Mar 29, 2023

11 min read

Web3 needs to be decentralized. Are oracles helping?

Tldr; The oracle design space features a number of innovative projects, but some make notable trade-offs. If Web3 is to succeed, it will need trustless oracles that stay true to crypto’s decentralized ethos.

Key takeaways:

Oracles play a crucial role in DeFi and the broader crypto ecosystem today, and they should find wider use in the future as more data moves on-chain.
While oracles help power Web3, they often suffer from drawbacks stemming from reliance on centralized points of failure.
UMA’s optimistic oracle is one of Web3’s only decentralized solutions that can be used to verify any kind of data.

AsWeb3 has grown, oracles have played an increasingly important role in the ecosystem. Oracles provide data for smart contracts, which allows for a wide variety of use cases. Today, they serve as a pillar of Web3 because they help bring real-world data on-chain, yet smart contracts have no way of verifying whether the data is up-to-date and reliable. The oracle problem remains one of crypto’s biggest challenges, but the ecosystem has come to rely on several solutions.

The oracle landscape has evolved as new Web3 innovations have emerged. Today, the oracle space has a market capitalization of around $5 billion, but the ecosystem it powers is larger by an order of magnitude. Without a doubt the biggest use case for oracles today is in DeFi, a space that neared $200 billion in value at its peak. But as more data moves on-chain, we could see new, bigger use cases for oracles emerge.

The oracle space features several projects that take different approaches to powering Web3. But as providing off-chain data for blockchains is difficult, some oracles have made trade-offs on core crypto principles like decentralization. This feature explores the oracle space and explains why Web3 will need to embrace trustless solutions to fulfill its potential.

The oracle bull case

DeFi is currently Web3’s raison d’être, and oracles are a bedrock of the DeFi ecosystem. As they can provide information on asset prices, they enable activities like lending and borrowing. If there were no oracles providing price data, DeFi projects wouldn’t be able to calculate loan collateral or maintain stablecoin pegs, and the ecosystem would implode.

Although oracles can be used to verify any kind of data, most solutions focus on providing price feeds for assets. DeFi’s most popular price feed oracle solution, Chainlink, helps power the space’s most used applications and holds roughly 75% market capitalization dominance of the oracle space.

The true potential for oracles is bigger than DeFi.

Oracles are useful for many other functions. They can provide floor price data for NFT collections, which enables use cases like NFT index tokens and derivatives. Even sports brands are now using oracles to get real-world statistics and create dynamic NFTs, an innovation that’s grown in popularity as the NFT ecosystem has expanded.

The NBA uses Chainlink’s oracle to power dynamic assets in The Association NFT collection. Traits include whether the player’s team reached the NBA Finals, the number of assists a player made in a game, and whether the player scored a game-winning shot in the final 24 seconds of play (Source: The Association NFT)

Some oracles are working to solve MEV, the “invisible tax” that’s been described as one of Ethereum’s biggest issues. API3, an oracle focused on building decentralized APIs, uses a system called “Oracle Extractable Value” with the aim of reducing MEV by sending extracted value back to dApps.

Oracles can also serve other important emerging areas of the crypto ecosystem. They can power prediction markets, allow Web3 users to move assets on cross-chain bridges, and help DAOs become trustless. oSnap, an UMA-powered solution developed with Snapshot and Safe, is an example of a new innovation that showcases the potential for oracles in the DAO space. While cross-chain bridges and DAOs are still in their nascent stages, they are already essential parts of the Web3 ecosystem.

If data lives on a decentralized blockchain, it should be verified in a decentralized manner.

But DeFi sits at the heart of Web3 today, the true potential for oracles could be much bigger. DeFi has shown early hints of the promise offered by oracles, but it’s likely that all kinds of data from the real world will move on-chain over the coming decades.

This data could constitute a creator’s online profile in a Web3 social app, a weather event for an insurance payout, a breaking report on a decentralized news service, or other data for applications that don’t yet exist. Whatever form the data takes, if it lives on a decentralized blockchain, it should be verified in a decentralized manner.

How oracles make trade-offs

The oracle problem is one of crypto’s biggest. To date, several projects have emerged with different solutions. However, they often make trade-offs that sacrifice on core Web3 tenets like decentralization.

Oracles are popularly used to provide price feeds for tokens like $BTC and $ETH. Leading oracle solutions like Chainlink, Band Protocol, and Pyth focus primarily on price feeds. However, such price feeds are often limited in scope, with some only covering major on-chain assets. This means certain areas of the ecosystem, such as niche emerging tokens or NFTs, often get overlooked.

Many oracles rely on nodes to submit data, but this places trust in centralized parties. Crypto exchanges and market makers provide data for some oracles, meaning the oracles trust that the data they provide is accurate when they pull it on-chain. In extreme cases, nodes may provide inaccurate information for their own benefit.

Pyth relies on companies like Binance, Bitstamp, and CMS to publish data for its oracle (Source: Pyth Network)

Some of the most popular solutions aim to incentivize honest participation through staking mechanisms. Chainlink, for example, rewards $LINK stakers for verifying data feeds in a model it calls “explicit staking.” However, this model is prone to manipulation as it makes an assumption on future revenue (dubbed “future fee opportunity”) for honest participation. As a group of $LINK stakers could profit a sum greater than their stake by verifying inaccurate feeds, the model creates a manipulation risk for Chainlink. Crypto researcher Eric Wall was one of the most vocal critics of this mechanism when it was unveiled in 2021.

UMA integrates a staking mechanism to encourage participation, but it differs from the ones used by other oracles. $UMA stakers can earn rewards by staking their tokens and vote to secure the oracle. However, their staked tokens get redistributed if they abstain or vote for the incorrect outcome in disputes. This mechanism builds on early Proof-of-Stake designs and game theoretical principles to make the Data Verification Mechanism more robust.

While some oracles risk collusion between dishonest tokenholders, project teams may also manipulate their own votes if they control a large portion of their token supply. In June 2022, Kleros faced accusations of manipulation after a user was denied a payout from the insurance protocol Unslashed Finance. Some alleged that Kleros team members had used a large number of tokens to sway the vote; the payout was denied.

DeFi’s Achilles’ heel

Oracles make DeFi work, but they can cause problems for the entire ecosystem when they fail.

DeFi’s killer app is composability, but it can also be its Achilles’ heel. When one thing breaks, issues can be widespread. If an oracle shows incorrect data, it can cause liquidation cascades that impact many users.

Oracles have struggled to maintain accurate price information during periods of extreme volatility in the past. When the crypto market suffered from an extreme selloff on March 12, 2020, oracles showed invalid price data, which caused widespread liquidations and bad debt for protocols like Maker. The events became known as Black Thursday. In recent years, some of DeFi’s top protocols have begun using their own oracles to avoid relying on one solution, but they often suffer from drawbacks. Maker, for example, uses its own oracle to track collateral prices.

Oracle price feed attacks are among the most common in DeFi. A popular strategy involves taking out a flash loan and using the funds to manipulate the price of assets in a liquidity pool then borrowing an amount of funds that exceeds the deposited collateral. Though DeFi protocols can mitigate such attacks by using multiple sources, they are still common.

Why decentralization matters

The current Web3 landscape highlights the importance of decentralized oracles. As oracles provide data that smart contracts read, we need to be sure that the oracles work as intended while limiting trade-offs. DeFi has worked for its first few years without imploding, but it heavily relies on a small number of oracles.

If Web3’s oracle threat is big today, it could be colossal in a decade.

In the current environment, a big oracle failure could collapse DeFi. The DeFi ecosystem is worth around $50 billion today, so the manipulation incentive is high. Yet the ecosystem still depends on solutions that could fail due to their centralized set-ups.

If Web3’s oracle threat is big today, it could be colossal in a decade. If the space fulfills its potential, DeFi will see significant growth once networks like Ethereum achieve scalability. As other data moves on-chain, oracles will become a vital technology for verifying data in the user-owned web.

Given the important role oracles play in Web3, it’s crucial that the leading solutions are decentralized. If oracles are to act as truth machines for the next financial system, they also need to be very difficult to attack.

Web3 oracles must be decentralized.

Bitcoin and Ethereum both have a cost of corruption. Ethereum’s market cap is around $184 billion today, meaning a bad actor would need over $92 billion worth of $ETH to attack the network. UMA also has a cost of corruption; a bad actor would always end up spending more on attacking the oracle than they could possibly profit due to the protocol’s economic guarantees.

But few oracles can guarantee this. Tokenholders may be encouraged to verify data through staking when the possible profit from manipulation could greatly exceed their stake. In the worst cases, oracles may use multi-signature wallets that a handful of people have access to.

The (multi-sig) elephant in the room

DeFi and the broader Web3 space has evolved at a rapid pace in recent years, but the multi-sig problem is currently holding it back.

Many projects use multi-sig wallets to control their smart contracts, which means they have a central point of failure. When a project is controlled by a multi-sig, it’s not always clear who was enlisted as a signer and why, whether they practice good security hygiene, and if they will act with honest intentions. Multi-sigs undermine security when security is a key characteristic for blockchains. We use networks like Bitcoin and Ethereum to secure value and hope to help the space grow. That means we need to be sure that security is always a top priority.

In a recent case highlighting centralization risks in multi-sig wallets, the team behind Oasis Protocol ran a so-called “counter-exploit” in its own multi-sig vulnerability to retrieve $225 million from the Wormhole Bridge hacker. The move came after the High Court of England and Wales ordered Oasis to work with Jump Crypto to recover the funds. While it followed a malicious attack worth $325 million, the incident also placed a sharp focus on decentralization, blockchain immutability, and credible neutrality. If Web3 users accept that multi-sig wallet controllers can seize funds based on a court order today, their own funds could be at risk if a government tries to shut down a protocol in the future. The US Treasury Department controversially banned Tornado Cash in August 2022; some raised concerns that a ban on other popular protocols like Uniswap or Ethereum itself could follow in a worst case scenario.

Although most of crypto’s leading projects strive for decentralization, they sometimes rely on projects that use multi-sig wallets. Chainlink, the most widely used oracle solution in the space today, uses a 4-of-9 multi-sig.

UMA embraces Web3’s decentralized values. There’s no multi-sig controlling the contracts, and any upgrades must be voted on by the UMA DAO. When UMA launched token staking as part of the UMA 2.0 launch this month, it had to pass governance in a trustless manner.

oSnap is an UMA-powered product designed to reduce Web3’s reliance on multi-sigs. It enables DAOs to replace multi-sigs with trustless governance, ushering in a new wave of Optimistic DAOs. If Web3 is to work, it needs decentralized governance and oracles.

The multi-sig problem in the oracle space raises two important questions for the Web3 community:

Is an oracle decentralized enough to power the decentralized web if it places trust in a handful of individuals?
Should Web3 applications move away from multi-sig oracles or use multiple oracles to reduce their risk?

While some projects are taking action such as diversifying their oracles to overcome the multi-sig problem, the space has some way to go to achieve full decentralization.

Price feed oracles and optimistic oracles

The core function for most oracles today is providing price feeds. DeFi relies on accurate price information, so price feed oracles sit at the core of the crypto ecosystem. This set-up is flawed because they often aggregate data from centralized sources, and are also limited in scope.

UMA’s optimistic oracle is a new approach to tackling the oracle problem. It’s a design where game theory guarantees honest coordination to find the true outcome and trustlessness is key. The cost of corrupting the oracle outweighs the benefit, something that’s not true of other solutions.

Optimistic oracles are the right solution for establishing truths in Web3’s future.

The OO also offers flexibility over price feed oracles: you can use it to find out the price of $ETH when Ethereum’s Shanghai upgrade ships, whether it rained in New York City last night, or to help a DAO adjust its staking emissions.

Though price feed oracles power DeFi today, UMA believes that optimistic oracles are the right solution for establishing truths in Web3’s future. A handful of other projects like Tellor and Reality seem to agree as they are taking similar approaches to UMA, using optimistic assertions to verify data. As more data moves on-chain, it’s likely that the benefits of optimistic oracles will become more apparent.

Recent developments in Zero-Knowledge technology could also impact the oracle space in the future. Though Zero-Knowledge Proofs are yet to truly disrupt Web3, nascent projects like Empiric Network, a ZK-based oracle on StarkNet’s Layer 2 network, show early hints of how the space could evolve over the coming years.

What’s next for oracles in Web3?

UMA’s end goal is to power a vast ecosystem of trustless DeFi apps, DAOs, and other Web3 projects that value decentralization. The OO has already proven its utility in powering applications like on-chain prediction markets and bridges, but the opportunity ahead is much bigger.

Web3 could soon expand beyond niches like DeFi and NFTs to a user-owned network securing valuable data for billions of users. With the advent of smart contracts, this new Internet could transform the concept of laws as we know them. Data that lives on a decentralized blockchain should be verified in a decentralized manner. And that’s why we believe what we’re building will be useful for the world.

To learn more about UMA’s value proposition or integrate the protocol into your project, visit our website or reach out at integrations@uma.xyz.

Words by @dreamsofdefi