Enshrined Eth2 price feeds

My point was not to bring up AMMs as a solution (they aren’t) but to suggest how broad the solution space could be without having a clear winner. IMHO, if there is a large solution space and there is no obvious good-enough-for-everyone solution, it’s best for a low level of the stack to stay agnostic and let higher levels (contracts/dapps/L2s) decide what is appropriate for their use case.

Since we seem to be concerned primarily with fiat price oracle and my example doesn’t work for that, I’ll offer an alternative to make my point (but please don’t attack the solution, it’s purpose is only to indicate the non-trivial extend of the solution space): Maintain a list of credible sources and have validators relay authenticated messages from them. This could be straight-up signed messages like in the case of Coinbase’s friendly new oracles, on-chain state for on-chain sources, or recorded authenticated HTTPS transmissions. The consensus rules would verify authenticity. Happy to discuss the pros and cons of this approach, but, again, that is not really the point. More alternatives have also been brought up by others above (trusted council like MKR, prediction markets).

I’m just wondering why the proposed solution in particular is being singled out for beacon-chain-consensus status when the solution space seems to me an active area of innovation with no clear winner. It’s also not entirely clear to me what we gain by promoting it to the consensus layer, though I see a lot of the drawbacks articulated by others above.

Understood and agreed

Also agreed It will be interesting to see the design space evolve, especially as DeFi grows and puts more pressure on the oracles.

The suggestion is less of a “solution” than an unopinionated low-level data feed. The raw price points can be mixed-and-matched with other price sources to build hybrids that explore a wider design space. It aims to strictly provide more power and flexibility for oracle designers, and spur innovation.

The raw price feed suggestion was singled out because it is the most low-level and generic primitive (in a similar vein to an EVM opcode) I could think of.

We already have similar functioning oracles in SKALE used for internal purposes.

SKALE V2 will have embedded programmable Oracles very much similar to what Justin described but PROGRAMMABLE in Solidity. You will be able to connect to any internet source of info. We believe Oracles are a feature and not a product.

As far as Unswap is concerned, I would not recommend anyone using at as a secure Oracle since it can be trivially manipulated. It can only be used as rough data.

What if input from external sources could be retrieved whilst not violating these inherit properties?

Here’s an idea I’ve been toying with:
https://joshua-ellul.medium.com/contrary-to-widespread-misconception-blockchain-dlts-and-smart-contracts-can-make-calls-to-94d864415ca7

the implementation is very hacky and only serves the purpose to show that this is possible… in future work we’ll focus on answering some other questions this raises (e.g. incentivisation to avoid nodes reporting that there was no response, language and VM structures to support the mechanism)

I’m strongly against it for a bunch of reasons but one of the main ones is that updating which price feeds to use is a governance hassle that will have to be undergone every year or two, which infringes upon the security of the base layer.

Governance is an attack vector, and I’m also skeptical of hard forks as a defence. Hence I’m in favour of further ossification of the base layer and less control by ACD or so-called community governance. This proposal does not allow for that.

I’ve been exploring a different way to handle enshrined price feeds, intended to address the concerns raised above (e.g. the risk of chain splits if a real-world asset becomes politically contested). The premise I’m adopting here is that when something like Vitalik’s “Brazilian civil war” scenario happens, an honest validator isn’t one that can somehow “pick” the correct side.

I take the moral of the story to be that an honest validator would be one reporting the true (ambiguous) state of the world. But this means, in the hypothetical Brazil Civil War, validators would report two distinct but plausible BRL prices (BRL-S and BRL-N). Note that the setup in this example (set valued oracle inputs, users who may favor one resolution over the other) can be thought of like a semi-adversarial coordination game ala battle the sexes:

Currency Split Asymmetric Coordination Game1120×864 49.3 KB

And so the key is to find a neutral way to handle multiple values where users had formerly expected only one. And here we need a bit of black magic. And that black magic here comes from a pathologically mixing RNG called Machine II (somewhat related to a Cauchy Oscillator from statistical physics.)

When you take “Machine II” and add encryption and smart contracts, it enables a thing I’ll call “Veiling.” In this case, trading at a Veiled price means the protocol or dApps can resolve any specific BRL trade at single value within the chosen price bounds. But crucially, within those bounds, there is no effective method to fix a particular value in expectation. Machine II draws are non-convergent for as long as you like-- for example here’s what 250,000 Veiled Price outputs could look like (these are fresh outputs from the actual algorithm):

veiloracleresults1920×921 189 KB

Veiling is thus kind of an anti-mechanism (h/t Tina Zhen). It can be used in other cases of extreme uncertainty too—veiling was partly inspired by a tweet from Dan Robinson about using TWAP Bounds to value debt and collateral. Dan’s examples are both cases where you can sort of “break the asymmetry” using different preferences about risk. Veiling becomes especially interesting when the protocol sees an asymmetry that it can’t break. Enshrined oracles can present such a case (and e.g. liquidations under extreme oracle reports might be another.)

There is some game theory and decision theory to this, which is treated in the paper you can read here. But essentially Veiling lets you define an interval of value uncertainty (e.g. BRL might be worth the value of either side in the civil war, or anywhere in between) and then credibly commit to trading in that interval using a draw from an (encrypted) Machine II. When someone makes this commitment, it’s the probabilistic equivalent of “refusing to trade” within that interval except that they can still trade.

equallydumbmeme890×494 84.4 KB

Thus you can help preserve a certain liveness with continuous trading but without having to resolve the underlying uncertainty prematurely. I think the fairness/neutrality argument for this approach is pretty straightforward: if the protocol is truthful about the uncertain information it has, this is handling that uncertainty neutrally. The paper also shows simple alternatives to veiling (e.g. a perfectly fair coin toss over values instead of Veiling over Machine II’s absolute chaos) can impose a “sure-loss” type exploit on BRL-holders.

But then there’s the question of what people will actually think about using it. Machine II is pretty cheap to run (about 100 lines of simple python), but using Machine II for Veiling certainly means (bounded) uncertainty about how any individual trade will resolve. In some sense this is whole point—the situation is uncertain, and veiling this directly and neutrally while allowing continuous trading, ensuring budget balance etc.

The uncertainty introduced by veiling might not be so bad though. There is suggestive evidence that veiling can be efficiency enhancing for users with divergent opinions. It gets a little technical (the paper has the theory + algorithm, along with a CFMM example) but you can see the punchline in this graph:

image1684×710 52.6 KB

But to the extent it’s a cost, you might say it’s the inevitable price to be paid from the fact that we were all happy trading a single value, knowing that such a “single value” could at some point stop being coherent. i.e. Even a well-thought out proposal like Justin’s could of course never future-proof an answer about whether we are supposed to report values from a basket called “SDR”, or from an entity called “IMF”, or from some future international consortium that does something similar.

The discussion in this thread is useful context, hence the necrobump rather than a new thread, but thoughts and comments encouraged.