Technical5 min read

How Oracles can hug you or rug you

Paweł ZarembaImage of Paweł Zaremba
Paweł Zaremba·

Originally published in publish0x. Based on an interview with Pawel Zaremba.

Blockchains are blind. They don’t see anything that happens outside of the chain. They do not see the weather; they don’t know the price of a non-native cryptocurrency or the outcome of a football match. Applications built on the blockchain need access to information. For this, they rely on an intermediary, or in this case, a smart contract called an Oracle.

Oracles turn gossip into fact. They take data sourced by nodes, such as answers to the question, ‘What is the bitcoin price in $USD right now?’ (the gossip), verify its authenticity, often using a consensus mechanism, and publish it on the blockchain (the fact).

This makes Oracle systems integral blockchain infrastructure for various applications such as decentralized finance and cross-chain bridging. This also places a huge weight of responsibility on Oracles if ‘the fact’ the Oracle publishes can be manipulated, then these applications can be attacked, and huge values of cryptocurrency can be stolen.

Not all Oracles are equal

Oracles are like a work of art or a piece of architecture. They are designed, and they are constructed. But, for this reason, not all Oracles are equal. Design flaws or build inefficiencies can create low-quality, less secure, or expensive Oracles. This is why Oracles can hug you or rug you.

Considering the highly complex nature of Oracle technology, the most diligently designed, with years of experience and an unsullied reputation, will likely hug you, warming you with a safe and secure embrace. Those that could be better designed may pull the rug from beneath you, compromising the foundations of your business.

What makes a good blockchain Oracle?

A good blockchain Oracle system provides the following elements for a protocol or dapp: Strong and battle-tested security, constant data availability, verifiable data sources, and full transparency of every actor in the Oracle system.


There is nothing more important for an Oracle than being secure. For this reason, it is difficult for new blockchain Oracle providers to gain traction because they often lack a successful track record. As previously established, not all Oracles are equal. New builders or designers of these systems struggle to develop trust. This leads to poor adoption, which, in turn, makes it more challenging to establish trust.

In DeFi, for example, Oracles are ‘mission critical’ infrastructure. They represent a lynchpin. Suppose an Oracle is hacked to broadcast manipulated data or goes offline. In that case, this can cause a complete breakdown in the dapp or protocol and drain all cryptocurrencies, representing millions of dollars of value.

This is why security and a successful track record of a secure Oracle system are paramount. The stakes are incredibly high.

Always available and verifiable data

A good blockchain Oracle can always provide near-immediate access to the data the user needs (data availability). In the context of Oracles, there is only one way to guarantee that the data is always available for an Oracle user: to have the Oracle live on the same blockchain as the user's protocol or app. Be wary of Oracles that attempt to skirt this issue with a ‘single chain for all data.’

Data verifiability is the gold standard of trust for an Oracle protocol. A good Oracle provider has nothing to hide, sharing all data sources and a clear record of the data journey from end to end. Extra marks for those also providing cryptographic proof that the Oracle reported data matches what is on-chain; Chronicle Protocol is the only Oracle I’ve come across that does this.

Protocol transparency

Oracle systems are complex. Therefore, a good blockchain Oracle provider should provide full transparency on how the system works, such as how the data was composed: e.g. If it were price data, which exchanges were included in the data model for the reported price. This is to ensure data is accurate and reliable.

This transparency should also apply to the various actors in an Oracle system. Sometimes referred to as Validators, these are third-party operators that run a node in the Oracle network.

These nodes are how an Oracle network establishes truth. Enough of these nodes must report back with the requested data to develop a consensus. However, if a bad actor can control most of these nodes, they can manipulate the reported data. Therefore, the more validators or nodes an Oracle protocol has and the more distributed (or decentralized) they are, the more secure it is from being hacked.

A good Oracle protocol will provide full transparency on who the node operators are, their reporting data, and how many of them there are, providing users with an accurate representation of how secure, decentralized, and censored the Oracle is.

A system is only as strong as its weakest link

Oracles are essential to blockchain products as we know them, and for this reason, when designing our products, they are also one of the most important decisions we, as developers, make.

We can make good decisions if we understand what makes a good blockchain Oracle. If an Oracle provider doesn’t meet your expectations on track record, data verifiability and availability, security, and transparency, move on to another or work with experienced developers to build your own.

The initial cost of using an Oracle provider may seem like the most crucial issue, yet when stacked against the cost of losing everything you’ve built, it pales in comparison. After all, a system is only as strong as its weakest link.

Related Posts