Blockchain Oracles: Their Classification And Security Issues
Since blockchains have no embedded program interfaces, smart contracts and oracles are obligatory intermediators assuring information supply. Information can be taken from any source defined by contract or oracle developers. Let’s examine what kind of threats may arise when using oracles, and what types of oracles exist in the blockchain environment.
Information security issues
An oracle receives information and, if necessary, aggregates and transforms it. After that, the oracle is ready to provide information so that a smart contract — and therefore a blockchain — could process it. If received data corresponds to conditions written within the contract, the contract is executed.
But speaking of oracles, security issues cannot be ignored. Some experts ironically mention that developers, in attempt to extend the functions of blockchain technologies, came back to common partial delegation of duties to a third party. Indeed, blockchain, wallets and smart contracts are transparent. Oracles, on the other hand, are external entities, thus they cannot be absolutely reliable.
One of possible solutions is the oracle consensus. The consensus implies that a smart contract receives data from several different sources simultaneously. As soon as the number of confirmations exceeds a certain threshold, the smart contract is activated and executed.
Unfortunately, this approach has its own problems:
- All sources should provide data in a single format to compare it properly:
- Financial load might become exorbitant if each source demands a fee for a request response.
Basically, the consensus seems to be convenient enough in trustless circumstances. Even if a malicious user sends unreliable information from one of the servers, they will hardly gain access to majority of the servers.
Classification of oracles
With regard to their nature, oracles may be divided into software and hardware.
- Software oracle is software that operates with data available only in a digital form. Information itself might be given from any proposed site or local program.
- Hardware oracle is a device with sensors that can read parameters of the real world. It may include weather, velocity, QR methods and other data. Such an oracle will probably be accessible by the majority of users that may have a negative impact on security.
Of course, the structure of oracles might be much more complicated. Software alerts can be a pure extension of hardware components, while information from sites might be taken from other sources, then aggregated and filtered. Generally, it does not change anything, but these details should be taken into account when constructing complex requests for an oracle.
When it comes to an information flow, oracles can be internally and externally determined:
- Internally determined oracles are to transfer data from outside of blockchain. They play the role of information supporters for smart contracts. Depending on supported data, a smart contract will be executed with one or another result.
- Externally determined oracles are to transfer external data to a blockchain program. They may be servers responding to requests, payment accepting services, or data storages.
Referring to a data supply method, there are only two types of oracles — “Pull” and “Push”.
- In the first case, a smart contract requests a third party to provide necessary information. The smart contract forms a request for the oracle, while the oracle gives an unambiguous response. If all conditions are met, after receiving the data, the smart is executed. However, the issue of trusting a third party arises again, while blockchain-technology enthusiasts try to escape it.
- In the second case, a smart contract remains in a permanent standby state, like any other Internet server. It awaits data from the oracle and, once it gains it, proceeds with the compliance check. In this case, it is assumed that the oracle has already been in contact with the smart contract and knows what data it needs.
Just like any other technology, the more developed it gets the more problems and drawbacks appear. While blockchain operates within its own environment, there are no unforeseen external threats. Meanwhile, oracles have become a weak point for blockchain systems, as their content is unclear. Either way, the variety of oracles increases, so does their potential functionality.