"While smart contracts can only be executed internally on the blockchain, there needs to be something that links external APIs to the blockchain, so smart contracts can execute automatically based on real world factors (market movements, retail payments, weather or anything else). The product that does this is called an oracle. The problem is, oracles are centralised, or owned by a company/organisation. How can we trust a decentralised smart contract to execute based on centralised real world data?
One of the reasons smart contracts are catching on is the basic properties of the blockchain; trustlessness and immutability. When a third party or even second party provides the oracle service for executing a smart contract, that trustlessness goes away."
"We believe DeFi can be made safer and more secure by minimizing oracle usage. We call this “priceless” contract design. “Priceless” contracts are designed with mechanisms to incentivize counterparties to properly collateralize their positions without requiring any on-chain price feed. These mechanisms include a liquidation and dispute process that allows counterparties to be rewarded for identifying improperly collateralized positions. Unless a position is liquidated, it is assumed to be solvent (properly collateralized). Oracles are only used when a liquidation is disputed — which is designed to be rare.
One analogy for this design pattern is the traditional legal contract. If Alice and Bob write a contract under US law they (hopefully) enter into that contract without any intention to end up in litigation. Provided that Alice and Bob both think the other person followed rules of the contract, they will never use the court system. Priceless contract design applies similar principles by reframing the “oracle” as a type of court system: oracles should only be used as a backstop to resolve disputes that cannot be handled by mechanisms codified in the contracts themselves.
We are looking for feedback on this design pattern ahead of a mainnet deployment later in Q2."
- From this deep dive (10-8-2020):
"Software oracles interact with the internet and transmit data in real time.
Example: data like air temperature, transport timetables, prices of goods.
Hardware oracles are a solution for obtaining information from the real world.
Example: sensors like barcode scanners and IoT (Internet of Things) devices.
Inbound oracles reflect “if - then” scenarios associated with software oracles and provide information from the outside world.
Example: buying cryptocurrency at a certain price.
Outbound oracles send information from smart contracts to the outside world.
Examples: a smart blocking system that provides access to a product or service as soon as it receives information about a successful payment from the oracle
Human oracles use human input. They are valued for their independent view of the outcome of an event.
Example: Augur’s oracle.
Oracle as a program code is an oracle that exists in software format and
works with information that is online.
Example: such oracles can provide data on weather, temperature, prices for services or goods, transport schedules, and so on. The oracle receives this data from the websites of companies, processes it and provides it to the smart contract.
Oracular consensus — prediction markets such as the aforementioned Augur and Gnosis need oracles to reliably predict events and outcomes. However, using only one source of information, it is impossible to accurately determine its reliability. In this regard, prediction markets use not one but several oracles to predict the consequences of events."
- From this deep dive (10-8-2020):
"Today, there are two main approaches to achieving the reliability of oracles: the consensus of the oracles and TLSNotary proof.
The consensus of the oracles approach uses the consensus of multiple independent validators. The main problem of this type is that the system is vulnerable to the Sybil attack. Hacking one or more consensus participants is easier than compromising one large validator, since a large player has much more serious security measures.
TLSNotary is cryptographic evidence that the data received from the selected source is transferred to the smart contract unchanged. This solution was suggested by The Oraclize company that offers the second approach. The user chooses the source himself, and TLSNotary proves the correct operation of the oracle.
It is important to note that both approaches have a problem of trusting the source(s) of information: both of them, to some extent, guarantee the honesty of data transfer from the source to the contract, but they do not guarantee the honesty of the source, even if we have chosen it ourselves."
"On November 9, a writer from the website samczsun.com published a report that shows a number of issues with price oracle manipulation stemming from a few blockchain applications. The researcher notes that price oracle manipulation has resulted in “over $30 [million] in losses so far.”
The blog post however isn’t just criticisms and samczsun.com’s editorial features an introduction to oracles, oracle manipulation, and how to mitigate against exploitation. Further, the post discusses six vulnerabilities that have taken place in the past.
The report concludes that “price oracles are a critical, but often overlooked, component of defi security.” The article highlights that there are plenty of ways that dapps can shoot themselves in the foot if they overlook some of these problems. “Reading price information during the middle of a transaction may be unsafe and could result in catastrophic financial damage,” the research post says."