Blockchain oracles are responsible for providing smart contracts with real-world information. This information could be anything from the price of an asset like ETH or the US dollar to the winner of a presidential election.
Smart contracts in DeFi (particularly lending protocols) typically need information about asset prices to calculate user debt and collateral in the system. Because of the enormous value locked into these protocols, attacks manipulating the pricing of debt and collateral assets can be very lucrative.
To protect DeFi smart contracts from executing based on incorrect information, several approaches have been implemented to improve the security of oracles. An example is Time Weighted Average Price (TWAP) oracles, which we discuss in this article.
What is a TWAP oracle?
A TWAP oracle is an oracle that provides information about the average price of an asset over a specific period. For example, if a user sets a 7-day interval for the TWAP oracle, the latter returns the average price of the asset across seven days.
TWAP oracles are designed to solve a problem associated with using on-chain oracles: price manipulation. Consider a lending protocol using spot prices from a DEX like Uniswap to calculate the pricing of assets deposited as collateral:
DEX prices are fairly accurate since traders are always available to restore parity in prices (via arbitrage). However, an attacker can manipulate the reported spot price of an asset by taking out a flash loan to drive up the asset’s price.
Since flash loans are uncollateralized, attackers incur zero risk when performing price manipulation. The bZx exploit and Warp Finance exploit are prominent examples of flash loan attacks on lending protocols using on-chain price oracles.
TWAP oracles attempt to solve the problem by making deliberate manipulation of a token’s price on a DEX costly. We’ll go into details of how a TWAP works, but it suffices to say that an attacker would need to manipulate a token’s price over a long period to profit from a price manipulation exploit. This is primarily achieved by setting a longer interval when querying the TWAP oracle (although this may result in slightly out-of-date prices).
How do TWAP oracles work?
TWAP oracles are an alternative to VWAP (Volume Weighted Average Price) oracles. Although different, both oracles calculate asset prices using weighted averages.
A weighted average simply means that values in a dataset are multiplied by predetermined “weights” before being summed up as part of the calculation. Weighting assigns significance to certain values in a distribution and is thus considered more accurate than naively summing up all values and dividing by n number of values to get the average of a dataset.
A TWAP oracle uses duration (time) as a weight. The price (P) is continuously multiplied by how long it lasts for (T) and added to a cumulative value (C) at different checkpoints (usually at the end of a block). In the end, the total cumulative value is divided by the total duration to get the average price across the specified period.
We calculate the average price of ETH across a 250-second interval using the TWAP mechanism below to illustrate the concept. Note that this is a simplified example and abstracts away more complex details of TWAP oracle implementations:
- When T (timestamp) = 0 and P (price) = $1,200, C (cumulative value) is 0 because P x T = 1200 x 0 = 0.
- When T (timestamp) = 200 and P (price) = $1,300. C (cumulative value) increases to 240,000 because T (200 – 0) x P (1200) = 240,000.
- When T (timestamp) = 250 and P (price) = $1,250. C (cumulative value) increases to 305,000 because T (250 – 200) x P (1300) = 305,000.
The TWAP of ETH over a 250-second interval is $1,220. We calculate this figure by dividing the cumulative value (305,000) by the total time elapsed (250 seconds).
You’ll notice that the calculations use the last price of an asset at the previous block instead of the price at the current one. By using the value of P at the last transaction in a block, TWAP oracles increase the difficulty of successfully executing price manipulation.
An attacker may control the last transaction in the previous block, but they cannot predict the ordering of the next block. This discourages manipulation of TWAP oracles since arbitrageurs can steal the backrun opportunity before the attacker can get the second transaction—one that borrows or lends assets at an inflated price—processed. To succeed, an attacker would need to control the ordering of two or more blocks, which can be costly to pull off.
Conclusion
Introduced in Uniswap v2 and improved in Uniswap v3, TWAP oracles provide a suitable alternative to spot price oracles and off-chain oracles. As the information is sourced on-chain, TWAP oracles are less susceptible to attacks from oracle operators colluding to report incorrect prices.
More importantly, TWAP oracles are more robust in the face of short-term price fluctuations and the possibility of flash loans. For more information on TWAP oracles, stay tuned for our article on why TWAP oracles are key to DeFi security.