⏺️Overview
Last updated
Last updated
We saw a fair amount of confusion in regards to our newly presented feature — Decentralized AMM oracles.
The main concern seems to revolve around terminology, the word ‘oracle’ in particular. Not really relevant in practice, yet a valid point nevertheless.
Let’s dive a bit deeper into this game changing feature, addressing some of the concerns as well.
The blockchain is isolated from the outside world, there are no trustless means to bring real world data on-chain.
This is the exact problem oracles are solving.
By aggregating off-chain data from multiple sources, validating and verifying it, producing it to the blockchain in the end.
The only purpose is to make trusted data available on the blockchain, to be later used by actors operating on the blockchain.
The most important of those actors are smart contracts.
By the origin of this data, smart contracts can assume that it is correct, can be trusted and used, even in a sensitive financial context.
We will be using our P2P lending product for that.
Imagine some user wants to liquidate the loan through P2P lending smart contract.
In order for this to happen, P2P lending smart contract needs to know collateral and loan asset prices, to perform calculations, and either allow to liquidate, or not.
We can choose any price feed for that, let’s imagine we are using Coingecko API.
Coingecko is a brilliant, yet centralized entity, which has all of the control over prices it provides.
It can send incorrect prices to our smart contract, if some employee changed it in the database, or some software bug appeared.
The platform itself can go down, this way essentially freezing all of the interactions with P2P lending smart contract, etc.
Obviously, this is not trustless, smart contract cannot trust this source unconditionally.
Let’s imagine that we have an oracle, which aggregates the very same prices from Taptools, Coingecko and CMC.
It compares them, validates that each individual price source reports identical information, and reaches consensus.
Once it is sure that this price can really be trusted, it issues it to the blockchain, in a decentralized manner, of course.
Now, our P2P lending smart contract is free of the burden of validating the received price, because it’s already been done by an oracle.
This price source can be trusted unconditionally, and can be used to perform liquidations worth millions of ADA.
With the provided context in mind, let’s transition to the AMM oracles.
This is a different concept under the hood compared to traditional oracle, but the end result is completely the same — trustless data point on the blockchain.
In order to understand why it is trustless, we need to understand how AMMs operate.
As mentioned in the previous post, price discovery is the main function of the AMM protocol.
If there are 20M USD and 40M ADA locked within the pool, in the AMM smart contract, this means ADA price is 0.5 USD.
If you would like to swap 10 USD to ADA, you would receive 20 ADA, which is enforced by the AMM smart contract logic. There is no way around it.
First of all, the AMM smart contract, which is determining and exposing the price, will be open sourced and audited, which ensures that the logic is correct, and anyone can check it.
By saying that smart contracts cannot be trusted, we contradict their fundamental nature.
Secondly, price is backed and derived from real underlying assets, stored directly in the AMM smart contract. At any point in time, users can check the AMM smart contract, and easily determine the price from currencies deposited in the pool.
By saying that price cannot be trusted, we are saying that decentralized AMMs do not work in general.
Price is stored in the Inline Datum, in the exact same manner as in any other Oracle on Cardano. Consuming the feed is also technically identical, using Reference Inputs.
Viewing things in the same manner, we can also say that any other Oracle provides only one price source, as we are consuming only 1 data point in the blockchain, when using the oracle. As for the AMM oracle, data (price) was derived in the blockchain, through trustless smart contract, not from the outside world, thus it is inherently correct, and as explained previously, it cannot be proven otherwise.
Like when you swap in any of the decentralized AMMs, the price you are getting is also derived solely from the underlying assets locked within a pool, in the exact same manner. There are no multiple external price sources, or oracles in this case, yet you trust the verifiable smart contract logic to discover the price by itself.
The common misconception we are seeing is the comparison between Cerra AMM oracle and one centralized price source. Those are two completely different things. If we would take the very same price from the off-chain, for example using some Cerra AMM price API, and would pass it to the smart contract, yes, it would be an extremely centralized approach. The key difference here, is that Cerra AMM oracle price never leaves the blockchain, is trustless as explained previously, and the interaction happens between two smart contracts directly, in the completely decentralized manner.
In the AMM, transactions are being made regardless, like swapping and providing liquidity, which in turn mutate pool state, and the asset prices within it. Price feed is pretty much a free side product of AMM activity. If the pool is active enough, meaning at least 1 action is performed with it per block, the price will be updated every block. That’s the maximum refresh rate you can achieve, 20 seconds on average, with no additional cost.
No solution is perfect. As AMM Oracle price directly mimics and is derived from pool liquidity, any action performed with the pool affects it. If the pool is small, meaning it contains low liquidity, a huge swap order can change the price drastically. In the case of a pool containing miniscule liquidity compared to circulating supply, price feed can be considered risky. On the other hand, if the pool holds a significant portion of the circulating token supply, something like 30%, the feed can be considered risk free, as a drastic token price drop would affect the whole token value in general, thus price drop cannot be considered as manipulation.
As mentioned in the previous post, our goal is to make this a standard among Cardano AMMs. If the majority of the AMMs would integrate this feature, even though the liquidity would be scattered between different platforms, the aggregated AMM oracle price feed would reflect a significant portion of the circulating token supply, thus leaving no room for manipulation.
At Cerra, we believe interoperability is the main concept, which should drive the DEFI ecosystem. Having the unique ability to easily share data and state between different smart contracts of different purposes, we can make certain use case implementation way easier, arriving at a decentralized infrastructure at the very end.
As a dApp developer on Cardano, Cerra’s team faced the very same problem other projects are facing. If your platform supports multiple assets, and a price metric is needed for smart contract to be executed properly, currently there are no viable decentralized solutions. Projects need to tackle this problem by rolling out their own semi-decentralized workarounds, or just consume the price in a centralized way. This is the reason why we came up with this solution in the first place, and it seems that we are solving the real world issue, as lack of CNT price feeds is one of the most challenging hurdles currently.
Summing up, we are not labeling this as an ‘oracle killer’ or anything like that. Oracles are an integral part of any blockchain, and they are not going anywhere. Apart from CNT prices, there are many use cases which can only be covered by the ‘traditional oracle’. For example, verifiable random functions, assets which are not native to the blockchain, etc.
Getting back on the definition of the word ‘oracle’, as we established previously, the main purpose of it is to bring trustless data to be accessible on-chain. In our opinion, how it is done in the background is irrelevant, as long as the result can be trusted unconditionally.
As our friends at Orcfax put it, “Let’s all call the same stuff by the same name”, which is a logic we cannot argue against. From now on, we are calling this feature ‘Decentralized AMM price feeds’.