- How Price Oracles Work
- Why DeFi Lending Needs Oracles
- Инцидент с оракулами Moonwell
- Impact on Users and DeFi Projects
A price oracle is an external data source that supplies current asset prices to smart contracts before they execute on the blockchain. In DeFi, many protocols rely on collateralized lending and borrowing. The value of collateral must accurately reflect real market prices; otherwise, the risk of liquidations and lender losses increases.
Oracles allow smart contracts to take automatic, time-sensitive actions — such as rebalancing positions, triggering liquidations, or recalculating debt — based on up-to-date price feeds.
How Price Oracles Work
Input data can come from centralized exchanges, decentralized sources such as DEX markets and price aggregators, external API services, or even blockchain-native infrastructure.
Prices are delivered in one of two ways: the oracle either periodically publishes updates to a smart contract, or the smart contract queries the oracle for a price at a specific moment. To reduce manipulation risk, many architectures aggregate data from multiple sources — a setup commonly referred to as a multi-oracle or composite price.
Verification and consensus are often handled by aggregator contracts that update data after either community voting or an autonomous algorithmic process.
Because updates are not instantaneous, there is always some latency between real market movements and the price recorded by the oracle. During periods of high volatility, this delay can become critical.
Why DeFi Lending Needs Oracles
Oracles determine liquidation thresholds by ensuring sufficient collateral relative to asset prices. When collateral falls below the minimum ratio, the protocol automatically triggers liquidation: a bot repays the debt and claims the collateral.
Accurate prices reduce the risk of undervaluing collateral and unpaid loans, maintaining balance between borrowers and lenders. More broadly, oracles enable fairness and predictable risk management, allowing DeFi infrastructure to function without manual intervention.
Common oracle architectures
Centralized oracles are fast and reliable but depend on a single source and are vulnerable to manipulation.
Decentralized oracles use multiple sources and consensus mechanisms, making them more resistant to manipulation but slower to update and more complex to calibrate.
Price aggregators combine data from several exchanges to produce more robust pricing. Some oracles return a time-weighted average price (TWAP) to reduce the impact of sharp spikes.
What can go wrong: typical errors and vulnerabilities
1. Premature price distortion — during sharp market moves, the oracle may capture prices before the market stabilizes, triggering false liquidations.
2. Configuration and update errors — misconfigurations can lead to incorrect price interpretation, as seen with cbETH on Moonwell.
3. Incomplete synchronization across sources — if one feed discounts an asset while another does not, the aggregated price can be inaccurate.
4. Asset dependency issues — pricing cbETH relative to ETH without factoring in the dollar value of the base asset can produce artificially low prices.
5. Governance delays — upgrade votes and mandatory timelocks can postpone fixes, increasing losses during crises.
6. Automated coding and AI-assisted development — raise questions about the reliability and transparency of changes in mission-critical systems.
Инцидент с оракулами Moonwell
The issue began after a system upgrade when oracle feeds on Moonwell markets in the Base and Optimism networks were updated.
As a result, smart contracts began reading cbETH’s price at roughly $1–$1.12, even though the real market value was around $2,200 per ETH. The protocol priced cbETH relative to ETH while ignoring the dollar value of the base asset, distorting valuations and risk calculations.
Liquidators quickly exploited the situation. They repaid loans for nearly $1 and seized cbETH at a severely discounted rate because the collateral was treated as almost worthless.
Anthias Labs reported large-scale cbETH seizures, leading to borrower collateral losses and significant bad debt for the protocol. Because the faulty price signal affected multiple markets and networks, the overall impact was substantial.
Moonwell attempted to mitigate damage by lowering supply and borrow limits. However, implementing a fix required governance voting and a five-day timelock, preventing a rapid response.
The incident also reignited debate around AI-assisted code generation and its effect on oracle logic, underscoring the importance of reliability when introducing automated changes to critical infrastructure.
Impact on Users and DeFi Projects
Price distortions can trigger mass liquidations and widespread collateral losses. Incorrect calculations increase systemic risk for all participants and undermine trust in DeFi applications.
As a result, maintaining reserves and sufficient collateral insurance becomes essential. Transparent audits, thorough code reviews, and timely oracle parameter adjustments are critical during crises.
Best practices for safe oracle design
1. Multi-oracle setups — use multiple independent sources and consensus mechanisms.
2. Mandatory verification and testing — test all changes in sandboxes and testnets before production deployment.
3. Local and global price comparisons — detect anomalies early.
4. Rapid response mechanisms — fast-track governance or predefined emergency parameters.
5. Low-level safeguards — limit the influence of any single source and ensure transparent governance changes.
Additional testing measures should include:
• stronger code audits and independent oracle monitoring
• emergency procedures for safe price corrections and liquidations
• transparent governance around oracle parameters
• rollback and compensation mechanisms to reduce user losses in case of failure
