Determining The Best Way To Aggregate Data Feeds

In the presentation below, Connor Martin, Ex-head of Protocol Partnerships at Uniswap, examines the inner workings and potential vulnerabilities of the Uniswap TWAP oracle and oracle library – which Connor contributed to during his time at the DEX.

Below are some further explanations of key terms mentioned during his talk.

What is Uniswap?
Uniswap is a decentralized exchange (DEX) that allows for peer-to-peer exchanges of ERC20 tokens without the need for a centralized third party. It is a censorship-resistant and immutable protocol, meaning it cannot be upgraded or changed with human intervention. Unlike centralized exchanges (CEX) that use centralized order books, the Automated Market Maker (AMM) design of DEXs make use of publicly funded liquidity pools for exchange. The exchange rates in AMM liquidity pools can be used as on-chain price oracles. There are several ways to derive the price of an asset from AMM liquidity pools, one of them being the calculation of the time-weighted average price – TWAP.

Uniswap V3
All liquidity pools on Uniswap V3 are able to act as oracles by storing and providing access to liquidity and historical price data. Time-Weighted Average Price, or TWAP, is an aggregation method that calculates the mean price of cryptocurrencies over a specified period of time. Using TWAP to derive the price, instead of simpler aggregation methods, helps to weed out short-term price changes and is also much harder to manipulate. While Uniswap V2 introduced TWAP oracles, the most recent upgrade, V3, introduces some major improvements to this price oracle design. This article by Uniswap provides more details about the V3 upgrade.

On Uniswap V3, prices are expressed and stored using “ticks”. These ticks are distributed in a way that an increase or decrease of 1 tick would equal 1 “bps” at any point. Bps (pronounced as Bip) or Basis Points, are a unit of measure in finance traditionally used to express the changes in interest rates of financial instruments. One basis point equals to 0.01%. How prices, or current tick data is stored, is crucial for effectively querying oracles on Uniswap V3. For a more detailed explanation on ticks and other features of the Uniswap V3 oracle, refer to the documentation here and this medium post that explains the concepts in further detail.

Manipulating Uniswap V3

Intra-block manipulation
The first issue with Uniswap V3 that is highlighted by Connor is the likelihood of intra-block manipulation. Intrablock manipulation is a type of attack that happens within the same block in a blockchain. One of the most popular forms of intra-block manipulation are flash loan attacks. 

Flash loans allow users to borrow as much as they want with no capital on lending protocols. A flash loan attack occurs when a bad actor takes out a flash loan, manipulates the price of an asset by a large percentage on one exchange, and exploits the inaccurate price by selling, buying, or borrowing against the asset at false prices on another protocol, all within one block. One example of a flash loan attack would be the exploit of $130 million that took place on Cream Finance in 2021.

Block-spanning manipulation
While the Uniswap V3 oracle utilizing Time-Weighted Average Prices (TWAP) is good for preventing intra-block manipulation, it is less effective at preventing “block-spanning manipulation”, which is a type of manipulation that occurs over several blocks in the blockchain. Connor cites the example of the Rari Capital exploitation as an example of a block-spanning attack. Check out this article by our media partner, Rekt News for full details of the exploit.

This research article by one of BOS22’s platinum sponsors, Euler XYZ, is a great source for more information on the vulnerabilities of TWAP oracles. In this article, Euler’s CEO Michael Bentley provides an in-depth analysis of the true cost of manipulating Uniswap’s V3 TWAP oracle. 

The Oracle Library
The Uniswap oracle library was  created to help protocols consume prices in ways that were more resistant to manipulation. The oracle library is a suite of functions developed by Connor and the team at Uniswap to help developers easily and safely integrate applications with the V3 oracle. In his presentation, Connor explains how to use the oracle library in full detail. This documentation also provides more information on the functions of the oracle library. 

Connor ends his presentation by emphasizing the need for more standardization of oracle data as well as a call to developers to use the open-source oracle library to experiment with price aggregation and logic breaks. He mentions the OracleSlippage.sol contract as an example which can be found here. More details about the security, capabilities and architecture of the Uniswap V3 TWAP oracle can be found in this article by Chaos Labs.

The Blockchain Oracle Summit was the world’s first conference to focus solely on oracles’ importance and design. Leading speakers from across the DeFi-Tradfi spectrum came to Berlin to take deep-dives into the biggest challenges faced in terms of building and using oracles.

Find out more about Uniswap Labs:
Uniswap Documentation
Uniswap Twitter
Uniswap Discord
Uniswap Website
Connor Martin Twitter

Twitter
Telegram
LinkedIn
Email

Building Autonomous Multi-Chain DApps Using Cross-Chain Automation Powered by Gelato

In the presentation below, Hilmar Orth, founder of Gelato Network, presented on the evolution of multi-chain applications and the impact autonomous cross-chain dApps would have on the ecosystem.  Below are some highlights from his presentation.  What Is Gelato? Gelato Network is web3’s decentralised backend that enables projects to augment their smart contracts by being able to

Read More »

Zero-Knowledge Proofs: Where Data Verification Meets Privacy

In the presentation below, Laurence Kirk, CEO of Extropy.io, presented on Zero-Knowledge Proof and how it could be applied to Oracles, focusing on the challenges in data verification and privacy standards.  Below are major highlights from his presentation.  What Is Extropy?Extropy is a consultancy firm that offers auditing and software development services for , Distributed

Read More »

The Future is Multichain; Enhancing the Interoperability of DApps with Cross-Chain Oracles 

Ethereum, Bitcoin, Binance Smart Chain, Polygon, Cosmos, Polkadot, Optimism… the list goes on.  As more blockchains are being created with a multitude of decentralized applications (dApps) being built and used on each one of them, the conversation around the need for an interoperable future has never been more important. There have been many discussions about

Read More »

Evaluating the Integration of Subjective Oracles for Executing DAO Decisions

In the presentation below, Clément Lesaege, co-founder and chief technical officer of Kleros, presented on the integration of subjective oracles for executing DAO decisions and the role Kleros could play in the evolution of DAO governance.  Below are the highlights of his presentation.  What is Kleros?Kleros is a decentralized protocol built on the Ethereum blockchain

Read More »

Oracles as a Catalyst for Bridging Real World Assets On-Chain

In the presentation below, Niklas Kunkel, Oracle Core Unit Facilitator at MakerDAO, talks about the role that oracles play in bridging real world assets on-chain. Below are further explanations of key points highlighted during his talk. Introduction to MakerDAO & StablecoinsMakerDAO is a decentralised autonomous organisation (DAO) that guides the development of the Maker protocol.

Read More »

Ensuring Honesty in Decentralised Systems: Oracle Manipulation & OEV 

In the presentation below, Dominik Muhs, Senior Security Engineer from ConsenSys Diligence, dives deep into the world of oracles, explaining how they can be broken and what would be required to prevent future manipulations. Here are some key concepts highlighted in the talk. What is ConsenSys Diligence?ConsenSys Diligence is the blockchain security and auditing arm

Read More »