A few days ago, the hottest topic in the industry was the DeFi asset "attack" incident on the bZx protocol. According to PeckShield data analysis, two attacks before and after the bZx protocol caused bZx protocol users to lose a total of 3649 ETH. Because the Uniswap protocol uses algorithmic prices, prices can easily change drastically with limited trading depth. The arbitrageur has taken advantage of Uniswap's algorithmic price defect and maliciously manipulated the transaction prices of certain assets through direct or indirect methods, causing users of the associated DeFi protocol that introduced Uniswap price data to suffer huge asset losses.
From the above point of view, this is an arbitrage behavior that occurs on multiple DeFi protocols such as dydx, bZx, and Uniwap. The essence of these two attacks lies in controlling the price of the oracle machine introduced by the DeFi protocol. The price data of the machine successfully carried out arbitrage between the DeFi protocols.
The bZx event exposed the problem of the oracle again, causing collective speculation and alertness in the DeFi industry. Long before the bZx event, the famous synthetic asset platform Synthetix had a major oracle attack:
At 3 am on June 25, 2019, Synthetix suffered an Oracle attack and lost more than 37 million sETH. According to the official disclosure, Synthetix uses the oracle to obtain the prices of foreign exchange, commodities and cryptocurrencies from multiple commercial APIs, and integrates them as the final result. At the time of the incident, the price of KRW was provided by only two APIs, one of which reported the wrong KRW price intermittently (1000 times the normal price), so the predictor obtained the price data from the two APIs and averaged The wrong price obtained is reported to the exchange rate contract of the platform. A trading robot on the Synthetix platform detected this error and used it to trade a large number of sKRW, and made a profit of $ 1 billion in less than an hour.
Fortunately, after the incident, the Synthetix platform negotiated and communicated with the user urgently, rolled back all transactions, and gave its users a bug bonus, thereby fixing a $ 1 billion error!
Regarding Oracle-related attacks, Synthetix has happened, bZx has also happened, we know this is not the last time, maybe just the beginning.
The oracle issue is a public issue for the entire blockchain industry. In the article "Vitalik: Reviewing the economic development of the blockchain in the past 5 years, and emerging issues", the oracle machine problem is ranked in the 16th, and V God focused the oracle machine problem on "getting real data". On a core element. As one of the most important infrastructures in the Web 3.0 era, a secure and stable decentralized oracle system will play a decisive role in promoting the development of DeFi!
So, what should Oracle oracles need for DeFi? What conditions does a qualified oracle require?
At present, the existing oracle network in the industry usually uploads offline data (price) to the chain by “feeding data” to the on-chain contract, forming a so-called oracle, which can be used by other contracts.
There is a fundamental problem with this scheme, that is, the verification of the data is not straightforward, but the authenticity of the data is indirectly guaranteed by verifying the uploader. We call this scheme an indirect oracle. Another problem with indirect oracles is that the credit risk of the node that uploaded the data determines the attack cost of the oracle data. If based on the price provided by the oracle machine, 1 trillion US dollars of assets are derived, the credit of the oracle machine node should also match it, which is obviously impossible in reality. No matter how random the node is, it cannot be guaranteed. This is an essential issue, not a technical issue, so indirect oracles can only be used in small-scale, non-financial scenarios.
DeFi is the most commercially valuable direction for the entire blockchain technology to be applied. In the future, it will carry trillions of assets. Therefore, the predictor required by DeFi is by no means the indirect oracle mentioned above, but a predictor that directly verifies price data to ensure that the price is true and effective and timely enough; at the same time, the predictor should also be able to Raise the cost of the attack to an extremely high level, close to infinity; of course, the oracle must also be distributed, removing all centralization risks.
Now, we can refine the characteristics of the oracle network needed by DeFi:
1) Data is accurate: it can truly reflect market data
2) Sensitive data: fast enough response to market data
3) Data is resistant to attack: the cost of distorting or affecting real data is extremely high
4) Direct verification of the data: and the verifier is any third party, and no review or threshold is required
5) The network system is distributed: no censorship or threshold is required, and you can enter or exit freely
The above 5 points are our strict requirements for a true oracle system. There are not many facts available on the chain, and the on-chain data facts appear to be particularly important.
Common oracle networks currently on the market include Oraclize, ChainLink, DOS.Network, NEST Protocol, MakerDAO, Band Protocol, Tellor, etc. They each have their own characteristics, and the degree of decentralization and verification schemes are also different. According to our previous definition, most of them belong to indirect oracles, not to generate data facts directly on the chain. The special one is that Tellor uses the pow mechanism for verification, but it is also an indirect oracle in nature. In addition, it is worth noting that the NEST distributed price oracle network defines and implements a new type of generation on the blockchain network. The mechanism of on-chain facts uses market game theory to synchronize the price facts of the off-chain market on the chain through the way of miners' bilateral asset quotations, and in combination with the NEST quote mining mechanism, it encourages miners to become a set of logic The closed-loop distributed quotation system perfectly synchronizes the off-chain price facts on the chain to form a distributed price prediction machine.
Thinking about the prediction machine price data on-chain:
1) The essence of price on-chain is not to "upload" price information to the chain, but to form (generate) price facts on the chain;
2) Whether it is centralized uploading price information or uploading in a decentralized manner, it means that the off-chain price facts are generated before the on-chain. For a real oracle system, the off-chain price facts should be generated on the chain simultaneously;
3) The unique feature of the NEST distributed price oracle is that it forms a price fact directly on the chain, while other oracle systems simply upload a price fact to the chain, which is an essential difference;
4) The cost and credit scale of the price of the oracle machine must be able to support DeFi far beyond this scale, is the correct oracle machine; each piece of data produced by the NEST distributed price oracle machine is verified by the miners with real gold and silver. .
The oracle, as the most important infrastructure for the application of blockchain technology, plays a decisive role in the development of the DeFi industry! We need more innovative and excellent oracle solutions, not just ChainLink, NEST, Tellor … (End)
1. "PeckShield: The bzx protocol has been hit by the technology behind hackers"
2. "Slow Mist: Detailed Explanation of bZx Being Hacked Twice"
3. "Vitalik: Review of the economic development of the blockchain in the past 5 years, and emerging issues"
4. "NEST Protocol: A Distributed Price Predictor Network"