Next let's talk about an Oracle attack. We've actually already talked about some situations where an Oracle is essentially based upon some data feed, and that data feed could be manipulated. We're already quite familiar with this, but oracles are another on the list of issues in DeFi. We've already talked about things like what is the optimal governance? What is the best consensus protocol? Well, oracles are another issue that there's still a lot of research on as to how to actually do this. Oracles, as I've described previously, are a way to get information into a blockchain that doesn't actually exist on the chain so that information needs to be obtained outside. It might be a market price from, for example, an exchange, it might be some other type of data. But you need to go outside and when you go outside that immediately creates risk. We've talked about some of the risk in terms of manipulating the data source, but there's a host of other issues that are involved here. The key thing is the Oracle needs to be reliable. You need to agree upon up to your Oracle. If you're entering into a contract, people need to agree what the Oracle actually is. It might be, for example, and this is a completely different application, you put some information into a smart contract like a will and there would be payouts if there is a record of death of the person that provided liquidity to that smart contract. You need an Oracle to figure out if that person is alive or dead, and you need to agree upon that. That Oracle might be, for example, the Social Security Database. The program would go outside of a blockchain and check that database to see if the person was alive or dead. If the person is deceased, then the tokens are deployed to certain addresses. Again, this has got to be very secure and little things like the website to get that information might actually change. You get a 404 going to that particular website and then all of sudden the funds could be bricked in the smart contract. Again, all of this stuff needs to be worked out. The economics are really straightforward here that exploiters are going to figure out what the cost of corruption is and the potential profit from corruption of the Oracle, the simple calculation, if the profits greater then they will attack. There's different types of oracles, of course. There's a Schelling point Oracle, and this is where you rely upon a number of voters. There's a fixed supply of tokens that are actually voted. A good example of this is Auger, which got a number of interesting markets. You should look them up. But the Oracle is really important in terms of the outcomes. Again, even something simple like a sports event, there needs to be a feed that tells you what the final score is. It can be really complicated because there could be a winner declared, but then the next time maybe there's a disqualification, so you need to work in all of these possibilities. One issue with an Oracle like the Schelling point is it's not very quick. Often within decentralized finance, we need speed. There's other types of articles, like API, Oracle, and this what chain link is probably, in my opinion, the leading company at this point in terms of Oracle technology. Basically, the turnaround in terms of getting the information is a lot faster. Application-specific oracles, very popular. We've already talked about the Maker Oracle, which is used, Compound also. Compound, for example, relies upon a single data provider. Other protocols might have a portfolio of different data providers. Again, all of these are choices that are really important. There's so many layers of risk in DeFi that we're learning. Smart contract risk is way up there. Governance risk is rare, but it's still a big risk. But Oracle risk is really high on the list of important factors. We know that these unchained oracles could be front-run. Again, let me emphasize, when we talk about front running in DeFi this is not illegal. Everything is open, everything is public. It's also the case that DeFi relies upon all of these Legos that are inter-operable, that are operating 24/7. There's no holiday, there's no downtime. We've had situations where there had been outages in chain-link and Maker. When there's no Oracle, then basically the DeFi protocol stops working; you can't do anything. You go out for the data that you need and the data doesn't exist. Basically, the transaction just stops or it reverts to the original state. This is important. It is an ongoing issue. There could be a whole course on oracles and how to construct them, the different types, and the different risks. But this is definitely a top-three risk.
