Decentralized finance has a $ 1.4 billion problem

By Joshua Tobkin, CEO and Co-Founder of SupraOracles

Decentralized finance is the fastest growing sector in the crypto market. With the promises of a consumer-centric, open source and unlicensed financial system that is transparent to all, DeFi is poised to change the trajectory of consumer and institutional finance. Borrowing, lending, insurance, and direct peer-to-peer exchange are just a few of the use cases that are being disrupted by this new financial paradigm, removing expensive middlemen and delivering more value to end consumers.

Don’t just take our word for it. In just one year, DeFi has grown from around $ 25 billion in total locked-in value (TVL) to almost $ 100 billion in total locked-in value.

DeFi, charged with success with consumers, has its next goal in mind – institutional adoption. Institutions revolve around. Seeing the success of individuals, they are eager to deploy colossal capital in these new financial applications. Before DeFi can secure these huge pools of capital, however, it must face its main challenge: Oracle’s smart contract exploits and vulnerabilities, an issue that has cost the decentralized financial movement more than $ 1.4 billion. dollars in stolen capital.

The Oracle dilemma (and its cost)

Despite all their power, blockchain networks today operate largely as closed-loop systems. Data flows seamlessly within blockchains, but bridging the outside world of digital data today is proving to be a challenge (and a huge opportunity).

Oracles are the solution to this challenge. In short, oracles connect blockchain networks to “real world” data, so that applications within blockchains can respond to that information. Here are a few examples: cryptocurrency prices, fiat currency prices, traditional financial data, sports and weather data, et al.

Oracles are poised to unlock the floodgates for hugely powerful decentralized financial services and applications that tap into real-world data. Oracles are not without flaws, however. Collusion can allow a few actors to modify the incoming data, network latency can lead to delays in data availability, a lack of consensus on the entered data can lead to smart contracts, which are deterministic and composable, failures in cascade since the faulty data entered the system.

In June 2019, a Synthetix protocol oracle incorrectly reported Korean won prices as 1,000 times higher than its actual rate for the price of their sKRW (synthetic Korean won) token. The result was $ 1 billion in lost funds (they were ultimately returned). The attacker used a sophisticated trading bot to profit from the arbitrage created by the erroneous price in sKRW. This created a few thousand transactions, each with a profit of a few thousand dollars, which equates to almost a billion dollars of funds siphoned off in almost an hour.

In November 2020, Cheese Bank, an Ethereum-based decentralized digital bank, lost $ 3.3 million due to an oracle attack. The attacker was able to instantly borrow, exchange, deposit and again borrow a large number of tokens. This allowed the attacker to heavily manipulate the price of a specific token on a single exchange. As a result, this created an opportunity to trade off between the amount borrowed at the previous price and a new manipulated oracle price to repay, allowing this particular hack to drain the DeFi project of $ 3.3 million in “borrowed” funds.

That same month, nearly $ 90 million was liquidated on the Compound loan protocol. A malicious actor appears to have manipulated the price of a token on Coinbase Pro, which the Compound protocol used to set its own prices. This token was used as collateral for a loan, and the oracle’s manipulation made compound smart contracts believe that many loans using this token as collateral had exceeded collateral ratio thresholds. In turn, this caused the protocol to mistakenly liquidate over $ 89 million in loans by users of the service. The third largest user of the protocol was one of the victims and was liquidated for $ 46 million. Just because Coinbase Pro cryptographically signed their reported data, it technically only means that someone had access to their private key – not that the data they provided was actually correct! This shows the importance of removing all single points of failure in Oracle designs.

As the DeFi ecosystem becomes more complex and composable, the oracle risks will only intensify. That is to say without a viable alternative solution.

The existing oracle landscape is dominated by solutions that struggle to balance decentralization, speed and security – some incumbents in the market mistakenly focusing too much on speed, while sacrificing both decentralization and security in the process. . The result of these downright flawless designs will pave the way for further performance failures, security breaches, and exploits that cannot lead to mass institutional adoption of decentralized technologies over open networks.

Interoperability looms just beyond the immediate needs of decentralization, security and speed. In the Web3 landscape, people are collectively clamoring for a multi-channel future, in which a constellation of decentralized networks integrate to create a transparent technical mesh for all users and institutions. Any oracle solution that seriously hopes to take its place alongside (or replace) traditional tech stacks must prepare for this interoperable future.

Each of these issues presents a major opportunity to resolve the Oracle dilemma. By solving these issues, we can make DeFi more secure. This will allow this burgeoning industry to be opened up to new large pools of traditional financial capital to help continue the exponential growth of this new open and unlicensed financial paradigm. Collectively, if we don’t secure the Oracle layer, we don’t deserve to be stewards of the future of finance. We must do better.

Joshua Tobkin is the CEO and co-founder of SupraOracles, a blockchain organization that strives to bridge the gap between traditional capital markets and the Web3.0 ecosystem. He is the architect of the Supra BFT consensus algorithm, a blockchain designer and developer, and a lateral thinker. Previously at SupraOracles, Josh has been building SaaS companies for over 10 years and is now looking to use his experience to give the developer community a new set of Oracle tools so they can easily build, deploy and manage data applications. with superior performance, robustness and reliability. agility.

Join the SupraOracles community and receive the latest updates:

Website | Twitter | Advertisement

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Comments are closed.