Securing the Bridges Between Two Worlds: A Systematic Literature Review of Blockchain Oracles Security

Abstract

Blockchain technology has paved the way for the decentralization of Internet services. It achieves this using a decentralized and distributed ledger that can withstand single points of failure. The ledger is secured through advanced cryptographic techniques and a decentralized consensus mechanism that ensures its resistance to tampering. Blockchain is a self-enclosed system, usually called on-chain world. To interact with the rest of the internet outside the blockchain (e.g., off-chain world), we need to set up interfaces to let the two worlds interact. These interfaces are called oracles. Given the role of the oracles in a blockchain system, it is paramount to design and implement them securely. We perform a systematic literature review that shows not much research is done into studying the security aspects of blockchain oracles. The research mostly focuses on the economic aspects of the oracles or on how to implement or design oracles that can benefit some specific use cases. In this thesis, we select two inbound oracles and implement them to evaluate and compare them from a security point of view. The contribution of this thesis consists of a literature review motivating the need for further research on the topic and comparing two inbound oracles, as the technique used to perform them can be extended and adjusted to other oracles as well. We also present the implementation of an outbound oracle for completeness and discuss its security properties. Furthermore, we present a novel approach that makes use of a decentralized oracle network (i.e., Chainlink) to build a system that fetches off-chain data to the blockchain and then securely retakes the data off-chain, such that there is no need to trust the oracle nodes. The technique we propose is thus blockchain and oracle agnostic and can be applied in various situations.