Not enough people care about Oracle Extractable Value!
Over the recent years, weβve all become aware of MEV. However, just like miners can extract value from their sequencing power, oracles can extract value from their position. If exploited, they can use this to extract significant value and drain entire protocols.
Unfortunately, most development teams donβt seem to care.
Countless bounty programs say: βanything to do with wrong oracle answers is out of scopeβ.
Before flash loans, people didnβt think AMM price manipulation was a real risk. Now people donβt think Oracles might ever misbehave! This is a dangerous assumption:
Unintentional
Oracles can unintentionally allow others to extract OEV.
We saw a circuit breaker stop price feed updates for the LUNA/USD price feed just weeks ago. This allowed hackers to exchange worthless LUNA for tokens of actual value.
You can get rekt even if you assume honest oracles.
Intentional
Oracles can intentionally allow themselves and others to extract OEV.
Participants in an oracle protocol can influence the output in different ways. For example, network delays, collusion, dishonest voting strategies and AMM price manipulation. Some of which can be triggered by outside actors.
Donβt trust that oracles provide good results, verify by limiting the OEV in your protocol!