Oracles

A price oracle is a tool used to obtain price information about an asset. For instance, when you view stock prices on your phone, you are using your phone as a price oracle. The application on your phone, in turn, relies on multiple sources to aggregate and display price information to you, the end-user. These sources are also examples of price oracles.

In the realm of smart contract development, especially when integrating with DeFi protocols, developers frequently encounter the challenge of how to accurately and securely retrieve on-chain asset prices. This is known as the price oracle problem.

Numerous oracle solutions on SatoshiVM have been implemented, each with varying levels of decentralization and security. The DeFi ecosystem has seen several high-profile hacks targeting vulnerabilities in oracle implementations. Addressing these vulnerabilities is crucial for the robustness of DeFi protocols.

While there is no one-size-fits-all solution, Savmswap enables developers to create highly decentralized, manipulation-resistant on-chain price oracles. This could meet many of the requirements necessary for building strong DeFi systems.

Savmswap Solution

Savmswap introduces several enhancements to support manipulation-resistant public price feeds. Firstly, each pair in Savmswap measures (but does not store) the market price at the start of each block, before any trades occur. This initial price is difficult to manipulate as it is determined by the last transaction in the previous block, which could be a mint, swap, or burn.

For an attacker to set a skewed market price, they would have to conduct a disadvantageous trade at the end of a block, often without any certainty of recovering their losses in the following block. Successful attacks of this nature, which would require "selfish" mining of two consecutive blocks, have not been observed to date.

However, this mechanism alone may not suffice. If a substantial value is settled based on this price, the potential profit from an attack might outweigh the incurred losses.

To address this, Savmswap incorporates the end-of-block price into a cumulative-price variable within the core contract, weighted by the duration of that price's existence. This variable accumulates the Savmswap price for every second throughout the contract's history.

External contracts can use this cumulative price to calculate accurate time-weighted average prices (TWAPs) over any interval. The TWAP is derived by noting the cumulative price from an ERC20 token pair at both the start and end of the desired period, then dividing the difference by the interval's length.

TWAPs can be directly employed or used as a foundation for moving averages like EMAs and SMAs.

Notes on TWAPs:

● For a 10-minute TWAP, sample once every 10 minutes.

● For a 1-week TWAP, sample once every week.

● The cost of manipulation scales with both the liquidity in Savmswap and the duration of the averaging period.

● Estimating the cost of an attack is relatively straightforward. For example, altering the price by 5% in a 1-hour TWAP equates to the losses from arbitrage and fees incurred by shifting the price by 5% in every block for an hour.

When using Savmswap as a price oracle, particularly where manipulation resistance is a concern, there are nuances to consider. The whitepaper and forthcoming developer guides and documentation provide more in-depth insights.

Meanwhile, developers can explore the example implementation of a 24-hour TWAP Oracle based on Savmswap.

Manipulation Resistance

The cost of manipulating the price over a specific period can be roughly calculated as the sum of losses to arbitrage and fees in each block throughout that period. For larger liquidity pools and extended durations, such manipulation becomes impractical, as the cost typically surpasses the potential gain.

Factors like network congestion might reduce the cost of an attack. For a comprehensive analysis of the security of Savmswap price oracles, refer to the section on Oracle Integrity in the security audit documentation.