What are oracles for a blockchain and what risks do they bring?

The oracle in the blockchain world is the contact between the self-referential world of the blockchain and the external computer reality. This reality produces numbers and data that are fundamental for the functioning of blockchain-based services.

The oracles were historically a bridge between the human being and the divine, they answered questions that the human being was unable to answer, often about the future or the interpretation of events outside the norm.

Today we live in the age of reasoning and mathematics, and oracles are inconvenienced in a purely symbolic way. The blockchain asks to borrow this term, oracle, to give the name to those who should solve a fundamental problem for the evolution of this technology.

Let us imagine that we need to know the arrival time of a plane or a train, whose certain data might be able to trigger insurance premiums for millions of dollars.

Even one second could make a difference. 

Many of the most interesting applications on blockchain today need just that. Smart contracts are coded to produce desired effects at the onset of a given event.

As long as that event depends on the manual entry of an arbitrary data by a user with access to the blockchain, everything is easy. If, on the other hand, this data depends on an external event on which everyone must agree, then the picture becomes complicated. 

Imagine if with simplicity we could modify a data that allows the unlocking of several millions, our power and the risks involved would increase considerably.

These are the objectives of a blockchain oracle:

1. To provide data that can’t be manipulated until it’s entered;
2. To connect a multitude of sources that can alleviate the risk of error in the collection;
3. To produce a transparent system that allows users of the oracle to trust;
4. Support a high security system against attacks.

These objectives are not easy to achieve, especially since any company that decides to take charge of them becomes itself the possible point of fragility of the system. Whoever controls the oracle controls the blockchain.

Where an oracle is used today:

• Smart contracts on securities such as bonds, derivatives, interest rates and many others will require access to APIs with market prices and market references to refer to.
• Insurance smart contracts will require IoT data feeds related to the insurable event, for example: the building’s magnetic door was locked at the time of the breach, the company’s firewall was active or the insured flight landed an hour late.
• Smart contracts in the commercial sector will need GPS data on shipments, data from ERP systems in the supply chain and customs data on goods shipped in order to confirm fulfilment of contractual obligations.

Some problems encountered with oracles

There have been some negative episodes caused by the misuse of oracles, cases that have created huge losses.

Synthetix had an accident in which the oracle was priced 1000 times what it should have been. A trading bot detected this price error, took advantage of it and made trades that resulted in 1000x profits. 

That bot made millions in less than an hour.

Another oracle incident occurred recently with bZx, a protocol that allows users to engage in margin trading through a product called Fulcrum. Fulcrum needs an oracle to determine the price of the underlying asset, they used Kyber. Kyber is a trading platform and, theoretically, should have accurate prices, but its platform is small and does not have much liquidity, compared to centralized exchanges.

A clever user exploited a technique that manifested the fragility of the oracle to his advantage. The user took out an ETH loan, deposited part of it in Fulcrum and used the rest to buy all the orders for a stablecoin on Kyber. This inflated the price of that stablecoin on Kyber to $2 instead of $1. 

Fulcrum uses Kyber as an oracle and deduced that the value of the stablecoin was twice what it should have been. 

The user withdrew the initial ETH deposit from Fulcrum, which was worth twice as much, repaid the loan and earned about $600,000.

The bZx team no longer uses Kyber as an oracle and is moving towards Chainlink.

Actors in play to solve the problems of the oracle

There are many teams trying to solve the problem to give maximum power to the blockchain. Especially the Ethereum team that currently demands more data than the others thanks to DeFi.

Augur is one of the major players in this space working on an oracle for the management of the prediction market. 

Augur allows users to vote what the real result of a scenario is and challenge that result if they believe it is wrong, all through the blockchain.

They are applying a democratic model to find the truth.

Another solution is Chainlink, a project that is creating a decentralized network of oracles. This network allows smart contracts to access data feeds off-chain. 

These data feeds can be separated from the blockchain or work as a Web API. 

Chainlink has now become a well-known project in the blockchain world and perhaps the most secure at the moment.