SoK: oracles from the ground truth to market manipulation

One fundamental limitation of blockchain-based smart contracts is that they execute in a closed environment. Thus, they only have access to data and functionality that is already on the blockchain, or is fed into the blockchain. Any interactions with the real world need to be mediated by a bridge service, which is called an oracle. As decentralized applications mature, oracles are playing an increasingly prominent role. With their evolution comes more attacks, necessitating greater attention to their trust model. In this systemization of knowledge paper (SoK), we dissect the design alternatives for oracles, showcase attacks, and discuss attack mitigation strategies.

[1]  Andreas G. Veneris,et al.  Astraea: A Decentralized Blockchain Oracle , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[2]  Yongge Wang,et al.  Automated Market Makers for Decentralized Finance (DeFi) , 2020, ArXiv.

[3]  Alex Biryukov,et al.  Findel: Secure Derivative Contracts for Ethereum , 2017, Financial Cryptography Workshops.

[4]  Michael F. Worboys,et al.  Semantic heterogeneity in distributed geographic databases , 1991, SGMD.

[5]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[6]  Iuon-Chang Lin,et al.  A Survey of Blockchain Security Issues and Challenges , 2017, Int. J. Netw. Secur..

[7]  Didem Demirag,et al.  SoK: Demystifying Stablecoins , 2019, SSRN Electronic Journal.

[8]  D. Khovratovich Sovrin : digital identities in the blockchain era , 2016 .

[9]  Sebastian Henningsen,et al.  Eclipsing Ethereum Peers with False Friends , 2019, 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[10]  Krishnendu Chatterjee,et al.  Probabilistic Smart Contracts: Secure Randomness on the Blockchain , 2019, 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC).

[11]  Jeremy Clark,et al.  2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .

[12]  Ari Juels,et al.  Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[13]  Florence March,et al.  2016 , 2016, Affair of the Heart.

[14]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[15]  Gavin Andresen,et al.  An Analysis of Attacks on Blockchain Consensus , 2016, ArXiv.

[16]  Guillermo Angeris,et al.  Improved Price Oracles: Constant Function Market Makers , 2020, AFT.

[17]  Robin Hanson,et al.  Combinatorial Information Market Design , 2003, Inf. Syst. Frontiers.

[18]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[19]  Joshua A. Kroll,et al.  On Decentralizing Prediction Markets and Order Books , 2014 .

[20]  Jack Peterson,et al.  Augur: a decentralized, open-source platform for prediction markets , 2015, ArXiv.

[21]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[22]  Stuart E. Madnick,et al.  Knowledge Integration to Overcome Ontological Heterogeneity: Challenges from Financial Information Systems , 2002, ICIS.

[23]  Farshad Hakimpour,et al.  Resolving semantic heterogeneity in schema integration , 2001, FOIS.

[24]  Andreas Müller,et al.  Weather Derivatives: A Risk Management Tool for Weather-sensitive Industries , 2000 .

[25]  Shouhuai Xu,et al.  A Survey on Ethereum Systems Security: Vulnerabilities, Attacks and Defenses , 2019 .

[26]  S. Ammous,et al.  Blockchain Technology: What is it Good for? , 2016 .

[27]  Fan Zhang,et al.  Town Crier: An Authenticated Data Feed for Smart Contracts , 2016, CCS.

[28]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[29]  Saikat Mondal,et al.  Blockchain Inspired RFID-Based Information Architecture for Food Supply Chain , 2019, IEEE Internet of Things Journal.

[30]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[31]  Pawel Szalachowski,et al.  A First Look into DeFi Oracles , 2020, 2021 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS).

[32]  Hannes Hartenstein,et al.  A simulation model for analysis of attacks on the Bitcoin peer-to-peer network , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[33]  Sebastian Henningsen,et al.  Monetary Stabilization in Cryptocurrencies – Design Approaches and Open Questions , 2019, 2019 Crypto Valley Conference on Blockchain Technology (CVCBT).

[34]  Rainer Böhme,et al.  Rationality is Self-Defeating in Permissionless Systems , 2019, ArXiv.

[35]  Amani Moin,et al.  SoK: A Classification Framework for Stablecoin Designs , 2020, Financial Cryptography.

[36]  Khaled Salah,et al.  Trustworthy Blockchain Oracles: Review, Comparison, and Open Research Challenges , 2020, IEEE Access.

[37]  Mojtaba Alizadeh,et al.  A Survey on Attacks in RFID Networks , 2012 .

[38]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[39]  Joseph Bonneau,et al.  Proofs-of-delay and randomness beacons in Ethereum , 2017 .

[40]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[41]  Stuart E. Madnick,et al.  Improving data quality through effective use of data semantics , 2006, Data Knowl. Eng..

[42]  Jack Peterson,et al.  Decentralized Common Knowledge Oracles , 2019, Ledger.

[43]  Victor E. Sower,et al.  The impact of RFID, IIoT, and Blockchain technologies on supply chain transparency , 2019, Journal of Manufacturing Technology Management.

[44]  S. Matthew Weinberg,et al.  Arbitrum: Scalable, private smart contracts , 2018, USENIX Security Symposium.

[45]  Lina Yao,et al.  Reliability analysis for blockchain oracles , 2020, Comput. Electr. Eng..

[46]  Feng Tian,et al.  An agri-food supply chain traceability system for China based on RFID & blockchain technology , 2016, 2016 13th International Conference on Service Systems and Service Management (ICSSSM).

[47]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[48]  Andrew Miller,et al.  Chainlink Off-chain Reporting Protocol , 2021 .

[49]  Fan Zhang,et al.  CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[50]  Mohammad Mannan,et al.  Red-Black Coins: Dai Without Liquidations , 2021, Financial Cryptography Workshops.

[51]  Jeremy Clark,et al.  A first look at the usability of bitcoin key management , 2018, ArXiv.

[52]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[53]  Fan Zhang,et al.  DECO: Liberating Web Data Using Decentralized Oracles for TLS , 2020, CCS.

[54]  Tyler Moore,et al.  Empirical Analysis of Denial-of-Service Attacks in the Bitcoin Ecosystem , 2014, Financial Cryptography Workshops.

[55]  Paul C. van Oorschot,et al.  SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[56]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[57]  Jeremy Clark,et al.  On the Feasibility of Decentralized Derivatives Markets , 2017, Financial Cryptography Workshops.

[58]  Babak D. Beheshti,et al.  A Survey on Lightweight Cryptographic Algorithms , 2018, TENCON 2018 - 2018 IEEE Region 10 Conference.

[59]  Eyal Hertzog,et al.  Bancor Protocol Continuous Liquidity for Cryptographic Tokens through their Smart Contracts , 2018 .

[60]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[61]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[62]  Dan Boneh,et al.  Empirical Measurements on Pricing Oracles and Decentralized Governance for Stablecoins , 2020, SSRN Electronic Journal.

[63]  Hannes Hartenstein,et al.  Short Paper: An Empirical Analysis of Blockchain Forks in Bitcoin , 2019, Financial Cryptography.

[64]  Jeremy Clark,et al.  SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain , 2019, Financial Cryptography Workshops.

[65]  Jong-Hyouk Lee,et al.  Double-Spending With a Sybil Attack in the Bitcoin Decentralized Network , 2019, IEEE Transactions on Industrial Informatics.

[66]  Benjamin Livshits,et al.  Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit , 2020, Financial Cryptography.

[67]  Vincent Gramoli,et al.  From blockchain consensus back to Byzantine consensus , 2017, Future Gener. Comput. Syst..

[68]  TLSnotary - a mechanism for independently audited https sessions , 2014 .