What Can Happen If an Oracle Fails (And How To Prevent It)

In DeFi, oracles play an important role as they help to connect external data with blockchain. Thus, they significantly expand the usage of smart contracts making it possible for them to operate with the information from the real world.

Yet, oracles are not perfect and the technology does not always work as it should. Oracles may fall victim to manipulations or rely on incorrect data reporting and thus fail their users.

What kind of failures oracles may experience and what can be done to prevent this? Read on to find out.

Key Takeaways

• A blockchain oracle serves to connect real-world data with blockchain helping smart contracts execute their activities.
• Centralized blockchain oracles may fall victim to external manipulations or report incorrect data obtained from a single source.
• Decentralized oracles rely on a distributed network of data sources which makes them much more secure.
• Liquid Loans relies on a decentralized Fetch Oracle with a built-in dispute system helping it maintain the correctness of data.

What is a blockchain oracle?

As mentioned above, an oracle is an entity that connects the blockchain with external systems. Thus, it feeds the blockchain with real-world data and enables smart contracts to execute in accordance with this information.

In their essence, blockchain oracles fall into two broad categories:

• Centralized oracles. With such oracles, there is usually a single entity that stores the data and sends it to the blockchain by request. Such oracles are prone to failures as they rely on a single source of truth that can be altered or compromised.
• Decentralized oracles. These oracles are managed by multiple node operators who combine multiple sources of data. Thus, they collectively provide accurate and reliable data to the blockchain.

As you may guess, there are many ways for things to go wrong when centralized oracles are involved. Therefore, the trustworthiness of such oracles is disputable. 

How do centralized oracles fail?

With the lack of an unbiased source of truth, centralized oracles can easily fall victim to external manipulations. 

For example, oracles may submit an event that has never occurred or neglect to provide the required data to the blockchain at all. Alternatively, they may simultaneously send two conflicting pieces of data to the blockchain and simply break the logic of the smart contract that operates this information.

Having spotted such abnormalities, malicious actors can perform different attacks to steal funds from DeFi services. Let’s investigate some real-world examples of such attacks.

What happens if oracles fail?

There are many cases of oracles failing to provide correct data to those who requested it. We’ve listed some of the most notable events below.

Compound - An exploit of a centralized oracle

In November 2020, a decentralized exchange Compound lost around $89 million after an exploit of an oracle provided by a centralized platform Coinbase.

As a DeFi protocol, Compound enables its users to borrow crypto on a peer-to-peer basis by providing collateral to secure the loan. The value of the collateral must be higher than the borrowed sum to avoid losses due to market volatility. If the value of the collateral drops below a predefined level, the position gets liquidated automatically.

To estimate this value, Compound relied on the data provided by Coinbase Pro. Presumably due to an exploit, the oracle fed the smart contract with an incorrect price of DAI which was $1.3 instead of a normal $1 which resulted in massive liquidations.

Synthetix - Incorrect data from an oracle

In June 2019, another DeFi platform Synthetix almost lost $1 billion as a result of incorrect data that it obtained from an oracle. 

Synthetix operates mostly with non-crypto assets such as fiat-based currencies. To provide its users with the pricing data it relied on a number of centralized off-chain oracles. One of these oracles happened to report incorrect data for the price of the Korean Won making it 1000x higher.

A sophisticated bot trained to spot such abnormalities exploited this discrepancy getting away with a solid sum of money. Luckily for the platform, the creator of this bot later agreed to return the funds.

bZx - Hacker manipulating prices in an oracle

BZx is a cryptocurrency platform where users can borrow and lend crypto in a completely decentralized way. 

In February 2020, it experienced a series of attacks as an unknown hacker discovered a vulnerability in Kyber Network, a single price oracle that the platform relied on.

The attackers managed to manipulate the prices of wBTC and sUSD on Uniswap. Since Kyber relied on the reserves of this platform, the changes in prices on Uniswap inevitably influenced the prices on Kyber as well. 

Eventually, the oracle was misled by incorrect prices which resulted in a loss of around $1 million in crypto.

Mango Markets - An oracle relying on a small number of data sources

The case of an oracle exploit associated with Mango Markets, a Solana-based DeFi platform, is particularly interesting. 

The hacker who manipulated the price of the $MNGO token through an oracle identified himself publicly as Avraham Eisenberg afterward. What’s more, he claimed that the actions he performed were actually legal being nothing else but a “profitable trading strategy”.

Statement on recent events:

I was involved with a team that operated a highly profitable trading strategy last week.

— Avraham Eisenberg (@avi_eisen) October 15, 2022

Mango Markets used oracles for $MNGO price calculation via moving averages from a few exchanges. 

The security auditing company OtterSec stated on its Twitter that the attacker was able to manipulate the Mango collateral spiking its value and then taking “massive loans” from the platform’s treasury.

Later Eisenberg proposed returning $67 million and keeping the remaining $47 million as a bug bounty. The proposal was supported by the community, but the hacker still faced a lawsuit from the platform and a complaint from the SEC afterward.

What Can Happen to Liquid Loans if the Oracle Fails

Just like many other DeFi solutions, Liquid Loans relies on an oracle for various purposes. 

It obtains price feeds for PLS and USDL to calculate the collateral ratio in the vaults, to mint USDL from collateralized PLS, to enable users to redeem USDL for a dollar’s worth of PLS, etc.

This oracle may also become victim to different types of external influence. For example, the price of PLS that it obtains from external sources may be too low. This would result in massive liquidations and money losses while the oracle itself may freeze or go offline. 

How To Prevent Oracle Failures

To address this problem, Liquid Loans utilizes two different approaches: a truly decentralized Fetch oracle and a number of backup oracles.

Fetch Oracle

As a fully decentralized blockchain oracle running on PulseChain, Fetch Oracle represents a much more reliable solution than any centralized version available today.

It obtains the data from a decentralized network of reporters who are incentivized to provide accurate data and, vice versa, get penalties when they submit incorrect information.

In the case of incorrect data, other participants may “dispute” it. The data then is sent off chain as it becomes a subject to voting. Thus, such a method eliminates the chance of an oracle failure and makes the whole system much more secure.

Redundancy (backup oracles) 

Although the primary oracle should never fail, it is always smart to have a backup or two incase this happens.

Many projects have a secondary oracle, such as Chainlink, to step in while the primary oracle is fixed.