- Title: Move all asset price oracles to Chainlink where available ahead of the Merge
- Author(s): Michael Bentley & Seraphim Czecker
- Submission Date: 5.09.2022
All markets on Euler currently use Uniswap v3 for their price oracles. This proposal suggests moving all assets on Euler over to Chainlink where available, following its integration as part of eIP 14. This should help to allay some concerns about a reduction in the manipulation cost of Uniswap oracles after the Merge.
This doesn’t mean, however, that Uniswap TWAPs won’t be used on Euler at all. What this means is that wherever available, Chainlink oracles will be used. For everything else, Uniswap TWAPs will be the default oracle solution.
The Merge from PoW to PoS is a consensus layer change on Ethereum that is due to take place sometime around mid September of this year. After the Merge, block proposers will be chosen deterministically before they validate blocks. This feature creates new challenges for decentralised price oracles, like those provided by Uniswap v3, because it opens up greater potential for inter-block price manipulation.
At present, a Uniswap v3 price oracle is often extremely expensive to manipulate (see an article I wrote about this here). An attacker must move the spot price of an asset by a very large % for at least one block in order to impact the time-weighted average price (TWAP) oracle. This exposes them to the risk of arbitrage. Any price manipulation will usually be countered by MEV bots, rendering attacks more costly than any benefit a price manipulator could usually hope to achieve.
However, after the Merge, block proposers will be alerted ahead of time when they are selected to propose a block. This gives them a unique opportunity to carry out oracle manipulation attacks. If they are chosen to propose block n, then they can attempt to manipulate the spot price on block n-1, knowing that they will be free to arbitrage their own price manipulation on the next block (and censor any other attempts at arbitrage).
It is hard to estimate how many block proposers will view oracle manipulation attacks as a legitimate way to increase their income. It seems likely many will not take the risk of carrying out these kinds of attacks. However, so long as the number is non-zero, it is clear there is some degree of reduced cost for carrying out oracle manipulation attacks after the Merge.
The first option is for the validator of block n (i.e. the attacker) to bribe a darkpool service like flashbots to include their manipulation transaction in block n-1. This is feasible, but involves some risk. As far as I’m aware, there’s no guarantee that the validator won’t still take advantage of the arbitrage opportunity for themselves. Note also that if the transaction isn’t LAST in the block, then any ordinary trades that happen after the manipulation transaction will probably be costly to the attacker. Imagine finding out you swapped 1 ETH for 1,000,000,000 because you happened to nip in after the attacker’s manipulation, but before they were able to arbitrage themselves back.
The second option is that the attacker has sufficient stake controlled to be able to wait until they can propose two blocks in a row. In this scenario, they can safely manipulate the spot price on block n-1 AND arbitrage it back themselves on block n. You might think it quite unlikely that a validator would get to propose two blocks in a row, but actually it might be relatively common (see Table below from this article ).
Column shows number of blocks validated consecutively. Rows shows percentage of stake controlled. So, for example, if you have 5% of the stake, then there is a 7.14% probability that you will get two blocks in a row in a given epoch. Which is pretty high, in my opinion. I expect most staking pools won’t be viewing oracle manipulation attacks as legitimate sources of MEV, but even small staking pools will hit upon this opportunity once in a while.
In the medium-term, the Euler Labs team have continued their research on oracle manipulation attacks and will propose new solutions for this kind of attack in the future. You can read more about some of their early research on this here. However, in the short-term, a clear solution to reduce concerns about oracle security ahead of the Merge is to switch at least some markets over to Chainlink (a new integration introduced as part of eIP 14).
Chainlink oracles have secured billions of dollars worth of assets across DeFi for many years at this point, and are the market leader in their sector. Whilst not free from their own criticism (see here, and response here), Chainlink oracles have not yet failed other major DeFi lending protocols, like Compound and Aave. The proposal would therefore be to move WETH, USDC, DAI, WBTC, UNI, and LINK over to the new Chainlink system. One might include a wstETH oracle too.
The following assets will switch to Chainlink should eIP 18 pass:
The Chainlink oracle change has undergone auditing by Omniscia:
It has also been reviewed by Sherlock:
Yes means you support shifting the price feed of the above mentioned assets to Chainlink.
No means you do not support shifting the price feed of the above mentioned assets to Chainlink.
These changes will switch the price oracle for all assets over to the new Chainlink integration where availlable. This is intended to increase security of these markets and lower overall systemic risk on the protocol ahead of the Merge in mid-September.
Uni v3 TWAP oracle attack cost research:
Median oracle research:
eIP 14 (Chainlink):