Written by: Zhang Qianwen

In November 2020, a person, using borrowed money, stole nearly 1 million dollars from a DeFi protocol within 15 seconds.

He first borrowed a large amount of ETH through a flash loan, and then concentrated his purchases of sETH in a liquidity pool with extremely low liquidity, sharply raising the price within seconds.

Next, he used these sETH as collateral to deposit into the bZx protocol. What the protocol "saw" was the artificially inflated price from that moment, considering these sETH to be extremely valuable, and thus issued a loan of WBTC far exceeding the true value according to the rules.

After obtaining WBTC, the attacker quickly repaid the flash loan and profited from the huge price difference.

The entire process had no hacking, no code vulnerabilities, and no misuse of permissions. The contract executed each step strictly according to the rules. The only problem was:

The world it "saw" was wrong.

This is precisely one of the fundamental limitations of DeFi—on-chain contracts are essentially a system that cannot see the real world.

01 On-Chain Contracts are "Blind"

Smart contracts live in a closed world.

It can see everything happening on-chain—who transferred how much money where, how many tokens each address holds, at what time a transaction was packed into a block—this information it can read, and it is absolutely accurate.

But the world outside the chain, it cannot see at all: What is the price of ETH today? Has Bitcoin broken a new high? Has a stablecoin become unpegged? Did the New York stock market rise or fall today? The contract knows nothing.

In DeFi lending, this is a fatal contradiction.

Liquidation relies on the current price of collateral assets; but the contract itself cannot see the price and must be informed by someone.

This is why oracles exist: they are the eyes of on-chain contracts, responsible for bringing real-world information (prices, interest rates, event outcomes, etc.) onto the chain for contracts to read and use. But the problem follows:

Who ensures this information is true?

02 Oracles: Messengers of the On-Chain World

Oracles are essentially an infrastructure for information transmission, writing real-world data (prices, interest rates, event results, etc.) into the blockchain in a format readable by contracts.

This concept sounds simple, but the engineering challenge lies in the core design principle of blockchain: "Do not trust any external inputs," with everything determined by on-chain verifiable data. What oracles bring is precisely off-chain data—they are inherently outside this trust framework.

To solve this problem, two mainstream solutions have formed in the market.

The first is on-chain prices, which directly read transaction prices from decentralized exchanges (DEX). The most typical is Uniswap's time-weighted average price (TWAP)—instead of taking the instantaneous price at one moment, it takes the average price over a period of time, diluting short-term price fluctuations with time.

The second is decentralized oracle networks, represented by Chainlink. Multiple independent data nodes obtain prices from different sources, and after aggregating, the median is put on-chain, ensuring that no single node can independently determine the final result.

Both solutions have their trade-offs, but they all attempt to answer the same question: How to make on-chain contracts trust a number from outside the chain?

03 Why Not Use Real-Time Prices Directly?

Most people, when first encountering oracles, have a intuition: Since the price comes from the market, why not read the real-time prices from exchanges directly?

The problem is: Real-time prices do not equal true prices.

In liquid markets with active trading, the two are usually relatively close; but in pools with weaker liquidity and insufficient depth, as long as there is enough capital, prices can be artificially pushed up within a very short time to levels far above true market levels.

And smart contracts cannot determine whether this price is naturally formed or deliberately manipulated. They can only read this number and execute rules based on it—allowing borrowers to borrow more funds. When the price falls back, the true value of the collateral is insufficient to cover the loan, leading to bad debts in the protocol.

This is the reason for the bZx protocol attack mentioned at the beginning of the article, and the cost of using real-time prices: oracles treat "temporarily manipulable numbers" as reality itself.

04 Chainlink's Solution: Decentralize Prices

If a system relies on a single data source, then if that data source makes a mistake or is manipulated, the entire protocol will be skewed. The most direct way to reduce this risk is not to trust a stronger person, but to let multiple independent nodes report data separately and then extract a relatively robust result from them.

Chainlink's solution adopts this approach: multiple independent data nodes obtain prices from different data sources, each reporting their data, and the system takes the median as the final result. In this way, even if a single node errors or is influenced by an attacker, it will not be able to sway the final price; and for an attacker to simultaneously control more than half of the nodes is practically impossible economically.

This mechanism effectively mitigates the problem of single point manipulation.

But it also introduces a new cost: updates have delays.

On-chain prices are not updated in real-time; the process of nodes collecting data, reaching consensus, and writing to the blockchain takes time. During normal market fluctuations, this delay is inconsequential. But during periods of dramatic fluctuation, oracle prices may lag behind the changes in true prices.

This is why we need to set over-collateralization buffers in DeFi lending protocols: not only to deal with price fluctuations itself but also to ensure that during the time the oracle has yet to update, the system still has sufficient safety margin to trigger liquidation.

05 Oracle Attacks: The Costliest Trust Crisis

The oracle problem has not completely disappeared with the emergence of Chainlink.

In the history of DeFi, oracle-related vulnerabilities are among the categories of attacks with the heaviest losses. Between 2021 and 2023, documented oracle manipulation attacks have caused cumulative losses exceeding hundreds of millions of dollars.

These losses share a common feature: attackers do not need to find vulnerabilities in the code. They simply need to identify the gap between the oracle price and the true market price, then use their funds to widen that gap, causing the contract to execute a beneficial operation at a distorted price. This is a risk more difficult to defend against than code vulnerabilities—because you cannot write a rule in the code to determine "whether this price is real."

The oracle problem is essentially not a flaw in a certain component, but a trade-off:

Using more data sources to combat manipulation necessitates accepting higher delays;

Pursuing prices closer to real-time requires assuming the risk of temporary manipulation.

This trade-off has no perfect solution.

Because of this, the existence of oracles reveals a deeper reality of DeFi: on-chain contracts can achieve absolute transparency and execution, but the premise is always that the input information they rely on is true. Once the input is distorted, even perfect code will only efficiently make erroneous judgments and executions.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。