Open in app

Sign in

Write

Sign in

The Pull Oracle

A Paradigm Shift in Oracle Architecture for Enhanced Reliability and Scalability and Impact on Solana DeFi

Mark Damasco
14 min readJun 29, 2024

--

Table of Contents:
1. INTRODUCTION
2. The Security Limitations of Push Oracles: A Quantitative Perspective
3. The Pull Oracle Advantage: Decentralized Security and Efficiency
4. Beyond Security and Efficiency: Decentralized Governance
5. Impact on Solana DeFi
6. Conclusion

Overview

This research analyzes the security and efficiency implications of transitioning from push to pull oracles in decentralized finance (DeFi), with a particular focus on the Pyth Network as a leading example. I’ll present quantitative evidence demonstrating the inherent vulnerabilities of push oracles and showcase how pull oracles, through their decentralized nature and on-demand data retrieval, provide demonstrable improvements in security, efficiency, and resilience and their Impact on Solana DeFi.

1. INTRODUCTION

Decentralized Finance (DeFi) is the exciting new frontier in finance. It promises a financial system that’s open, fair, and free from middlemen. However, it faces a hidden challenge: how to get accurate, reliable data about the real world onto the crypto.

Decentralized Finance (DeFi) revolutionizes financial services by eliminating intermediaries. However, its success hinges on accurate real-world data, which fuels the smart contracts governing DeFi operations.

Currently, most DeFi platforms rely on “push” oracles, which regularly deliver data to the blockchain. However, this standard approach poses risks due to potential vulnerabilities and inefficiencies.

Furthermore, Pyth Network’s initial version (Pyth V1) on Solana utilized a push oracle design, which, despite widespread adoption, faced limitations during volatile market conditions and network congestion.

This article explores why DeFi needs to move away from push oracles and adopt a new, more secure model: “pull” oracles. We’ll focus on a leading example, the Pyth Network, and show how it offers a better, safer way to get the information DeFi needs to thrive.

The new “pull” oracle (Pyth V2) design addresses these issues by ensuring that the oracle only updates on-chain prices when specifically requested. In a push oracle system, every price update must be pushed on-chain, often competing for bandwidth with other transactions. The pull oracle design allows users to include these price updates in their transactions, ensuring they land during crucial periods.

By understanding the difference between push and pull oracles, we can see how this shift is crucial for the future of a more secure and truly decentralized financial system.

2. The Security Limitations of Push Oracles: A Quantitative Perspective

Push oracles, while convenient, have shown serious weaknesses that make DeFi vulnerable.

Let’s look at some real numbers to see the problems:

2.1 Security Breaches and Hacks:

In 2023 alone, over $1 billion was stolen from DeFi platforms.

Monthly total Value stolen in crypto over $1B in 2023 [2]

Similarly, This amounts to a 63.7% drop in the total value stolen from DeFi platforms year-over-year. There was also a significant drop in the share of all funds stolen accounted for by DeFi protocol victims in 2023, as we see on the data below.

Crypto Stolen in by Victim Platform type[2]

Centralized services were the primary target in earlier years, especially 2016–2019. Second, DeFi (Decentralized Finance) platforms emerged as a significant target starting in 2020, becoming the dominant victim type by 2021–2022.

Of these attacks, nearly 20% were directly caused by problems with “push oracles”. This means hackers were able to exploit weaknesses in these oracles to steal funds.

2.2 Vulnerability to Manipulation:

  • Simulated Attack. A recent study simulating a “Sybil attack” on a push oracle network demonstrated that a single malicious actor controlling 5% of the network nodes could successfully manipulate the data feed by 10%. This highlights the susceptibility of push oracles to even small-scale attacks.[4]
  • Real-World Examples. Instances of push oracle manipulation have already occurred in DeFi. In 2021, a well-known oracle provider experienced a data breach, leading to significant price distortions and losses for DeFi users.
Oracle Manipulation Attacks 2021 amount to nearly $400 Million & in 2023 over $400 Million[3]

This data highlights the increasing threat of oracle manipulation in the cryptocurrency ecosystem, emphasizing the importance of robust oracle designs and security protocols.

2.3 Censorship Risk:

Push oracles face significant “censorship risks” due to their reliance on a limited number of authorized operators, creating a single point of failure. This centralized structure makes them vulnerable to malicious actors who could compromise or censor the data feed, thereby significantly impacting the functionality of DeFi protocols.

Additionally, push oracles could be susceptible to “political pressure“ or censorship from governments or regulatory bodies, potentially stifling the growth of DeFi and limiting its accessibility. Such vulnerabilities underscore the importance of decentralization in maintaining the integrity and resilience of DeFi ecosystem.

Some example:

Letter response for “DeFi regulation” and their recommendations for IOSCO. [11]

2.3.1 Limited Transparency.

Centralized systems often operate as black boxes, offering limited visibility into their data sourcing and processing methods. This opacity compromises verifiability, a core principle of blockchain technology that enables the verification of every transaction.

Similarly, for oracles, users should be able to trace the data path from the on-chain report back to the oracle node’s query of the data source, ideally supported by some form of cryptographic signature related to that query or aggregated data point. The lack of transparency in how data is sourced and processed can erode trust among users who depend on the integrity of this data for critical decision-making processes.[5]

2.3.2 Single Point of Failure.

Centralized oracles are a non-starter for smart contract applications because if the single oracle is corrupted, then the data being delivered on-chain may be highly incorrect and lead to smart contracts executing very wrong outcomes.

This is commonly referred to as the “garbage in, garbage out” problem where bad inputs lead to bad outputs. Additionally, because blockchain transactions are automated and immutable, a smart contract outcome based on faulty data cannot be reversed, meaning user funds can be permanently lost.[13]

Centralized Oracle Represents a Single Point of Failure.[13]

2.4 Scalability Issues:

As the DeFi sector continues to expand, the demand for data increases correspondingly. Push oracles often struggle to keep pace with this growing demand, leading to delays and inefficiencies. The scalability issues inherent in push oracles can hinder the efficient operation of DeFi applications, emphasizing the need for more robust and scalable Oracle solutions to support the ongoing growth and complexity of decentralized finance.

3. The Pull Oracle Advantage: Decentralized Security and Efficiency

Pull oracles, like the Pyth Network (Pyth V2), offer a fundamentally different approach. Smart contracts actively “pull” the data they need from a decentralized network of providers.

3.1 Push Oracle vs Pull Oracle Pyth Network:

3.1.1 Push oracles.

Push oracles periodically update an on-chain price based on external trigger conditions. The oracle has a smart contract that stores the current price. The contract also has a set of permissioned operators who are authorized to update the price. The oracle operators then commit to updating the on-chain price at a specific cadence, for example, once every 30 minutes or if the price moves by 1%. Thus, in a push oracle, the on-chain price is periodically updated, regardless of whether or not anyone is using it.[1]

3.1.2 Pull oracles.

Pull oracles only update the “on-chain” price when requested. There are different ways for users to request an updated price from a pull oracle. Some pull oracles respond to on-chain requests: applications send one transaction to request data from the oracle, which then submits the response in a second transaction.

Pyth uses a simpler system where users can request the latest price update from an off-chain service. Anyone can submit a price update to the on-chain Pyth contract, which verifies its authenticity and stores it for later use. This system allows applications to use a single transaction flow that first updates the price then performs the necessary application logic.[1]

Pull vs Push Oracle.

Pyth Network provides a decentralized approach to data access, offering demonstrable security and efficiency advantages.

For this reason, the Pyth oracle has facilitated over $100 Billion in traded volume at the time of writing.

3.2 Decentralized Security:

3.2.1 Multiple Data Providers.

Pyth’s decentralized network of 75+ [6] data publishers ensures no single entity can control or manipulate the data, making it highly resistant to censorship or collusion.

Pyth Network Partners [7]

3.2.2. On-Chain Verification.

Each price update submitted to the Pyth Network is verified by the network, ensuring data integrity and preventing malicious actors from injecting false information. This verification process provides a strong security layer against data falsification.

3.2.3. Reduced Security Incidents.

A study by the Pyth Network highlighted that pull oracle systems had a 30% lower incidence of data tampering attempts compared to push oracle systems. This improvement enhances overall security by reducing the attack surface inherent in continuously transmitting data. [8] [9]

3.3.3 Resistance to Manipulation.

Since pull oracles don’t rely on a single entity to broadcast data, they are more resistant to manipulation or censorship. Attackers would need to compromise a significant portion of the oracle network to influence the data provided to smart contracts.

3.3. Efficiency Gains:

Pull oracles only update data when requested by smart contracts. This on-demand data retrieval approach significantly reduces unnecessary transactions and block space consumption compared to frequent updates in push oracle systems.

This has

3.3.1 Data Accuracy.

One of the critical benefits of Pythnet Price Feeds is that its scalability allows it to closely track the prices of assets on their primary trading venues. We showcase its accuracy via an in-depth analysis of the Pyth feeds for ETH/USD and AAVE/USD — two pairs where the quote tokens are of very different market caps and trade on very different sets of exchanges. We then compare Pyth to several significant competitor oracles on the chains on which they are deployed.

All of the analyses below use prices between November 17, 2022, through November 24, 2022 (except where explicitly noted). This week had significant price volatility, making it a good test for oracle accuracy. We compare Pyth, and competitor oracle feeds against the prices on the most liquid centralized exchange for the pair. In some cases, the most liquid pair is against USDT, in which case we converted to USD using the USDT/USD exchange rate.

ETH/USD

For the first analysis, we chose ETH/USD, a highly liquid pair traded on many exchanges. The charts below compare Pyth’s prices for ETH/USD against Binance, the most liquid exchange for this pair.[9]

White line: CEX (centralized exchange) prices Purple line: Pyth prices[9]
Price differences of up to 0.40% between Pyth and CEX [9]
Approx. 90% of Pyth’s ETH/USD price deviations are within 10 basis points (0.1%) of the CEX price. This indicates a “high degree of accuracy”.[9]

The graphs demonstrate that Pyth’s ETH/USD price generally aligns closely with the CEX price, with the vast majority of deviations falling within a narrow range. This suggests that Pyth is a “reliable source of price information” for ETH/USD.

3.3.2 Scalability and Efficiency.

Pull oracles like Pyth have demonstrated the ability to handle high transaction volumes without compromising data quality or speed. The Pyth Network’s average response time is 400 milliseconds, allowing for near real-time data access even during periods of peak demand. This scalability is essential for the continued growth and efficiency of DeFi applications​. [8] [9]

3.3.3 Reduced Gas Costs.

Pyth is the case of Chainlink for USDT/USD on the BNB chain, in the bottom right corner. In contrast to Ethereum, where Chainlink updated the USDT/USD price feed 7 times over the week, BNB features lower gas fees, so Chainlink updated 652 times. Moreover, during this time period, the USDT price was almost always $1, so a high-frequency feed was not necessary to track the price closely.[9]

Moreover, the reduced number of transactions associated with pull oracles leads to lower gas costs for DeFi protocols, ultimately benefiting users. This translates to lower transaction fees and improved cost-effectiveness.

tables show the total fees payable when using the default provider ($eth)
Total Cumulative Fees in $Eth Using Pyth in Various Chains (at the time of writing). Dune

4. Beyond Security and Efficiency: Decentralized Governance

The transition to pull oracles not only enhances security and efficiency but also lays the foundation for decentralized governance in DeFi. Pull oracles empower users to participate directly in data requests, giving them a significant role in the network’s data access mechanisms. This participatory model fosters a more transparent and accountable ecosystem, where users have a voice in how data is utilized and managed.

4.1. Empowering Users: Pyth Token and Decentralized Governance

Pull oracles like the Pyth Network go beyond just improving security and data quality. They also give users a voice in how the system works through decentralized governance and the Pyth token.

4.1.1 The Pyth Token’s Role (Denoted as $Pyth).

Voting Power. Holders of Pyth tokens have the power to vote on important decisions about the Pyth Network. This includes things like:

  • Which data providers are trusted. This helps ensure the accuracy and reliability of the data.
  • How often data is updated. This balances the need for up-to-date information with network efficiency.
  • What types of data are prioritized. This allows the community to decide which types of data are most important for DeFi applications.

4.1.2 The Pyth DAO LLC.

The Pyth DAO LLC is legally structured as a non-profit DAO LLC formed under the laws of the Republic of Marshall Islands. It is algorithmically managed, with actions taken via the governance contract on the Solana Blockchain deemed to be actions of the Pyth DAO LLC. This structure enables the Pyth DAO LLC to:

  • Hold the treasury and pay Pyth DAO related costs and expenses
  • Protect Pyth DAO members from unlimited liability
  • Allow Pyth DAO members to take part in governance by providing a clear framework for the rights and duties of Pyth tokenholders

Individuals or entities who stake PYTH Tokens in the staking program become members of the Pyth DAO LLC. Pyth Improvement Proposals (PIPs) are the primary methods to introduce, discuss, and implement changes to the Pyth DAO Constitution, governance, and the oracle network’s operations.[16]

4.2. Transparency and Accountability:

By decentralizing data requests and governance, pull oracles enhance transparency. Users can verify the sources and integrity of the data they pull, reducing the chances of data manipulation. This transparency is crucial for maintaining trust within the DeFi ecosystem, as it allows for independent audits and real-time verification of data integrity​.

4.3. Scalability Through Community Involvement:

Decentralized governance allows for scalable and flexible responses to changing network demands. As the DeFi ecosystem grows, so do the requirements for data feeds. A community-driven approach enables quick adaptation to new needs, as users and developers can propose and implement changes without the bottleneck of a centralized decision-making process​ [10]. This scalability ensures that pull oracles can continue to meet the demands of an expanding DeFi landscape.

Migration to Pyth V2 a “Community-driven approach​” on Pyth [10]

5. Pyth V2 Impact on Solana DeFi

According to its Pyth V2 Whitepaper, it proposes an oracle protocol to make accurate, high-resolution financial market data easily accessible on-chain. The protocol is designed to be a self-sustaining decentralized network that coordinates data publishers and consumers.

The protocol is designed to attract publishers with high-quality pricing data, and incentivizes these publishers by paying them fees collected from consumer usage of the data. The mechanisms help prevent malicious attackers from manipulating the protocol to their benefit in various ways, such as manipulating the price. [12]

Moreover, the Pyth V2 pull oracle will significantly enhance efficiency, reliability, security, and data access, driving the growth of Solana DeFi. As we clearly outlined in Section 3 (The Pull Oracle Advantage: Decentralized Security and Efficiency).

For this reason, the Pyth oracle has facilitated over $100 Billion in traded volume at the time of writing.

$100 Billion in traded volume from 50+ blockchains.@PythNetwork

To highlight:

5.1 Enhanced Efficiency and Reduced Latency

5.1.1 Efficiency Gains.
Pyth V2’s pull oracle updates prices only when requested, reducing unnecessary updates and congestion.

5.1.2 Reduced Latency.
The pull model minimizes gas inefficiencies, ensuring efficient data flow and lower operational costs.

5.2 Increased Reliability

5.2.1 Congestion Handling.
The pull oracle allows users to request updates, avoiding delays during high congestion and volatility.

5.2.2 User-Controlled Updates.
This model improves reliability by providing timely data without congestion-related interruptions.

5.3 Expanded Price Feeds

5.3.1 Broader Coverage.
Supports over 540+ price feeds on more than 65 chains permissionlessly, offering extensive data for Solana protocols and users.

Total Value Secured (TVS) percentages for various blockchains.

5.3.2 Scalability Improvements.
Overcomes limitations of the push oracle, benefiting the entire Solana DeFi ecosystem.

5.4 Security and Cost-Effectiveness

5.4.1 Enhanced Security.
Reduces unnecessary updates, minimizing the attack surface and processing only relevant data.

5.4.2 Optimized Costs.
Users pay for the data they request, optimizing gas fees and resource utilization.

5.4.4 Customization.

Smart contracts can specify the type and format of data they require, allowing for tailored solutions to meet specific application needs.

5.5 Smooth Transition with Dual Oracle System

5.5.1 Easy Integration.
DeFi applications can continue using price data from the familiar Pyth V1 while gradually integrating with the new Pyth V2. This prevents sudden service interruptions and allows for a controlled migration process.

5.5.2 Developer Flexibility.
Offers developers control and options for consuming oracle data, supporting ecosystem growth.

6. Conclusion

This article has demonstrated the significant advantages of pull oracles, like the Pyth Network, over traditional push oracles in DeFi. Enhanced efficiency and reduced latency are achieved through the pull oracle model, where price updates are made on-chain only when requested. This reduces unnecessary updates and congestion, ensuring efficient data flow and lower operational costs. By allowing users to control when updates are made, the pull oracle improves reliability, especially during high congestion and volatility, providing timely data without interruptions.

Furthermore, the new Pyth V2 pull oracle supports over 540+ price feeds, offering extensive data coverage for Solana protocols. This broader range of reliable data overcomes the limitations of the push oracle, benefiting the entire Solana DeFi ecosystem. The pull oracle also enhances security by reducing the frequency of unnecessary updates, minimizing the system’s attack surface, and processing only relevant data. Users pay for the data they specifically request, optimizing gas fees and resource utilization. Maintaining both push and pull oracles during the transition ensures continuity for existing users and offers developers greater control and flexibility in consuming oracle data, supporting the ecosystem’s growth.

As DeFi continues to evolve, adopting pull oracles will be crucial for building a more secure, efficient, and decentralized financial future. Nearly 20% of DeFi hacks are linked to push oracles, highlighting the urgency of transitioning to a more secure oracle model. Pull oracles, with their decentralized nature and on-demand data retrieval, offer a robust solution that minimizes the risk of manipulation and attacks. The Pyth V2 pull oracle’s profound impact on Solana DeFi demonstrates its potential to drive the growth and maturation of the entire DeFi landscape. Through a quantitative analysis of security, efficiency, and governance, we have established a strong case for this paradigm shift.

Stay tuned!

References:

[1] https://docs.pyth.network/price-feeds/pull-updates

[2] https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2024/

[3] https://www.chainalysis.com/blog/oracle-manipulation-attacks-rising/

[4] Caldarelli, G. Real-World blockchain applications under the lens of the oracle problem. A systematic literature review. In Proceedings of the 2020 IEEE International Conference on Technology Management, Marrakech, Morocco, 25–27 November 2020.

[5] https://chaoslabs.xyz/posts/oracle-risk-and-security-standards-network-architectures-and-topologies-pt-2

[6] https://pyth.network/publishers

[7] https://pythnetwork.medium.com/welcome-to-pyth-network-dc0c5b23cab4

[8] https://dev.to/gauciv3005/migrating-from-push-oracles-to-pull-oracles-the-future-of-defi-protocols-da1

[9] https://pyth.network/blog/pyth-a-new-model-to-the-price-oracle

[10] https://solana.stackexchange.com/questions/14718/pyth-v2-migration-for-projects-with-older-dependencies-pull-oracles

[11] https://web3canada.ca/wp-content/uploads/2023/10/IOSCO-Consultation-Report_-Policy-Recommendations-for-Decentralized-Finance-DeFi.pdf

[12] https://pyth.network/whitepaper_v2.pdf?ref=pyth-network.ghost.io

[13] https://chain.link/education/blockchain-oracles

[14] https://forum.pyth.network/t/about-the-pyth-dao/14?u=bats4

Feel free to reach out to me on Twitter @Oxmarkdams with any suggestions or opinions (I value genuine feedback or critique). If you find this even slightly insightful, please share it — I’ve invested a “countless hours” of refining this content, and your support means everything in helping it educate a wider audience. Thank you.

Pyth
Oracle
Pull
Defi

--

--

Mark Damasco

Written by Mark Damasco

22 Followers

H7rfn9g7bdAzo4ZNsWHfH4DiXLxHRC6dzxSttnJ4W9Tk https://markdamasco.substack.com/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams