TWAP Oracles, THE solution To Oracle Exploits?
In 2022, $219.6 million was lost to an Oracle exploit. On February 1st, 2023, a DeFi protocol was hit by the first Oracle exploit of the year, resulting in a loss of $120 million, making it the second-largest hack of 2023.
The year 2022 witnessed a significant increase in Oracle manipulation, leading to a steep decline in the total value locked (TVL) for Oracle providers.
The numerous Oracle exploits in 2022 prompted several experts to reevaluate the relevance of oracles in DeFi.
So, how can this drain be stopped?
For some, the answer lies in Time-Weighted Average Price (TWAP) Oracles.
In this article, we will discuss whether TWAP Oracles have the potential to put an end to Oracle exploits or not.
If you’re familiar with the mechanics behind Oracle and Oracles exploits, you can jump to part 3 that tackles TWAP Oracles.
What Are Oracles?
Oracles have become a crucial tool for the DeFi ecosystem.
Through smart contracts, they take off-chain real-world data and connect them with blockchains.
For DeFi actors, oracles act as a middleman that allows them, among other things, to access financial data about assets and markets.
Those data are then used to, for example, provide the pricing of assets in real-time for liquidity pools that are used to facilitate decentralized trading and lending.
The Oracle’s job is not to be the source of information but to verify external data sources and then relay that information.
Consequently, a hacker “only” has to change the truth that will be relayed by the oracle to a DeFi liquidity pool, whose equilibrium is based on this oracle information, to be able to siphon it.
How Does an Oracle Exploit Happen?
An oracle manipulation is at its crux, a two steps attack.
The first step is to manipulate pool(s) used as price oracle(s) by a DeFi protocol to artificially inflate a token’s price by swapping/buying a vast amount of it.
Then go to the lending pool connected to this price oracle and open an under-collateralized position that will allow him to fly away with the excess money gained, thanks to the manufactured price discrepancy he created.
To illustrate this, let’s say that 1000 ETH = 1000 sUSD. In a scenario where the oracle has not been manipulated, and a lending pool requires depositing in collateral 120% of the value borrowed, you will need to deposit 1200 eth to receive 1000 sUSD.
However, if the hacker manipulates the pool(s) used as an oracle by buying en masse eth so that 1000 eth would then be worth 2000 sUSD, he only has to go to the lending protocol using this compromised oracle and deposit 1200 eth to receive 2000 sUSD.
That is what happened in substance in the most talked about oracle manipulation of 2022, the $100M Mango Market hack.
In a simplified summary, Avraham Eisenberg -who was the hacker behind the Solana DeFi trading platform Mango Market- funded his wallet with $5M USDC that he used to purchase 483 units of perpetual contracts in Mango token (MNGO), driving the price of MNGO X30 from $0,03 to $0,91 and increasing the value of his Mango token to $423M. Step one over. After artificially elevating the collateral value of his account, he proceeded to drain Mango Markets lending pools by taking massive loans totaling ~$117M in Bitcoin, Solana, and more. Step 2 over.
The oracles used by Mango Markets worked as intended, but since the source of truth was compromised, it was possible for Avraham Eisenberg to take an extremely under-collateralized loan.
This attack was self-funded, but as previously stated in our article dedicated to flash loan attacks, where once price/market manipulation was the preserve of “whales” like Avraham Eisenberg, flash loans now give the ability to a much larger pool of people to exploit oracles. A prime example would be Deus Finance, a DeFi protocol, which was exploited twice in two months in March and April 2022, for respectively $4 million and $13 Million through oracle exploits funded by flash loans.
TWAP Oracles, THE solution To Oracle Exploits?
TWAP (Time Weighted Average Price Oracles) oracles were pioneered by Uniswap and are an alternative to VWAP (Volume Weighted Average Price) oracles like Chainlink, the most popular and well-respected Oracle of web3.
The dramatic differences between these two oracles resides in the very first letter of their acronym: TWAP Oracles use Time as a weighted average while VWAP Oracles use Volume as a weighted average.
To put it very simply, a VWAP Oracle will:
1 — calculate asset prices by multiplying the price (P) of an asset by the volume (V) of the asset traded on the exchange during a specific period
2 — depending on the Oracle and on how many sources it has, sum up all of them
3 — divide this sum by the total volume of the asset on all exchanges concerned
Schematically, (V x P (Exchange #1) + V x P (Exchange #2) +…) / TVA (Total Volume of the asset on all exchanges)
As seen what “weigh” in providing the current accurate and average value of an asset is the total volume of the asset.
Example:
While, with TWAP oracles, it is not the volume that will “weigh” in and provide information about the average price of an asset, but Time (T).
For example, let’s say we choose a 2-day interval for a TWAP oracle, the oracle will provide the average price of the asset across those two days:
“The price (P) is continuously multiplied by how long it lasts for (T) and added to a cumulative value(C) at different checkpoints (usually at the end of a block). In the end, the total cumulative value is divided by the total duration to get the average price across the specified period.” — Halborn
Example:
This simple switch in calculation makes TWAP oracles almost exploit proof by providing not a spot price but the average price of an asset measured during a previous trading period.
To be able to successfully achieve price manipulation based on an oracle exploit, a hacker would need to manipulate a token’s price over a long period.
As explained earlier, current oracle exploits are possible because hackers manipulate the price of assets in an extremely short span of time.
Thanks to their mechanics, information being sourced on-chain and being solely controlled by smart contracts, TWAP Oracles appears to be the response DeFi needed to the Oracle exploit threat.
Then, why have TWAP oracles not become the Oracle standard in DeFi?
Well, numerous limits and a new found vulnerability makes it unlikely for TWAP to dethrone VWAP.
Here’s why.
The Limits of TWAP Oracles
Long story short, TWAP does not provide a solution to the “Oracle Dilemna”.
Yes, on paper, TWAP Oracles are more secure, but the price of this higher level of security is accuracy.
The crypto market is by essence extremely volatile.
No one can predict what’s going to happen next, and the volatility is so high that a token could plunge down to zero in matters of hours if not minutes. The inability for TWAP oracles to provide the most up-to-date prices could have dramatic consequences. By being out of sync with the market-wide price, it provides inaccurate data being consumed by smart contracts that put protocols at risk of under-collateralization.
The inaccuracy of data provided is accentuated by the fact that TWAP Oracle solely rest on the prices from a single exchange, completely ignoring the issue of liquidity fragmentation across DeFi and CeFi.
One more thing that makes TWAP Oracles unattractive is that, opposedly to other Oracles that can provide financial market data on real-world assets like commodities, forex, stocks, indexes, or tokens priced in fiat currencies, TWAP Oracles only provide the exchange rate between two on-chain tokens.
To top it all, the switch from Proof-Of-Work (PoW) to Proof-Of-Stake(PoS) of the Ethereum blockchain and the massive adoption of Proof-Of-Stake as the new standard for blockchains, has make TWAP Oracles more susceptible to exploits.
TWAP oracles were designed by Uniswap to operate in a PoW mode. They relied on the random nature of the next block creator in PoW to make the cost of manipulating them extremely high, a deterrent, since manipulators would lose money due to back-runs.
With PoS, a validator would know whether he controls the next block or not, erasing the possibility of back-runs, erasing the line of defense erected between TWAP Oracles and manipulators.
Nevertheless, TWAP Oracles security does not rely entirely on back-runs or lack thereof.
They are a tougher cookie to crack as proven in this research paper “ TWAP Oracle Attacks: Easier Done than Said?”.
As well as by Uniswap that addresses upfront the new challenges posed by PoS in their paper “TWAP Oracles in Proof of Stake”, while underlining how even under PoS, TWAP Oracles exploits are still pretty much unfeasible.
Faced with this new challenge as well as the issue of accuracy specific to TWAP oracles, Uniswap Labs has decided to keep on researching PoS resistant oracle implementations, without ruling out “improvements such as more wide-range liquidity and limit orders could be introduced.”
Conclusion
The title of this article was a question: “TWAP Oracles, the long awaited answer to Oracle Exploits?”
And the response is simple: “Today, TWAP Oracles, due to their limitations, can not be largely adopted and solve the issue posed by Oracle exploits.”
Blockchain security firm Halborn proposed to:
“use a VWAP oracle (like Chainlink) in normal situations and use a TWAP oracle as a fallback in case oracle nodes start acting maliciously.
This gives developers the best of both worlds: access to fresh prices and broad market coverage that VWAP oracles provide and the decentralization and censorship resistance of TWAP oracles.”
The issue here again, is that by the time people are alerted that a malicious act is ongoing it could already be too late to act, due to the extremely swift nature of Oracle exploits.
While waiting for Oracles to be able to transcend the “Oracle Dilemna” or new tools that could replace them and offer accuracy of data as well as security, the only strategy that DeFi actors can implement to guard themselves against price manipulation is to take preemptive measures.
In november 2022, the decentralized lending protocol Compound chose to pause the supply of four tokens (YFI, ZRX, BAT, and MKR) as lending collateral on its platform to protect its users against price manipulation. One month later, Open Source Liquidity Protocol Aave temporarily suspended lending markets for 17 tokens to fend off volatility risks after the Mango Market hacker tried a repeat attack on Aave and almost stole $60 million on CRV using USD Coin.
So, although today, the Web3 ecosystem doesn’t have the technical answer to Oracle Exploits yet, DeFi Protocol, fortunately, have the ability to stop a great many of them from happening.
About us
Nefture is a Web3 real-time security and risk prevention platform that detects on-chain vulnerabilities and protects digital assets, protocols and asset managers from significant losses or threats.
Nefture core services includes Real-Time Transaction Security and a Threat Monitoring Platform that provides accurate exploits detections and fully customized alerts covering hundreds of risk types with a clear expertise in DeFi.
Today, Nefture proudly collaborates with leading projects and asset managers, providing them with unparalleled security solutions.
Book a meeting 🤝 Nefture Calendly
