What are Oracles?
Smart contracts can only work with data that exists on-chain. This means that any data that’s required from the outside world must first be brought on-chain. The entities entrusted to do this work are called Oracles. The Celo stability protocol relies upon price feed data from centralized exchanges to regulate the issuance of stable value assets, such as Celo Dollars, and keep the price on target. Oracles in the Celo network report this price data on-chain, making it available to the smart contracts. At cLabs, we’re excited to announce the launch of the first version of the Oracle system and move one step closer to the launch of Celo Dollars.
How Oracles fit into the stability protocol
The stability protocol allows Celo Dollars to track the price of the US dollar. At regular intervals, each Oracle collects aggregate price data from exchanges, taking into account the exchange volume and the bid/ask spread of the order book, and optionally updates its on-chain price report if the previous price is significantly different or if enough time has passed. The stability protocol uses the median value of the Oracle reports to determine the on-chain exchange rate for Celo Dollars and CELO (formerly known as Celo Gold). The protocol aims to always issue one Celo Dollar for one US dollar’s worth of CELO. Learn more about the stability protocol in our previous article.
Aside from the important part that Oracle price feeds play in the stability protocol, these price feeds also help improve the Celo user experience. From our early pilot programs we learned the importance of simplicity when managing Celo assets. It’s an annoyance to transact in a stable asset like Celo Dollars but be forced to pay transaction fees in CELO. The Oracle price feed allows transactions to be paid natively in Celo Dollars by automatically converting the amount to CELO at the rate the Oracle has defined. Similarly, validator block rewards are issued as Celo Dollars via the Oracle exchange rate, which allows validators to have a predictable payout at the end of the month.
Keeping the Oracles secure
Security is extremely important to the architecture of the Oracles and the stability protocol in general. Without any mitigation, a compromised price feed can drain the funds of the reserve and impact the trust in the Celo protocol. In the very beginning, Oracle clients are operated by the cLabs team; however, oracle addresses can be added/removed via on-chain governance and will become more decentralized over time. Each Oracle that cLabs operates manages its Celo private key in a separate Hardware Security Module (HSM). The HSM ensures that the private key can never leave the module as it performs all transaction signing directly in the isolated device. We’ve also taken great care in securing our deployment pipelines and locking down production access through strict escalation procedures.
The Oracle architecture is designed with consideration of high-availability and disaster recovery. The Oracles are deployed across two continents and encrypted Oracle key backups allow cLabs to resume operation in the case of the permanent loss of a datacenter. Additionally, the stability protocol is built to allow for potential outages without the loss of the stability peg. This is achieved through Uniswap-style on-chain price adjustments to reflect the real-time demand. You can read more about the constant-product market-maker model in the Stability Algorithm docs.
As with everything on the Celo network, the Oracles are managed via the Celo governance protocol by the Celo community. At cLabs, we would like to see a flourishing ecosystem of Oracle operators sharing price feeds for a variety of different stable assets. Over the coming weeks and months, cLabs will be working to open-source the Oracle codebase and further decentralize the operation of this important piece of the Celo protocol.