NEWS
DeFi

Crypto Oracles: The Infrastructure Every DeFi Protocol Depends On

A DeFi lending protocol needs to know the current price of your collateral before it can liquidate your position. Blockchains cannot fetch that data themselves. That gap is what oracles fill, and it is also where some of the biggest exploits in DeFi history have occurred.

Marcus Tan June 30, 2026 4 min read

Key takeaways

A blockchain is a deterministic system. Every node running the same code with the same inputs must reach the same output.
An oracle is an off-chain service that collects external data, signs it, and submits it to the blockchain as a transaction.
The dominant answer to the trust problem is a decentralised oracle network.
Some protocols choose not to rely on external oracle networks at all, instead reading the price directly from an on-chain AMM.
Oracle exploits have cost the DeFi ecosystem hundreds of millions of dollars.

Share X LinkedIn

Not financial advice. This article discusses prices and model-based scenarios for information and education only. Crypto is volatile and you can lose money. Do your own research and read our disclaimer.

Why blockchains cannot read the outside world

A blockchain is a deterministic system. Every node running the same code with the same inputs must reach the same output. If a smart contract could make an HTTP request to a price API, different nodes might receive different responses at different times, breaking consensus. The blockchain is therefore isolated by design: it can only see data that has been written to the chain itself.

This creates a problem for any protocol that needs real-world information. A lending protocol needs the price of a borrower’s collateral to know when to trigger a liquidation. A prediction market needs an event outcome. A cross-chain bridge needs to know whether a deposit was confirmed on the origin chain. None of this data exists natively on the destination blockchain.

What an oracle does

An oracle is an off-chain service that collects external data, signs it, and submits it to the blockchain as a transaction. The smart contract reads that transaction as its source of truth. The core oracle problem is not technical — sending a price to a chain is trivial. The problem is trust: how do you know the data is accurate, and how do you prevent the oracle operator from manipulating it to profit at protocol users’ expense?

A single centralised oracle, run by one party, solves the technical problem but creates a single point of failure and a massive conflict of interest. If the oracle operator can manipulate the price they report, they can borrow against inflated collateral, or trigger unfair liquidations on honest borrowers and capture the penalty fee.

Decentralised oracle networks

The dominant answer to the trust problem is a decentralised oracle network. Multiple independent node operators each retrieve the same data from multiple sources, aggregate their answers (usually by taking the median), and submit a consensus value on-chain. Manipulating the result requires corrupting a majority of independent nodes simultaneously, which is costly and detectable.

Chainlink, launched in 2019, became the most widely used decentralised oracle network. It operates a set of “price feed” contracts on Ethereum and many other chains, each maintained by dozens of independent node operators who stake LINK as collateral against misbehaviour. The feeds update on a heartbeat (typically every hour) and whenever the price deviates by more than a threshold (commonly 0.5%). Protocols including Aave, token/" class="twl-coinlink">Compound and Synthetix rely on Chainlink feeds for their core liquidation logic. Data about Chainlink’s network is tracked on public explorers and the protocol’s own data feed dashboard.

Other approaches include Pyth Network, which aggregates data directly from institutional trading firms and publishes extremely low-latency feeds designed for perpetual futures protocols, and Band Protocol, which follows a similar multi-node model to Chainlink but built initially on Cosmos chains. The DeFi Llama dashboard tracks total value locked across the protocols that consume these feeds, giving a sense of what is at stake if a feed were compromised.

On-chain price vs oracle price: the TWAP

Some protocols choose not to rely on external oracle networks at all, instead reading the price directly from an on-chain AMM. Uniswap V2 introduced a time-weighted average price (TWAP) feed that an external contract could read: the average price over a configurable recent window. Because an attacker would have to move the price and hold it there for the entire averaging window — a costly and visible operation — the TWAP is reasonably resistant to flash loan manipulation.

The drawback is latency. A TWAP that averages over thirty minutes will lag a fast-moving market by thirty minutes, which can leave a lending protocol using stale collateral prices during a flash crash. Protocols must choose between freshness and manipulation resistance.

Oracle manipulation exploits

Oracle exploits have cost the DeFi ecosystem hundreds of millions of dollars. The most common pattern uses a flash loan: borrow a large sum within a single transaction, use it to move the price on a low-liquidity AMM that a lending protocol uses as its oracle, borrow against the inflated collateral, and repay the flash loan — all before the transaction reverts. Because everything happens atomically within one block, there is no time for the price to return to normal. The attack is profitable if the protocol’s loan exceeds what the attacker can borrow on the open market.

The mango markets exploit in October 2022 used a variant of this approach, manipulating the oracle price of the MNGO token to borrow almost $116 million from the Mango protocol itself. The attacker later submitted a governance proposal offering to return most of the funds in exchange for immunity from prosecution, a proposal that protocol token holders voted to accept.

For protocols in the BNB Chain, Avalanche and Arbitrum, the oracle problem has acquired a cross-chain dimension. A bridge that allows users to move ETH from Ethereum to Arbitrum must verify that the deposit was made on Ethereum. This verification is itself an oracle problem: the destination chain cannot see the origin chain’s state directly.

Optimistic bridges assume the transfer is valid and allow a challenge window. ZK bridges use cryptographic proofs to attest to the origin-chain state with mathematical guarantees. The latter are more secure but computationally expensive, which is why most bridges in production still use some form of multi-signature or committee attestation, reintroducing the trust assumptions that decentralised oracle networks were designed to remove.

What to look for when evaluating a DeFi protocol

Before interacting with any lending or derivatives protocol, the oracle design is worth understanding. Key questions: Does it use a decentralised feed or a single source? What is the minimum number of oracle reports needed to update the price? Is there a circuit breaker that pauses borrows if the price moves anomalously? Has the code been audited by a firm with experience in oracle attack vectors? The coin tracked here, see the just query a price API?

Blockchains are deterministic: every node running the same code must get the same result. An API call would return different answers at different times or to different nodes, breaking consensus. Data must be submitted to the chain as a transaction before a contract can read it.

What is a flash loan oracle attack?

A flash loan lets an attacker borrow a huge sum within a single transaction without collateral. If a protocol uses the price on a small AMM as its oracle, the attacker can use the flash loan to move that price, exploit the protocol at the manipulated price, and repay the loan — all within one transaction block, leaving no trace of debt.

Is Chainlink the only oracle network?

No. Chainlink is the most widely used, but alternatives include Pyth Network (optimised for low latency, used by perpetuals protocols), Band Protocol (Cosmos ecosystem), and Redstone (which uses a pull model to save gas). Uniswap’s on-chain TWAP is also used as an oracle by some protocols.

Sources

This article is for information and education only. It does not constitute financial advice or a recommendation to use any DeFi protocol. Smart-contract risk, oracle manipulation risk and regulatory uncertainty apply to all decentralised protocols. Do your own research before depositing funds.

Topics chainlink defi ethereum oracles smart-contracts

General information only — not investment advice. TheWeal is an independent crypto data and education publisher. Nothing here is a recommendation to buy or sell any asset. Crypto carries risk, including the possible loss of principal. Read our disclaimer and editorial guidelines.

Written by Marcus Tan

CONFIRM WITH AUTHOR — Marcus Tan is TheWeal's DeFi Editor, covering decentralised exchanges, lending, stablecoins, yield and the on-chain plumbing most readers never see. He has followed decentralised finance since 2018, through the first yield-farming wave, the stablecoin de-pegs, the bridge exploits and the slow institutional rediscovery of on-chain credit. Working from Hong Kong, Marcus reads contracts and dashboards as fluently as he reads price, and he treats total-value-locked, real yield and protocol revenue with the scepticism they deserve. His coverage is built on a habit of asking where a yield actually comes from — and saying so plainly when the answer is 'from the next person in'. Marcus believes the best DeFi journalism is a translation job: taking a mechanism that is genuinely complex and making it legible without making it sound safer than it is. He is candid about smart-contract and counterparty risk, and he expects TheWeal's explainers to leave readers more cautious and better informed, not more excitable.