SoK: Oracles from the Ground Truth to Market Manipulation

TL;DR

This paper systematically analyzes blockchain oracles, highlighting their design choices, vulnerabilities, and mitigation strategies to address security challenges in connecting smart contracts with real-world data.

Contribution

It provides a comprehensive overview of oracle architectures, attack vectors, and defense mechanisms, filling a gap in understanding oracle security and design.

Findings

Identifies key attack vectors on oracles

Classifies oracle design models and their vulnerabilities

Discusses effective mitigation strategies for oracle attacks

Abstract

One fundamental limitation of blockchain-based smart contracts is that they execute in a closed environment. Thus, they only have access to data and functionality that is already on the blockchain, or is fed into the blockchain. Any interactions with the real world need to be mediated by a bridge service, which is called an oracle. As decentralized applications mature, oracles are playing an increasingly prominent role. With their evolution comes more attacks, necessitating greater attention to their trust model. In this systemization of knowledge paper (SoK), we dissect the design alternatives for oracles, showcase attacks, and discuss attack mitigation strategies.