On the morning of November 26th UTC, the price of DAI, a stablecoin on the Coinbase exchange, fluctuated violently. It soared by more than 30% to $1.34, and then quickly fell back. This led to a massive liquidation of collateral on Compound, which uses Coinbase Pro as an oracle to feed prices, with a value amounting to $89 million.
Compound is one of the leading decentralized lending protocols in DeFi market on Ethereum, founded in September 2018. According to data from DeBank, the total crypto assets locked on the platform reach $1.6 billion, and a total of $1.6 billion of loans till November 30th, which ranked first on the collateral lending platform.
The minimum collateral requirements for different assets on Compound vary, with Dai generally at 75%. Dai’s surge in prices caused the large fluctuation in collateral rate which normally secure, thus triggering the liquidation threshold.
Manipulation attack on Compound is not a precedent. Recent attacks on Harvest Finance, Value DeFi, Cheese Bank, Origin Protocol, etc. have all suffered similarly. MakerDAO and Aave have also undergone large-scale liquidations in history. Using the information sources on which the oracle relies to manipulate the price in the short-term misleading the on-chain price is a typical oracle attack. The essence is to manipulate the oracle to cause a spread between the prices, and arbitrage it with new financial tools such as flash loans.
Compound requires the oracle to determine the qualification to borrow and lend and the requirement of collateral, as well as the function used to calculate the value of the account. According to the Compound whitepaper, the so-called oracle was commended to a committee that gathered prices from the top 10 exchanges, whereas the reality is that the DAI used by the Compound relies only on Coinbase, a centralized exchange where the data comes from a centralized, single-source that can easily be forged, tampered or hidden.
The three main disadvantages of using centralized oracles are as follows:
1）Low reliability, easy to be attacked, the centralized oracle has the problem of single node error and single node attack.
2）Users need to trust a centralized platform or a third-party independent organization, which violates the decentralization principle of the blockchain.
3）Single platform and third party organizations have information of all user data and cannot guarantee user privacy.
Compound is a typical DeFi project, a decentralized platform that paradoxically uses a self-built centralized oracle. Therefore, the best solution is to use a decentralized oracle that is consistent with the nature of the blockchain.
The oracle is an infrastructure that can bring the data of the off-chain world to the blockchain in a manner consistent with the blockchain consensus. DeFi has a great demand for off-chain information, and its development cannot be separated from the real decentralized and a price verified by the whole market.
There are not many oracle projects on the market at present, the most representative ones are Chainlink, NEST Protocol, Band Protocol and Tellor. These four oracles follow different design principles and have different degrees of decentralization.
NEST Protocol adopts a brand new mechanism to generate prices on the chain, and two-sided quotations are offered through the method of pledged trading pairs for quotation by miners, making it a logically closed-loop distributed quotation system, realizing the true decentralization.
The validation mechanism of NEST Protocol makes it difficult for malicious quotations to take effect. If an attacker makes a malicious offer, it will give the market a certain arbitrage space. It can be understood that NEST uses the game between the validator and the quotation miner to punish the wrong quotation miner so that the wrong data will not be included in the NEST system. Other oracles “upload” the off-chain price data to the chain, regardless of whether the data is wrong or not, the caller cannot verify it. They are used first and verified later. If something goes wrong, the user’s assets will be lost and then traced and punished. NEST directly eliminates the adoption of wrong data. This is the essential difference between NEST oracles and others.
The current DeFi is essentially the blockchainization of traditional finance. There is a “funny” fact here: most of the current DeFi projects do not use a method that conforms to the principles of the blockchain to develop but use the Internet logic to transform it, which runs counter to the spirit of the blockchain. I have seen some DeFi developers blindly compromise, grasp the shadow instead of the essence.
To build a huge financial empire in the blockchain world, price oracle will be the first priority to be solved. For the price oracle itself, it must be done to generate price data on the chain in a way that conforms to the blockchain consensus. No matter how difficult it is, this is the only feasible and correct logic; instead of seeking shortcuts, take a median from several nodes and simply feed the price on the chain. Finance is a very rigorous discipline. The industry is in urgent need of financial professionals and developers to build professional financial products that conform to the essence of blockchain.