DeFi Intel

What is an Oracle?

Plain-English explainer · Updated 2026-07-01 · By DeFi Intel

How it works

Blockchains are deterministic, closed systems: a smart contract can only read state that already exists on its own chain. It cannot call an exchange API to learn the price of ETH. An oracle bridges that gap by writing external data on-chain, where contracts can read it like any other state.

Push oracles such as Chainlink run networks of independent node operators. Each node fetches a price from multiple data aggregators, the network medianizes the answers, and the result is posted to an on-chain aggregator contract whenever the price moves past a deviation threshold (often 0.5%) or a heartbeat interval elapses. Consumer contracts call the feed's latest round and should check its timestamp for staleness.

Pull oracles like Pyth invert the flow: publishers sign price updates off-chain at high frequency, and whoever needs a fresh price submits the signed update on-chain in the same transaction that consumes it, paying only when data is actually used.

A third option is on-chain-native: AMM time-weighted average prices (TWAPs), such as Uniswap v3's built-in oracle, average a pool's price over a trailing window. That makes single-block manipulation expensive, but the feed lags fast-moving markets. Robust protocols combine independent sources, bound the values they will accept, and reject data that is stale or deviates too far from expectations.

Why it matters

Oracles are DeFi's largest external dependency and one of its most exploited attack surfaces. Lending protocols liquidate borrowers, stablecoins defend pegs, and perpetuals settle funding based on whatever price the oracle reports — if that number is wrong, solvent positions get liquidated or worthless collateral gets borrowed against. Many protocols have been drained not through buggy contract code but through manipulated inputs: an attacker pumps a thin market, the oracle reports the inflated price, and the protocol pays out against it. Flash loans made this cheap by letting attackers move spot prices with borrowed capital inside a single transaction. Evaluating where a protocol's prices come from, how they are aggregated, and how manipulation-resistant they are is a core part of DeFi risk assessment.

Real-world examples

In October 2022, trader Avraham Eisenberg attacked Mango Markets on Solana by aggressively buying MNGO perpetuals and spot on thin markets, pushing the token's price up several hundred percent within minutes. Mango's oracle faithfully reported the manipulated price, inflating the value of his MNGO-margined position, and he borrowed roughly $116 million of other assets against it — draining the protocol without exploiting a single line of buggy code. The oracle worked as designed; the market it measured was simply too thin to trust.

FAQ

What is "the oracle problem"?

Smart contracts are trustless, but the moment they depend on off-chain data, they must trust whoever supplies it. The oracle problem is that this trust cannot be fully eliminated — only diluted, by decentralizing across many independent node operators and data sources and by adding economic penalties for misreporting. A protocol is only as secure as its weakest oracle.

What is the difference between a Chainlink feed and a TWAP oracle?

A Chainlink feed pushes a median of prices gathered off-chain by independent nodes from many exchanges, so it reflects the broad market quickly. A TWAP is computed on-chain from a single DEX pool's history, averaging price over a time window. TWAPs need no external operators and resist single-block manipulation, but they lag fast markets and can still be bent if the pool's liquidity is thin relative to an attacker's capital.

Are oracles only used for prices?

No. Oracles also supply verifiable randomness (for example Chainlink VRF, used in NFT mints and gaming), real-world event outcomes for prediction markets, proof-of-reserve attestations for wrapped and real-world assets, and cross-chain message verification. Price feeds are simply the dominant use case in DeFi because so much value keys off them.

Related terms

Go deeper

Browse the complete crypto glossary to explore related terms and concepts.

Browse Glossary