In the presentation above, Euler Co-founder, Doug Hoyte, gives us insights into the team’s extensive research into TWAP oracles and introduces their very own oracle design. Before we dive into Doug’s presentation, here are some important concepts to take note of.
What is Euler?
Euler is a permissionless DeFi lending protocol that allows users to lend and borrow almost any crypto asset without the need for a trusted third party. Euler’s unique protocol design requires a more sophisticated application of price oracles. The Euler team has done extensive research into this field in order to ensure a truly permissionless and decentralized protocol while maintaining security. In this presentation, Doug Hoyte, Co-founder of Euler, presents the work done to improve upon the Uniswap V3 TWAP (time-weighted average price) oracle design, and introduces a whole new on-chain price oracle design.
Comparing Uniswap V2 & V3
In his presentation, Doug discusses the differences between Uniswap V2 and V3 TWAP oracles. The biggest difference noted is that the price observations on V3 are stored directly in the contract itself, making it much easier to use. Another difference noted was Uniswap V2’s use of arithmetic mean calculation and V3’s use of geometric mean. Arithmetic and geometric means are two different ways of calculating the average price of an asset. According to Doug, though using the geometric mean would be more practical, it is not as efficient as arithmetic averaging. This Investopedia post provides more information about the differences between arithmetic and geometric mean calculations. A more detailed explanation about Uniswap V3’s use of geometric mean can be found in this video by Smart Contract Programmer.
Why not just take spot price data?
According to Doug, simply reading the price off of a blockchain is not effective because it can be easily manipulated with an “atomic transaction” – a huge trade or transaction that affects an asset’s on-chain price.
Below is an elaboration on how such an attack would work:
- Start an atomic transaction as a smart contract
- Make a gigantic trade on the exchange to move the price
- Invoke a “victim contract” which would then be fulfilled based on the wrong price. . A victim contract refers to the smart contract that is settled using the incorrect price data. For example, the contract could be used to issue a loan based on an incorrect price on a lending protocol.
- The attacker receives their funds or loan once the victim contract is settled
- The attacker makes the opposite trade on the exchange to move the price back and recover their funds
Time-Weighted Average Price (TWAP)
TWAP is an aggregation method that calculates the mean price of cryptocurrencies over a specified period of time. Using TWAP oracles instead of a single price point helps to weed out short-term price changes and is also much harder to manipulate. However, they still have their shortcomings. In his presentation, Doug explains possible attacks on TWAP oracles, including multiple block attacks where miners take control of several blocks with “selfish mining”. Doug also highlights how upcoming changes to the Ethereum blockchain such as proof-of-stake and MEV Boost could make such multi-block attacks much cheaper and easier to carry out.
Euler’s new oracle design
As the big surprise in Doug’s presentation, Euler’s new oracle design was introduced. The new design includes improvements to the Uniswap V3 oracle which Euler has been using for some time. Some of the goals for Euler’s new oracle include increasing the oracle’s resiliency to attacks as well as improving on gas fees inefficiencies faced by the Uniswap V3 oracle.
In his presentation, Doug discusses how the Euler oracle was tested. Using real event data, the Euler oracle was tested against Uniswap V3’s. These simulations compared each oracle’s price reports to real prices, as well as the gas usage of the two oracles.
In the crash triggered by Terra’s collapse on 12th May 2022, extreme volatility in the price of USDC/WETH led to the Euler oracle’s gas usage being higher than Uniswap V3’s. While Doug described this as the “worst case scenario” for the Euler oracle, this only refers to gas usage. The oracle reported prices accurately throughout the period of market turmoil.
In computer science, QuickSelect is an algorithm that is used to find the weighted median. Euler uses a variation of “QuickSelect”. Doug elaborates on Euler’s use of QuickSelect, the limitations of the algorithm, as well as Euler’s plans on how to deal with those shortcomings.
For full details about Euler’s proposed price oracle design refer to this GitHub article by Doug Hoyte.
Euler was a Platinum Sponsor at the world’s first Blockchain Oracle Summit, the only conference to focus solely on oracles’ importance and design. Building a truly decentralized, next-generation DeFi protocol led the Euler team deep down the rabbit hole of oracle security. The team’s wealth of wisdom about TWAP oracles and how to manipulate them was a crucial part of our research process for BOS22.