In Practice

Oracle Risk Assessment Checklist

This checklist can help gauge the reliability, security, and fault-tolerance of oracles across parameters critical for managing risk exposure.

Evaluate TWP Oracle Risk:

  • Does the DeFi protocol/protocol ecosystem provide a tool to identify and quantify the costs associated with price manipulation?

Evaluate oracle architecture:

  • Is it centralized or decentralized?

  • What is the governance structure?

  • How are nodes incentivized?

  • What are the dependencies and failure points?

Analyze data flow and smart contract integration:

  • What critical on-chain decisions depend on external data?

  • How is data propagated from oracles to contracts?

  • Are appropriate data validation schemes used before contract execution?

Assess real-world performance:

  • Analyze historical uptime and response latency

  • Evaluate error rates and data accuracy metrics

  • Review incident response processes and post-mortems

Audit oracle infrastructure security:

  • Oversee pen testing procedures performed

  • Check security certificates, key management hygiene

  • Confirm monitoring against downtime and breaches

Model oracle risk scenarios:

  • Simulate exploit conditions through oracle data manipulation

  • Stress test robustness against oracle unavailability

  • Quantify potential impact via risk analysis models

Research mitigation strategies:

  • Weigh integration of redundant oracle sources

  • Explore oracle middleware, aggregator and proxy solutions

  • Stay updated on emerging standards and best practices


Uniswap V3 TWAP Oracle Risk

Uniswap V3 TWAP : Assessing Risk

Chaos Labs - Omer Goldberg and Yonatan Haimowitz - Uniswap V3 TWAP: Assessing TWAP Market Risk (April 2023):

Last updated