to solve all of the problems related to oracles.
Augur and Chainlink are already live on Ethereum, while Bitcoin Hivemind is intended to be launched as a sidechain to Bitcoin at some point in the future. These networks generally involve creating the right incentives for the oracles to act properly rather than creating some bulletproof solution. A key part of that incentive structure is usually some form of collateral put up by the oracle that can be seized if they do not provide the correct information.
However, the entire point is that the blockchain does not know the correct information related to real world events, so it should be remembered that a complete failure scenario may lead to the malicious oracle not losing their entire collateral. The only thing the blockchain can do is compare answers from different oracles weighted by the amount of collateral each one provided. In other words, successfully cheating would require what effectively amounts to a 51% attack on the decentralized oracle network. In fact, the similarities to a traditional 51% attack conducted by proof-of-work miners are so prevalent that Stztorc once proposed having miners themselves resolve oracle-related disputes cryptocurrency networks.
“That is a common way of giving up,” said Sztorc. “It was in the ancient Princeton paper. The problem is that it leads to somewhat of a contradiction. If miners disagree ever, there is a hard fork. But ‘resolving the dispute’ by kicking it to the nodes is really just giving up to some extent.”
At this point, it’s still unclear if decentralized oracle systems can offer a sufficient level of reliability for DeFi smart contracts.
Of course, Bitcoin itself also works on a system of incentives rather than guarantees. After all, there’s nothing stopping 51% of Bitcoin miners from colluding and not allowing any Bitcoin transactions to take place. The miners process transactions and act in good faith because they are incentivized to do so.
“There's no long-term solution,” said Summa founder James Prestwhich. “There's a bunch of people putting in long-term work to keep systems working. A price oracle will always be a pressure point for out-protocol actors, just like governance.”
That said, Prestwich added that Maker’s oracle system is most likely sufficient for people who want to play around with DeFi today.
The aforementioned Edmund Edgar is still working on problems related to oracles, although Reality Keys has been replaced by Realitio. In terms of the current state of oracles, Edgar sees Augur as a positive development.
“I definitely think the world has made progress since Reality Keys,” said Edgar. “For instance, Augur does kind of work in practice (albeit with a security bound that can't be enforced). Augur can be bought out at a certain price, so to be secure the amount staked has to be less than that price. The Augur system tries to self-regulate so this is always true, but it can't stop people parasiting off its data, so the self-regulation may not work.”
Augur was originally based on Sztorc’s Truthcoin white paper, and Sztorc also has concerns over whether his model can actually work in practice.
“As I've always said, a decentralized design may ultimately prove to be unworkable or get undercut by something really really simple like Reality Keys or some kind of ‘http://oracle.bitcoin.com’ service or Google or whatever,” said Sztorc. “But that person will be a custodian of all the money. They will own all of it, which will be a nightmare for them.”
With the currently-available solutions, it’s clear that oracle-based smart contracts will not be able to offer the same security guarantees found in completely native crypto transactions, so the question is:how secure can oracles get? Perhaps users will be fine with introducing a bit of counterparty risk for their spending wallet on a layer-two payments system like the Lightning Network, but would they store the majority of their savings in a smart contract where an oracle is effectively a custodian of their funds?
“How much money are you willing to risk on an oracle system? That’s really the key question,” said Prestwich. “Are you willing to stake your entire business on it?”
Even if a sufficiently decentralized solution to the oracle problem is launched tomorrow, it will still take many years for that system to become trusted. And as the pot of money controlled by the oracles continues to grow, so too will the potential reward for someone who finds a flaw in the design. Services can appear safe and secure in the cryptocurrency space one day and then be gone the next, as illustrated by the darknet market industry over the years.
In terms of the prospects for a decentralized oracle system for now, perhaps longtime blockchain consultant Peter Todd said it best when he commented on Sztorc’s Bitcoin Hivemind (then called Truthcoin) idea some years ago: “I’d give it a low chance of success, but at least it’s clever crazy rather than stupid crazy.”