Manipulation by oracle

For the correct operation of the protocols, additional information from the outside of the blockchain is sometimes required. Such an offchain information is provided by oracles, which are often yourself smart contracts.

Vulnerability occurs when the protocols relying on oracles automatically perform actions, even if the data provided by the oraculus are incorrect.

Oracle with outdated or even harmful contents may have catastrophic consequences for all processes connected to the data channel. In practice, manipulation of data can cause significant damage – from unreasonable liquidations to malicious arbitration transactions. The following sections show examples illustrating common vulnerabilities and malfunctions associated with oracles.

Manipulation of spot prices

Classical vulnerability comes from the world of onchain price oracles: trust in the spoke price of a decentralized exchange.

The script is simple. Smart contract needs to determine the price of an asset, for example, when the user enters ETH to his system. To determine the price, the protocol refers to the corresponding pool Uniswap As a source. By operating this behavior, an attacker can take a flash loan to devastate one of the sides of the Uniswap bullet. Due to the lack of a variety of data sources, the internal price of the protocol is directly manipulated, for example, 100 times more initial value. Now the attacker can perform an action to capture this additional cost. For example, you can conclude an arbitration transaction based on a newly created price difference or take a favorable position in the system.

Problems are double in nature:

1. Using a smart contract with a single source of price feed allows you to easily manipulate on a chain using flash loans.
2. Despite the noticeable anomaly, smart contracts consuming price information continue to work on manipulated data.

A more specific example is given in Visor Hack . When replenishing the account, information about the price is taken directly from Uniswap:

Uint160 SQRTPRICE = TickMath.GetsQRTratioattick (Currenttick ());

Uint256 Price = FullMath.Muldiv (Uint256 (SQRTPRICE).mul (Uint256 (SQRTPRICE)), Precision, 2 ** (96*2));

Here the CurrentTick () function directly extracts the current TIC price from the Uniswap pool:

// @return Tick current price tick Uniswap

Function Currenttick () Public View Returns (Int24 Tick)

Since these price data are extracted from oncha-dependence, and price data are determined in the context of the current transaction, this spot-price can manipulate in that the same transactions .

1. An attacker can take a flash loan for an incoming asset and on the corresponding UNISWAP pool to exchange an asset and for an asset in with a large volume.
2. This transaction will lead to an increase in the price of the asset in (increase demand) and reduce the value of the asset A (increase in supply).
3. When the asset B is entered into the above function, its price is still increasing due.
4. Therefore, the asset b gives the attacker too many shares .
5. These shares can be removed, which will give the attacking equal parts of the asset a and asset B from the pool
6. Repetition of this process will lead to the fact that a vulnerable pool will lose all means
7. With the money received from the seizure of his shares, an attacker can repay a flash loan.

Warning! In no case do not use a decentralized exchange expert directly to determine the price. Safe price calculation can be completed, for example, using the average price of prices (TWAPS) in longer time intervals. Provided with sufficient liquidity, this significantly increases the cost of an attack on manipulating prices, making it not feasible. An example to facilitate the safe detection of prices is Uniswap V3 OracleLibrary.

Offchain infrastructure

By definition, the data channel transmitting information outside the chain to a smart contract requires traditional software for work. From sensory equipment or manual input to authenticated API transmitting data to the chain, many software is often used.

Depending on the specific implementation, attacks for access control, cryptographic implementation, transport, database security, etc.D. As a result, the software providing the services of the oracle should be strengthened and adhere to the best security practices, such as Owasp Secure Coding Practices. Oracles that do not offer the dispute phase controlled by the community should be especially protected, since their compromise will directly affect dependent applications.

Information (additional)

Escandari et al. divided the concept of oracle into the next six modules:

1. True
2. Sources of data
3. Fillers of data
4. Selecting data sources
5. Aggregation
6. Dispute phase (arbitration)

In their publication, you can read about the principles of design, attacks and measures to eliminate them.

An excellent example of an offchain components that affects the transmission of oracle data on a chain is the incident with Synthetix SKRW . Synthetix combines several related prints for the exact determination of the price of their derivatives and removes the totality to the surface through a smart contract on a chain. With an erroneous message, values ​​are 1000 times higher than the original, the price of Korean Vona was reported much higher, even despite the aggregation . The arbitration bot used this effect, which quickly brought it a profit of more than 1b USD. While the aggregation of onchain and the price report worked correctly, the incident refused the component of offchain (suppliers).

Information (additional)

Samczsun wrote an excellent article on the ParadigM blog, which describes this incident and other incidents related to price oracles in detail.

Centralized oracles and Trust

Projects can also choose the implementation of a centralized oracle. The method of updating such a smart contract can, for example, be protected by a modifier Onlyowner and demand from users of trust in the correctness and timeliness of data provision. Depending on the size and structure of the system, such a centralized trust can lead to the fact that an authorized (s) user (s) will receive (UT) an incentive for presenting malicious data and abuse of their position.

In addition, such centralized systems can carry a risk associated with the compromise of closed keys.

Safety of decentralized oracles

Decentralized oracles are aimed at diversifying a group of data collectors to such an extent that violation of the quorum of participants becomes an impossible task for the attacker. In a decentralized scenario, additional security considerations are related to how the participants are stimulated and what kind of misconduct remain unpunished. Participants providing (reliable) data from the Oracle system receive an economic reward. In an effort to maximize their profits, participants are stimulated to provide as a cheaper version of their service as a cheaper version.

Freeloading

“Freebie attacks” is the simplest form of saving work and maximizing profit.

The node can use another oracle or offchain component (for example, API) and simply copy values ​​without checking. For example, the oracle providing weather data may expect from suppliers of temperature measurement and wind speed in a certain place. However, the nodes have an incentive to use the publicly available weather data and simply transfer its data to the system.

In addition to the obvious problem of centralizing the data source, attacks of this kind on the scale can also seriously affect the correctness of the data. This effect is most noticeable when the selection frequency is different, for example, the Oracle onchain is awaited by the selection frequency in 10 minutes, and chat nodes provide data from the API, which are updated once per hour .

[ Approx. Menaskop: This is another and obvious example Tempography ].

A freebie in decentralized oracular data markets can strengthen the price race, since a freebie requires an exclusively simple search (and selection).

At the same time, the proper provision of data may require more significant computational costs. With less competition in cheaper price ranges, several chatter nodes can even https://gagarin.news/news/gucci-to-accept-ape-coins-receives-more-cooperation-offers/ capture the data channel. Frequency attacks can be easily prevented for more complex data channels by introducing a fixation-discharge scheme. This security measure will not allow the participants of the Oracle system to peep into each other’s data. For a simpler presentation of data, you can implement a verification of consistency, Passing nodes , which clearly copy data from known public services.

Data collectors that contribute to the centralization of the general service will be deimulated.

Solutions

Currently, the easiest way to solve the problem of oracles is decentralized oracles, such as:

1. Chainlink – The largest supplier of decentralized oracles, which can be used to transmit decentralized data onchain.
2. Tellor – an oracle that provides data resistant to censorship, protected by economic incentives, guaranteeing that data can be provided by anyone, at any time and verified by all.
3. Witnet uses the most modern cryptographic and economic incentives to provide smart contracts with offchain.

The use of median from several oracles provides increased safety, since attacking various oracles is more difficult and more expensive. It also guarantees that the smart contract will receive the data he needs, even if one oracle or a call of the API fails.

Another standard solution is the use of a weighted average price for supplying price, so that the price is averaged for X periods and from several sources. This not only prevents the manipulation of the oracle, but also reduces the likelihood of advancing, since the warrant, executed immediately before that, cannot have such a strong influence on the price. This condition does not apply to low -liquid assets, which are usually cheaper to manipulate, even for a long time.