SoK: Oracles from the Ground Truth to Market Manipulation
This work addresses security risks in blockchain systems for developers and researchers, but it is incremental as it synthesizes existing knowledge rather than introducing new methods.
The paper tackles the problem of blockchain smart contracts' reliance on oracles for real-world data, which introduces security vulnerabilities, by systematically analyzing oracle designs, attacks, and mitigation strategies. It provides a comprehensive review of the trust models and attack vectors in decentralized applications.
One fundamental limitation of blockchain-based smart contracts is that they execute in a closed environment. Thus, they only have access to data and functionality that is already on the blockchain, or is fed into the blockchain. Any interactions with the real world need to be mediated by a bridge service, which is called an oracle. As decentralized applications mature, oracles are playing an increasingly prominent role. With their evolution comes more attacks, necessitating greater attention to their trust model. In this systemization of knowledge paper (SoK), we dissect the design alternatives for oracles, showcase attacks, and discuss attack mitigation strategies.