Fundamental Attacks on Ethereum Oracles and How to Prevent Them

Abstract: Many applications and protocols on blockchain platforms are reliant on real-world data which exists outside the blockchain, something which is not directly accessible through these platforms. To bridge this gap, blockchain oracles help these applications and protocols by providing them with this data. As different data used by these applications and protocols can result in different outcomes occurring, one way for attackers to attack these applications and protocols is to attack the oracles they rely on. This thesis investigates what types of fundamental attacks are possible on oracles hosted on Ethereum, potential ways to protect against them and how these attacks can be categorized. It also investigates if the different attributes of Solana or Corda provides any protection against these attacks in some way. In order to answer these questions, the different blockchain platforms are researched and investigated, along with different oracles and attacks on oracles. A framework which describes the different states data in a oracle can be in was also created in order to help find attacks. In total, eleven different fundamental attacks on Ethereum oracles were found along with different methods to protect against them. A majority of these attacks were deemed to be able to be done in full capability by both independent and nation-state attackers. Both Solana and Corda were found to provide some inherent protection against some of these attacks. Solana was found to be able to almost fully eliminate one type of attack due to its execution environment. Corda was found to make many of the found attacks harder to execute for an attacker, mainly due to its lack of anonymity.