# Are Oracles Truly Decentralized? By [100y](https://paragraph.com/@100y) · 2024-11-26 --- _Oracles are more centralized than you think._ 1\. Everything, Everywhere, All at Once --------------------------------------- Oracles have become an essential infrastructure in the blockchain ecosystem. They act as middleware, enabling secure utilization of various off-chain data in on-chain environments. Oracles integrate all types of data sources (Everything) and provide data across all on-chain ecosystems (Everywhere), including mainnets, DeFi, and prediction markets simultaneously (All at Once). While it is often claimed that blockchain oracles handle all types of data, in reality, they primarily deal with data applicable to DeFi. Oracles supply accurate price data from sources like market makers, centralized exchanges, and websites, and they detect anomalies in smart contracts that constitute DeFi protocols, ensuring their safe and precise operation. ![(Source: DefiLlama)](https://storage.googleapis.com/papyrus_images/52e084170759f6e796be4e5e6247a96717a29a6503c0e6e1b41c8cb95b6b64b1.png) (Source: DefiLlama) According to data from DefiLlama, the total value secured (TVS) by oracles currently stands at $66.5 billion, which accounts for 60.8% of TVL in the on-chain ecosystem. This figure is direct evidence of the pivotal role oracles play in the blockchain ecosystem. ![(Source: Polymarket)](https://storage.googleapis.com/papyrus_images/5f49bc50fe041e203a9e5a0158de1b075b01ff11e6e92e109b3c28f4e1ff994f.png) (Source: Polymarket) However, oracles contribute beyond the DeFi ecosystem. In addition to market data, they handle various types of data and play a role in random number generation, such as through VRF (Verifiable Random Function). A notable non-market data use case for oracles is Polymarket, where real-world data, like election results, is fed into smart contracts to determine betting outcomes and facilitate fund transfers. 2\. **Are Oracles Truly Decentralized?** ---------------------------------------- Unlike in the past, oracles have become such fundamental and ubiquitous infrastructure that they’re now considered a mundane narrative in the blockchain ecosystem. But here’s a question: are the oracles we use, knowingly or unknowingly, truly secure and sufficiently decentralized? Although the narrative around decentralization and security has lost some of its prominence, these qualities remain the greatest advantages of blockchain compared to traditional systems. The ongoing discussions in the Ethereum community about whether Layer 2 networks truly rely on Ethereum’s security and where they stand in terms of decentralization highlight the importance of this topic. ### 2.1 Why Is the Decentralization of Oracles Less Discussed? Oracles, which secure over 60% of the total TVL in the blockchain ecosystem, could arguably be considered more critical infrastructure than rollup protocols. So why is there less discussion about decentralization when it comes to oracles? There are some fundamental and psychological reasons: 1. **Indirect involvement of funds**: Unlike rollup protocols where users directly deposit their funds, oracles don’t directly handle user funds. Instead, they secure a portion of the funds deposited in DeFi protocols. Psychologically, this makes oracle decentralization seem less of a priority compared to rollup decentralization. 2. **Nature of data**: This is the most fundamental reason. Unlike the source code of rollup protocols, real-world data is inherently centralized. Since retrieving data often relies on centralized sources, decentralization tends to take a backseat. Despite this, there have been numerous efforts to increase the decentralization of oracle protocols. Greater decentralization in oracles offers the following benefits: * **High uptime**: Ensures a continuous supply of data to users without downtime. * **Censorship resistance**: Reduces the likelihood of data censorship by providers. * **Reduced attack surface**: With more diverse data providers, defending against malicious data manipulation attacks becomes easier. This is especially significant given past cases of centralized oracle attacks exploiting DeFi protocols. ### 2.2 Evaluation Criteria To assess the decentralization of oracles currently in active use, I’ve established the following criteria. These are not official standards but rather my framework for reference: 1. **How to become a data source or operator**: The more permissionless the participation (e.g., staking-based entry), the higher the decentralization. 2. **Total Value Secured (TVS) and cryptoeconomic security**: A larger cryptoeconomic security base translates to stronger security and greater justification for TVS. If TVS is disproportionately high relative to cryptoeconomic security, it could become a vector for fund-theft attacks. 3. **Dispute process and slashing mechanisms**: The presence of robust systems to handle disputes or penalize malicious data providers enhances both decentralization and security. A well-implemented dispute process and slashing mechanism are critical for securing oracles. 3\. Projects ------------ ![](https://storage.googleapis.com/papyrus_images/f523113b37bb90e4d95bc6136f53a8df094c2c7b5cdac8af46cb617fc1ca8b3c.png) ### 3.1 Band ![(Source: Band)](https://storage.googleapis.com/papyrus_images/e747fd8e3242eaf737dc2a7179994d82ae8bc79b5b762b4f46533e77415b1a40.png) (Source: Band) * **How to become a data source & operator:** Validators on Bandchain also serve as oracle operators. To become a validator, BAND tokens must be staked, and only the top 100 validator candidates, based on self-staking and delegated staking, can become active validators. * **Total value secured/cryptoeconomic security:** The network secures a total value of approximately $138M from 21 protocols. The value of BAND tokens staked in the network is around $123M. According to Tendermint BFT, the network is at risk if more than one-third of this amount (~$41M) is compromised. * **Dispute process & slashing:** Although slashing exists, it applies to validators for downtime, double-signing, and failing to respond to data requests as oracle operators. Validators use a program called YODA to automatically fetch data from data sources when a request is made. However, there is no specific slashing penalty for malicious data submission. Even if a validator acts maliciously, it does not significantly impact the average values submitted by the majority of validators. Still, malicious behavior risks losing reputation in the community and having delegations withdrawn. However, relying solely on reputation to disincentivize malicious data provision is a notable shortcoming. ![(Source: Band)](https://storage.googleapis.com/papyrus_images/833cee8bdcd9bb4141f2195f9840e199ee8333fa54022e7c378a58bab5603a49.png) (Source: Band) Band is one of the early oracle projects, based on Bandchain, a blockchain built with the Cosmos SDK. Band aims to provide various data sources beyond price feeds. Band offers four main services: * Band Standard Dataset: General price feeds fetching cryptocurrency prices from sources like CoinGecko, Binance, Coinbase Pro, and OKX. For FX and commodities, it retrieves data from Fixer, Open Exchange Rates, XE, and AlphaVantage. * VRF: Random number generation for blockchain services. * Pricefeed Module: Cosmos SDK chains can integrate Band's Pricefeed Module to send data requests to Bandchain via IBC. * cw-band: Software enabling Cosmos SDK networks using CosmWasm to utilize Band's data. ### 3.2 UMA ![(Source: UMA)](https://storage.googleapis.com/papyrus_images/22e4b45510a9d33e709379aa91c9b2943f0cad1f64d123ad7b2c7c8f5fc2c6a7.png) (Source: UMA) * **How to become a data source & operator:** To provide specific data (asserter), you simply need to deposit a bond. Anyone can stake UMA tokens to vote in the dispute process. * **Total value secured/cryptoeconomic security:** The network secures a total value of ~$317M from 8 protocols (source: DefiLlama). According to the official website, it has ~$1.43B in TVS. On average, [15M $UMA has participated in voting since 2021](https://dune.com/uma_protocol/uma-protocol), meaning approximately ~$36M would be required to maliciously overturn results. * **Dispute process & slashing:** Since it deals with qualitative data, the dispute mechanism is very well-designed. When a dispute arises, voters staking UMA tokens make the judgment, and depending on the outcome, the asserter or disputer may lose or gain their bond. Unlike other oracles, UMA is more focused on providing data for general statements rather than price feeds. For this reason, it is less commonly used in DeFi protocols and more in contexts requiring qualitative data, such as Polymarket. UMA employs an Optimistic Oracle model. Initially, an asserter (data provider) stakes a bond and provides data. If a disputer believes the statement is incorrect and submits a dispute with their own bond, the issue is escalated to UMA's Data Verification Mechanism (DVM). In the DVM, voters staking UMA tokens decide the outcome. If the asserter is correct, they receive half of the disputer's bond, and vice versa. ### 3.3 Redstone ![(Source: RedStone)](https://storage.googleapis.com/papyrus_images/c6f28b015437679c4738d7cbd78806ce1418004cd32961bc2054bbba5161d68b.png) (Source: RedStone) * **How to become a data source & operator:** Currently, RedStone requires a permissioned approach, involving communication with the RedStone team and meeting legal and technical standards. However, it is expected to gradually shift towards permissionless participation, requiring staking RedStone tokens in the future. * **Total value secured/cryptoeconomic security:** The network secures ~$1.7B in total value across 51 protocols. While there is no token yet, RedStone plans to leverage EigenLayer’s AVS in the future for broader cryptoeconomic security. * **Dispute process & slashing:** Although RedStone tokens are not yet launched, decentralized juries staking RedStone tokens will eventually participate in disputes. If a data provider is found to have harmed users with incorrect data, users can claim a refund. RedStone is a rapidly growing oracle gaining popularity among DeFi protocols, especially excelling in LSTs and LRTs. Its key differentiator is providing data on-demand. Unlike traditional oracles, which publish data regardless of usage, RedStone uploads data on-chain based on user demand, making it cost-efficient. Currently, it offers [price feeds](https://docs.redstone.finance/docs/get-started/price-feeds/types-of-feeds/) and [NFT data feeds](https://docs.redstone.finance/docs/get-started/nft-data-feeds/), with plans to support VRF generation in the future. Price feed data is sourced from various platforms, including Uniswap, Sushiswap, Binance, Coinbase, Yahoo Finance, ECB, and Coingecko. ### 3.4 Chainlink ![(Source: Chainlink)](https://storage.googleapis.com/papyrus_images/6b9cdb0e9a02bc42daee54bc29d6686f12eee1d4a517e24d542e71c273b06f10.png) (Source: Chainlink) * **How to become a data source & operator:** Each price feed has a distinct operator set, and becoming an operator is permissioned. * **Total value secured/cryptoeconomic security:** Chainlink secures ~$32.1B in total value across 407 protocols. Currently, staking v0.2 only applies cryptoeconomic security to the ETH/USD feed, which relies on 40,875,000 LINK (~$613M). The remaining 989 price feeds do not depend on cryptoeconomic security. * **Dispute process & slashing:** If malicious behavior or malfunction is detected, an alerter can send an alert. If the alert is deemed valid, the alerter receives 7,000 LINK, while the malicious operator is slashed for 700 LINK. This mechanism currently applies only to the ETH/USD feed. Chainlink is the most prominent oracle solution, securing the largest number of protocols and TVS. As the largest oracle network, it offers a variety of services: * Data Feeds: Includes Price Feeds, SmartData Feeds for RWA, Rate and Volatility Feeds, and L2 Sequencer Uptime Feeds. * Data Streams: Unlike the push-based Data Feeds, Data Streams are pull-based oracles that fetch off-chain data on demand for on-chain validation. * VRF: Random number generation. * Functions: Decentralized Oracle Network performs computations and provides results, enabling smart contracts to access external Web2 services easily. * Automation: Automates execution of smart contract functions based on predefined conditions. * CCIP: Interoperability protocol for asset and messaging bridges in the Web3 ecosystem. ### 3.5 Pyth ![(Source: Messari)](https://storage.googleapis.com/papyrus_images/9d6eacdd01a5cfe8c1d97d2853d065a287a8505aa79c1dcd79d096e8fe9b53ea.png) (Source: Messari) * **How to become a data source & operator:** The Pyth network uses a first-party model where data providers directly supply data without intermediaries. To become a data provider, PYTH staking and Pyth DAO approval are required. * **Total value secured/cryptoeconomic security:** The network secures ~$6.5B in total value across 225 protocols. The total staked PYTH value is ~$252M. * **Dispute process & slashing:** Pyth enforces clear standards for validating faulty data. Slashing is conducted through communication and investigation by Pyth DAO and the Pythian Council. Pyth specializes in market data and offers the following services: * Price Feeds: Market data. * Benchmarks: Historical price data of tokens. * Express Relay: MEV services. * Entropy: Random number generation. Pyth network emphasizes decentralization through PYTH tokens. Oracle Integrity Staking improves data source accountability via staking and slashing mechanisms. Data providers must stake tokens and receive rewards for providing data, while they are slashed for submitting faulty data. Slashing conditions include: * A price difference of more than 250 bps between the highest liquidity exchange and Pyth’s price. * The price discrepancy persists for at least 60 seconds. The Pythian Council, elected every six months, investigates and enforces slashing. Currently, it consists of 8 members from protocols like Synthetix, Wormhole, Douro Labs, and Kamino. ### 3.6 eOracle ![(Source: eOracle)](https://storage.googleapis.com/papyrus_images/4e0760223c5c58f09be4bff0bcab259d28ed5063615f5aae9ffe577b6b12284c.png) (Source: eOracle) * **How to become a data source & operator:** Anyone operating on EigenLayer can become an eOracle data validator by setting up an eOracle node. * **Total value secured/cryptoeconomic security:** Although still in its early stages, eOracle secures ~$85M in total value from 1 protocol. Being part of EigenLayer’s AVS, it is backed by ~$10.1B of restaked ETH. * **Dispute process & slashing:** While the exact standards for malicious behavior are not yet public, eOracle, as part of EigenLayer’s AVS, can enforce slashing against malicious validators. eOracle, built on EigenLayer, stands out for its massive cryptoeconomic security. It allows EigenLayer operators to participate permissionlessly as oracle data validators. Additionally, eOracle aims to handle diverse datasets rather than focusing solely on price data. Developers can use its dev framework and SDK to create oracles permissionlessly through OVS, which is specialized for specific datasets. This eliminates the need for bootstrapping validator infrastructure. 4\. Final Thoughts ------------------ [https://x.com/100y\_eth/status/1858506208975700226](https://x.com/100y_eth/status/1858506208975700226) In the midst of the current meme coin craze, one might think that writing an article like this is poorly timed. However, the reason I began writing this piece is that I discovered something surprising: Chainlink, the largest oracle by scale, is less decentralized than it appears. Of course, Chainlink's decentralized oracle network is composed of renowned infrastructure providers and validator companies. Its data is provided through the consensus of numerous nodes, making the likelihood of malicious tampering or downtime almost negligible. However, unlike the vibrant discussions surrounding decentralization in various components of L2 solutions within the blockchain ecosystem, similar discussions about decentralization in oracles are rare. This prompted me to take this opportunity to investigate other oracle solutions. Among the oracles I researched, Pyth and eOracle stood out. In the case of Pyth, its recent introduction of staking has tied data source accountability to cryptoeconomic security. Furthermore, the selection of data operators, dispute resolution, and Pythian Council elections are all conducted in a decentralized manner through PythDAO, which is an impressive development. That said, it’s unfortunate that the cryptoeconomic security of Pyth remains relatively low compared to the total value it secures. On the other hand, eOracle is an extremely early-stage project with a low TVS. However, as part of EigenLayer’s AVS, it allows permissionless participation as a data operator and boasts an unparalleled level of security (>$10B). This could serve as a major advantage when onboarding numerous protocols in the future. As mentioned at the outset, decentralization is not an absolute necessity for oracles, given the inherently centralized nature of data. However, since the funds of countless users already depend on oracles, I hope to see oracle solutions move toward progressive decentralization to build a more robust infrastructure. --- *Originally published on [100y](https://paragraph.com/@100y/are-oracles-truly-decentralized)*