Full Report
Decentralized Finance (DeFi) is great eco-system for opening up everyone to many financial instruments. You know what's not great? DeFi hacks. A large percentage of these occur from manipulating the oracle or pricer of the assets in some way to purchase/sell assets at a bad price for the other party. This article talks about how to fix this problem. First, the author mentions primitive protocols. This is contracts that have no governance, no upgradeability and no oracles. Why? If the main contract gets manipulated, then everything gets manipulated, since it's an underlying protocol for everything. The argument is that if everything is self-contained, then oracle manipulation from other protocols subtleties is not possible. The only true example of this is Uniswap but it's now upgradable, which is a double-edged sword. What about lending protocols? There are several cases of lending protocols being being oracle-free. Instead of the collateral factors being set by oracles like Chainlink, the lenders are responsible for evaluating the risks and deciding how much collateral they want from the borrower. To me, this feels like a cop out though. The safety of the protocol goes onto the lender instead of the protocol. If a bad rate was set by a lender, it would immediately be swept up and stolen. The solution to this is having a good user interface that sets these automatically. How does it get these quotes though? A price oracle, but off-chain, which prevents serious manipulation. The article is a tad odd to me but made some good points. Oracles cannot be manipulated if the values are set by the lenders. By having this off-chain, a subtle flaw in a contract doesn't destroy the whole eco-system. Thanks for writing up your thoughts friend!
Analysis Summary
# Best Practices: Oracle-Free Protocol Design
## Overview
These practices address the systemic fragility of Decentralized Finance (DeFi) caused by external dependencies. High-profile hacks often stem from manipulating price oracles or exploiting governance/upgradeability proxies. By moving toward "Oracle-Free" and "Primitive" architectures, protocols can eliminate entire classes of attacks related to bad data inputs and centralized control.
## Key Recommendations
### Immediate Actions
1. **Audit Dependency Maps:** Identify every external data feed (oracles), governance multisig, and upgradeable proxy within your current smart contracts.
2. **Minimize Governance Surface Area:** Lock or remove "administrative fee switches" and other non-essential governance functions to reduce the attack vector.
3. **Internalize Risk Valuation:** In lending/borrowing contexts, move the responsibility of asset valuation from a global oracle to the individual market participants (lenders).
### Short-term Improvements (1-3 months)
1. **Implement Off-Chain Quote Engines:** Shift the "price discovery" layer to the User Interface (UI). Use off-chain calculations to suggest rates to users, which are then hardcoded into the transaction, rather than relying on an on-chain oracle during execution.
2. **Deploy Static Primitives:** Launch core logic as non-upgradeable contracts. If updates are needed, deploy a new version rather than using a proxy, allowing users to migrate voluntarily.
3. **Automate Security Analysis:** Integrate tools like **Pyrometer** into the CI/CD pipeline to perform symbolic execution and static analysis on every commit.
### Long-term Strategy (3+ months)
1. **Transition to Dependency-Free Architecture:** Aim for the "Primitive" standard: zero external dependencies other than the base blockchain.
2. **Modularize Protocol Functions:** Segregate high-risk functions (like collateralization) into self-contained modules where a failure in one does not compromise the liquidity of the entire ecosystem.
3. **Scalable Bounty Flywheels:** Transition from flat-fee audits to security budgets that scale with the Total Value Locked (TVL), incentivizing continuous white-hat monitoring.
## Implementation Guidance
### For Small Organizations
- **Focus:** Simplicity and tool-driven security.
- Use open-source forks of proven primitives (like Uniswap v2 logic) without adding new dependencies.
- Utilize the **Simple Security Toolkit** to establish a baseline security posture.
### For Medium Organizations
- **Focus:** Rigorous review and dependency reduction.
- Engage Tier 1 audit firms (e.g., OpenZeppelin, Spearbit) for pre-launch reviews.
- Participate in competitive audits (e.g., Code4rena) to find edge-case vulnerabilities in protocol logic.
### For Large Enterprises
- **Focus:** Infrastructure and circuit breakers.
- Implement **Sentinel Contracts** and generalized multi-party monitoring to pause or mitigate "atomic exfiltration" (flash loan hacks).
- Formalize a "Dependency-Free" standard for all new DeFi products to prevent contagion risk.
## Configuration Examples
While specific code depends on the specific protocol, the configuration "Golden Rule" for primitive protocols is:
- `isUpgradeable: false`
- `oracleAddress: null` (Prices are passed as parameters by the user/UI)
- `governanceAddress: address(0)` (After initial setup)
## Compliance Alignment
- **NIST Cybersecurity Framework:** Aligns with "Protect" (Identity Management and Access Control) by removing administrative privileges.
- **CIS Controls:** Aligns with "Inventory and Control of Software Assets" by strictly defining contract dependencies.
- **ISO/IEC 27001:** Addresses "System Acquisition, Development, and Maintenance" by enforcing security by design.
## Common Pitfalls to Avoid
- **The "Oracle Cop-out":** Relying on a third-party oracle because it is easier to code than a manual lender-driven valuation system.
- **Governance Creep:** Adding upgradeability "just in case," which creates a permanent back-door for attackers or malicious insiders.
- **UI Neglect:** Failing to provide users with off-chain price data, leading to "bad rate" settings that are immediately exploited by arbitrage bots.
## Resources
- **Pyrometer:** [github[.]com/nascentxyz/pyrometer] - Static analysis and symbolic execution tool.
- **Simple Security Toolkit:** [github[.]com/nascentxyz/simple-security-toolkit] - Practical checklists for DeFi teams.
- **Audit Platforms:** Spearbit, Code4rena, OpenZeppelin.