Di Zhai (Beijing Jiaotong University), Jiashuo Zhang (Peking University), Jianbo Gao (Beijing Jiaotong University), Tianhao Liu (Beijing Jiaotong University), Tao Zhang (Beijing Jiaotong University), Jian Wang (Beijing Jiaotong University), Jiqiang Liu (Beijing Jiaotong University)
Blockchain oracles play a crucial role in delivering price data from off-chain exchanges to smart contracts, enabling automated financial services. Chainlink, the dominant oracle service provider, employs Decentralized Oracle Networks (DONs) to provide price feeds. In Chainlink's DON, multiple oracle nodes independently observe the price of a cryptocurrency and run the Off-Chain Reporting (OCR) protocol to determine a unique price from their observation values. Price deviations originating from the OCR protocol will pose security risks. To prevent arbitrary price deviations induced by Byzantine oracle nodes, OCR's validity property guarantees that the determined price is bounded by honest observation values. However, this bound in real-world settings remains unclear, and it is unknown how much price deviation Byzantine behaviors can still induce.
In this paper, we conduct an in-depth study of the potential impacts of Byzantine behaviors on the determined price in the OCR protocol, through both empirical and theoretical analyses. First, our empirical analysis reveals that, in real-world settings, Byzantine behaviors still have ample space to sway the determined price in the OCR protocol. We then detail Byzantine behaviors that strategically sway the determined price and formally model their impacts. Furthermore, we evaluate the impacts of these Byzantine behaviors using Chainlink’s real-world price data. Our experimental results show that the price deviation induced by Byzantine behaviors can reach up to 8.47% of the ETH price. Our case studies further indicate that the downstream financial impacts of a price value swayed by Byzantine behaviors can be on the order of $10^5$ USD, and the cumulative impacts of such price values may reach millions of USD. In summary, this work uncovers that Byzantine behaviors can still cause non-negligible impacts on the determined price in the OCR protocol, even under the validity guarantee. We have ethically reported our findings to Chainlink, aiming to support the security of the OCR protocol.