The oracle problem and latency are the major risks of running oracles on a blockchain.
The oracle problem arises due to a trust conflict that centralized third-party systems bring to smart contracts and blockchain systems that are decentralized. Because the data provided by oracles is directly fed into smart contracts, which function based on this data, it’s evident that oracles hold hierarchical power in the execution of the smart contracts. Due to these immense implications, it’s critical for DeFi apps and protocols to have oracles with reliable data and little or no latency.
Broadly, oracle solutions can be classified into two categories: fast but insecure, and secure but slow. The first category mainly applies to decentralized oracles, as they have low latency rates. Due to a vulnerability to various game theory attacks, a majority of DeFi applications run on centralized or semi-centralized oracles.
Most decentralized oracles use the ShellingCoin mechanism, wherein independent sources report the data without coordinating with other sources. Due to the absence of this contact, these sources/agents report “true” data to the best of their capabilities while expecting other sources to do the same. This mechanism is vulnerable to various problems such as collusion between parties, signaling and even bribing. And in the event of a hacker attacking the data feed, known as a man-in-the-middle attack, there is no retaliation mechanism in place. Even a single incorrect value can have significant consequences for the applications relying on the oracle.
Centralized oracles fall under the “secure but slow” category. When pitted against decentralized oracles, these oracles are robust with elements of game theory. They utilize manual voting and “dispute rounds” to overcome attacks that attempt to manipulate their data. But because these methods entail longer wait periods, sometimes lasting weeks, DeFi applications are often discouraged from using them as their oracle of choice. However, despite their protection against game theory attacks, they possess counterparty risk and leave a higher chance of effective hacks due to a single point of failure, decreasing the security of DeFi applications in this particular regard.