For DeFi projects, choosing a price oracle is a tradeoff between security and up-to-date information

Quick Take
- The amount of money stolen via DeFi hacks has increased significantly in the past few months, and many of the attacks exploited price oracles.
- How to set up a secure and trustworthy price oracle remains a subject of healthy debate.
We'd love your feedback.
The popularity of decentralized financial services (DeFi) platforms exploded during the summer of 2020, and many DeFi traders cashed in. By the time the season changed to fall, hackers were cashing in too.
Since September, the amount of money stolen via DeFi hacks has skyrocketed.
Many of these attacks have exploited a common vulnerability among DeFi protocols: susceptibility to price oracle manipulation.
Since price oracles are what smart contracts use to access information about the price of a given asset, if an attacker is able to manipulate the oracle they have an open door to devise complicated arbitrage attacks and steal money.
Oracles source price information either from somewhere else on the same blockchain — typically a decentralized exchange — or from a trusted source that is off-chain.
But both approaches have their own security tradeoffs, and whether those tradeoffs are worthwhile depends on the needs of the individual project. In short, despite DeFi's fast-growing popularity, how to design secure and trustworthy oracles is still a subject of healthy debate.
Risky business
To understand the risks of relying on a decentralized exchange for on-chain price information, consider the attack in October against Harvest Finance, a DeFi protocol that farms the highest yield available from new DeFi protocols and pools, and then distributes the profits among its users.
As reputed white hat crypto hacker “samczsun” recounted in a blog post, the attacker was able to exploit Harvest by using flash loans — uncollateralized loans that must be paid back within the same transaction block — to manipulate the price of assets trading on the decentralized platform Curve.
Since Harvest Finance relies on Curve for price information, the hacker was able to set it up so they could deposit funds at Harvest at one price and then subsequently withdraw them at a higher price — and run away with $33 million worth of user funds.
In the wake of the attack, some in the DeFi community said that Harvest could avoid this kind of attack by aggregating data from multiple sources instead of relying on just one.
“If you’re going to make a highly automated smart contract that controls a lot of money, effectively controlled by a single price discovery resource, you’re taking a huge risk,” Sergey Nazarov, founder of oracle service Chainlink said in a recent interview.
Thanks to flash loans, Nazarov said, “Anybody can anonymously become extremely well-capitalized and execute an attack on the DEX.”
Chainlink, which currently services 70% of the DeFi ecosystem, maintains a network of independent providers. many of which also operate nodes in a network meant to keep this information cryptographically secure.
But using Chainlink requires trusting Chainlink, and some of DeFi’s most prominent projects — Compound and MakerDAO — have opted to create their own oracles instead.
Compound's oracle, called Open Price Feed, gets its price data from various “reporters,” which can be anybody with access to price data, including exchanges and other DeFi projects. Reporters sign a message containing price data with a private key. Any Ethereum user can then post the information on the blockchain. Finally, users pick a subset of the reported feeds.
This setup allows developers to draw from multiple on-chain and off-chain sources at the same time. “For example, a DeFi application might average price data from three reporters e.g. Coinbase, Wyre, and an OTC desk and combine it with two on-chain prices, e.g. Uniswap and Chainlink (examples only),” according to Compound’s explainer on how the system works.
MakerDAO, meanwhile, has the most decentralized oracle system out there —at least according to Maker's head of backend and oracles Nik Kunkel. "Maker’s oracles are owned by the DAO, by the Maker community. There are no hidden levers or keys we control that give us authority over anything, it’s all controlled by Maker governance," he said.
Kunkel drew a distinction between Maker’s approach and that of Chainlink, which he described as “a consortium of mostly staking services that act as price providers.” Maker’s oracles instead rely on the protocols and apps they tend to use on an everyday basis, like Instadapp, Yearn Finance, Set Protocol and dYdX, he said.
According to a breakdown of the system, a Maker oracle relies on something called a “setzer,” which pulls the median price from a set of exchanges and publishes it to a secure network. Then, users called “relayers” aggregate that data and send it to the “medianizer,” which then takes the median of the reported medians and publishes it.
Using the median filters out irregular price data, according to Maker’s explainer.
One size does not fit all
Ultimately, though, the decision of what kind of oracle to use hinges on what exactly a given project needs. For instance, if the data it seeks is “native to DeFi,” external oracle services like Chainlink aren’t the best option, according to Yam Finance co-creator Brock Elmore.
Numbers like the total value locked in a given DeFi protocol, or the market price for an asset whose primary market is a DEX like Uniswap or Sushiswap, are examples of things that are either entirely or primarily determined on-chain, he said.
Elmore’s team at Yam Finance used Uniswap’s on-chain TWAP oracle, occasionally for providing "trustless liquidity" and for over-the-counter (OTC) deals.
TWAP oracles work by averaging the price over a given period of time, for example an hour or two. The risk with TWAP oracles is that you’re never seeing the exact price at a specific moment in time, which could open the door to manipulation when the market is most volatile.
While this is valid criticism, said Elmore, TWAP oracles exchange liveness for security, particularly in highly liquid markets. If the market has a ton of liquidity, time periods can be decreased. For instance, a one-to-two-hour TWAP oracle is fine for 99% of applications in terms of liveness of data, Elmore argued.
“In a highly liquid market, the chances of manipulation decrease,” he said. “If there is more liquidity over a longer time period, there is more security.”
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

