In Practice

Oracle Risk Assessment Checklist

This checklist can help gauge the reliability, security, and fault-tolerance of oracles across parameters critical for managing risk exposure.

Evaluate TWP Oracle Risk:

• Does the DeFi protocol/protocol ecosystem provide a tool to identify and quantify the costs associated with price manipulation?

Evaluate oracle architecture:

• Is it centralized or decentralized?

• What is the governance structure?

• How are nodes incentivized?

• What are the dependencies and failure points?

Analyze data flow and smart contract integration:

• What critical on-chain decisions depend on external data?

• How is data propagated from oracles to contracts?

• Are appropriate data validation schemes used before contract execution?

Assess real-world performance:

• Analyze historical uptime and response latency

• Evaluate error rates and data accuracy metrics

• Review incident response processes and post-mortems

Audit oracle infrastructure security:

• Oversee pen testing procedures performed

• Check security certificates, key management hygiene

• Confirm monitoring against downtime and breaches

Model oracle risk scenarios:

• Simulate exploit conditions through oracle data manipulation

• Stress test robustness against oracle unavailability

• Quantify potential impact via risk analysis models

Research mitigation strategies:

• Weigh integration of redundant oracle sources

• Explore oracle middleware, aggregator and proxy solutions

• Stay updated on emerging standards and best practices

Explore

Uniswap V3 TWAP Oracle Risk

https://community.chaoslabs.xyz/uniswap/twap

Uniswap V3 TWAP : Assessing Risk

Chaos Labs - Omer Goldberg and Yonatan Haimowitz - Uniswap V3 TWAP: Assessing TWAP Market Risk (April 2023): https://drive.google.com/file/d/16VLIiVv6x9BHrn23Hbidzvf2vjLKgiNT/view?usp=drive_link