Oracle Design для TON DeFi
Проблема: блокчейн не знает внешних цен
Smart contracts не имеют доступа к внешнему миру — они не могут вызвать API биржи для получения цены. Oracle — это механизм доставки off-chain данных on-chain.
Push vs Pull Oracle Models
Push Oracle
Pull Oracle (RedStone)
TWAP Oracle (Time-Weighted Average Price)
DEX pools естественно являются TWAP oracle-ами:
TWAP calculation:
Записывать cumulative_price каждый блок:
cumulative += current_price × time_elapsed
TWAP за период [t1, t2]:
twap = (cumulative[t2] - cumulative[t1]) / (t2 - t1)
Benefit: resistant to flash manipulation
(невозможно мгновенно изменить TWAP — нужно удерживать price долго)Oracle Design для Lending Protocol
Lending Oracle Requirements:
1. Price freshness: < 60 seconds staleness
2. Price accuracy: < 0.5% deviation from market
3. Redundancy: multiple sources
4. Manipulation resistance: TWAP or multi-source median
5. Fallback: if oracle fails → pause protocol (not use stale data)Multi-source Aggregation Pattern
Oracle Aggregator Contract:
Sources:
- Pyth Network (off-chain signed data)
- STON.fi TWAP (on-chain DEX price)
- DeDust TWAP (on-chain DEX price)
Aggregation:
1. Collect prices from all sources
2. Reject outliers (> 5% from median)
3. Final price = median of remaining
4. Store with timestamp
Staleness check:
if (now() - last_update > MAX_STALENESS) → reject priceSecurity Considerations
| Attack | Description | Mitigation |
|---|---|---|
| Price manipulation | Attacker moves DEX price → triggers unfair liquidation | TWAP (time-averaged), multi-source |
| Oracle downtime | Oracle stops updating → stale prices | Staleness check, fallback oracle, protocol pause |
| Front-running | Attacker sees oracle update tx → trades before it | Commit-reveal, pull oracle |
| Flash loan + oracle | Manipulate pool → distort TWAP | Не применимо на TON (no flash loans) |
TIP
TON advantage: no flash loan oracle attacks
На Ethereum flash loan attacks на TWAP oracle — major threat. На TON flash loans невозможны → TWAP oracle-ы значительно безопаснее. Это делает on-chain DEX TWAP viable первичным source для lending oracle.