The Oracle Connection: Preventing and Mitigating Oracle Attacks

Mykhailo Stepanov
Security Analyst
6 Minutes Read

What are blockchain oracles?

A blockchain oracle is a bridge that connects blockchain networks to external systems, enabling smart contracts to interact with and react to external data and events. Smart contracts, by design, cannot access or verify data outside their blockchain. Oracles provides a solution to this limitation by fetching data from outside sources (such as the internet, databases, or other blockchains) and feeding it into the blockchain in a format that smart contracts can understand and act upon.

Oracles play a crucial role in expanding the functionality and applicability of smart contracts. Without oracles, smart contracts would be confined to managing data and assets strictly within their blockchain, significantly limiting their potential use cases. With oracles, smart contracts can execute actions based on a wide range of real-world events and data, such as price feeds, weather conditions, flight statuses, and much more.

Types of blockchain oracles

Input Oracles

Commonly known as “input oracles,” this category is primarily focused on gathering information from the external, offchain world and making it available within a blockchain environment for use by smart contracts. Input oracles, such as those driving Chainlink Price Feeds, are instrumental in providing decentralized finance (DeFi) smart contracts with onchain access to critical financial market data.

Output Oracles

In contrast, “output oracles” function to enable smart contracts to issue commands to external systems, prompting them to perform specific tasks. This could range from initiating a payment through a banking network, instructing a storage service to archive particular data, or signaling an Internet of Things (IoT) device to unlock a vehicle once a blockchain-based rental payment is processed.

Cross-Chain Oracles

“Cross-chain oracles” stand out by facilitating the exchange of information and assets across different blockchain platforms. These oracles enhance blockchain interoperability, allowing for actions triggered on one blockchain to have effects on another, or for assets to be transferred from their original blockchain to another network for broader utility.

Compute-Enabled Oracles

Emerging in the landscape are “compute-enabled oracles,” which are increasingly adopted by smart contract developers. These oracles extend decentralized services through secure offchain computation, addressing tasks that are challenging, legally complex, or too costly to perform directly on the blockchain. Applications range from Chainlink Automation, which automates the execution of smart contracts based on specified conditions, to the generation of zero-knowledge proofs for data privacy, and the provision of verifiable and fair randomness for smart contracts through secure random number generation.

Oracles manipulation

A vulnerability arises when systems that depend on oracles execute commands automatically, despite receiving inaccurate data from these oracles. If an oracle distributes outdated or harmful information, it can severely impact all operations linked to this data stream. In reality, data feeds can lead to substantial harm, ranging from unjustified asset liquidations to nefarious arbitrage transactions.

Manipulation of Spot Prices

A well-known weakness in the realm of on-chain price oracles is the reliance on the spot prices from decentralized exchanges.

In a typical scenario, a smart contract must establish the value of an asset, such as when ETH is being deposited. To do this, it turns to the Uniswap pool associated with that asset for price information. An attacker can exploit this dependency by securing a flash loan to significantly deplete the liquidity on one side of the Uniswap pool. This action, coupled with the protocol’s reliance on a single data source, allows the attacker to skew the internal price of the asset dramatically, sometimes by as much as 100-fold. With the price artificially inflated, the attacker can then leverage this discrepancy to engage in profitable activities, such as executing a trade to take advantage of the price difference or securing a beneficial position within the protocol.

Off-Chain oracles attacks

Inherently, the process of conveying external information into a smart contract involves conventional software at various stages, from sensor devices or manual inputs to authenticated APIs that push data onto the blockchain. This chain frequently encompasses a wide array of software components.

The specific setup can be vulnerable to numerous types of attacks, including those targeting access permissions, cryptographic protocols, data transmission, and database integrity, among other areas. Oracles lacking a community-based mechanism for contesting data accuracy are particularly at risk and require robust security measures to prevent compromises that could adversely impact the applications relying on them.

Real-world cases

  • Synthetix sKRW hack

The Synthetix sKRW incident serves as a striking example of how issues with off-chain components can disrupt on-chain oracle data feeds. Synthetix, which combines several price feeds to determine the value of its derivatives accurately, relays this compiled information through an on-chain smart contract. However, due to an off-chain error, the Korean Won’s value was mistakenly reported as 1000 times its actual rate, despite the aggregation process. An arbitrage bot capitalized on this discrepancy, securing a profit exceeding 1 billion USD. Although the on-chain mechanisms for aggregating and reporting prices functioned as intended, the mishap was traced back to a failure in an off-chain element.

  • bZx case

In February 2020, bZx experienced two consecutive hacking incidents within a span of a few days, resulting in a loss of approximately $1 million. These incidents exploited vulnerabilities tied to the platform’s reliance on external oracle data for determining asset prices. Utilizing flash loans, attackers borrowed substantial amounts of assets without collateral, then manipulated the market prices on exchanges that bZx’s oracles used for price data. This artificial inflation of asset prices allowed them to conduct trades on bZx at these manipulated rates, leading to significant, unwarranted profits. The core of the exploit was the manipulation of the Oracle system, which was deceived into accepting the altered prices as accurate, causing the bZx platform to execute transactions based on these false values.

  • Harvest Finance incident

​​In October 2020, Harvest Finance faced an attack that led to a $24 million loss, exploiting the platform’s use of oracles for stablecoin pricing. The attacker employed flash loans to massively borrow and swap stablecoins within Harvest’s pools, artificially inflating and deflating stablecoin prices. This manipulation created favorable price discrepancies. Exploiting these discrepancies, the attacker then strategically deposited and withdrew funds, leveraging the distorted prices to siphon off assets at an inflated value.

The crux of the attack lay in the manipulation of the price oracles that Harvest Finance relied on. These oracles, which were supposed to reflect real-time market prices, were tricked by the sudden, artificial price changes induced by the attacker’s trades. Since these oracles didn’t account for such large, anomalous transactions, they reported skewed prices back to Harvest Finance, which then executed trades based on this inaccurate information.

How to prevent oracle manipulation attacks

To secure your project from oracle manipulations, a multi-faceted approach is essential. Using multiple oracles and diverse data sources helps avoid dependency on a single point of failure. Time-Weighted Average Prices (TWAPs) can smooth out price data over time, reducing the impact of short-term price manipulation. Employing decentralized oracle networks, such as Chainlink, ensures data integrity by aggregating information from numerous independent nodes.

Verifying oracle data through both on-chain and off-chain mechanisms adds an additional layer of security. Implementing circuit breakers can halt operations or trigger manual verification in case of abnormal data fluctuations, indicating potential manipulation. Relying on trusted data providers with a strong reputation for accuracy and reliability is also crucial.

Economic incentives and penalties can encourage accurate data reporting and deter manipulation. This may involve staking mechanisms where nodes risk losing their collateral if caught providing false data. Regular security audits and adopting best practices in smart contract and oracle design are vital for identifying and mitigating vulnerabilities.

Incorporating community oversight through decentralized governance models can provide further scrutiny and collective decision-making on critical issues related to oracles. Lastly, advanced cryptographic techniques like zero-knowledge proofs can secure the data transmission process, making it more resistant to tampering.

Combining these strategies creates a robust defense against oracle manipulation, enhancing the trustworthiness and stability of blockchain-based systems.

Read more on HackenProof Blog