TLDR:

• Oracle-based smart contracts are more secure than multi-sig/custodial setups. Off-chain oracles, as used in the Lava Loans Protocol, improve on oracle guarantees by enabling redundancy, optionality, privacy, and geographic-distributed security for smart contract execution.

What are oracles?

Oracles are just price servers. They figure out the price of an asset based on querying a set of exchanges and attest to the price, so that bitcoin smart contracts, like Lava, can leverage the price data.

Why and when do we need external parties to influence contracts?

When using smart contracts, we look for security guarantees (ex. contracts terms will be followed, there will be no censorship or confiscation). Most contracts require a set of parties to attest if some external event occurred (ex. price of bitcoin). Smart contract protocols should minimize the occasions where outside influence is necessary, but when needed, users have 3 options (trust a set of oracles, trust a multi-sig, or trust a custodian). Using oracles to help settle contracts provides several advantages versus the other 2 options.

Why are oracle-based contracts better than using just multisig or custodians?

Redundancy

First, increasing the set of parties used to settle contracts provides us with greater security guarantees. This is because the more people needed to collude, the harder it is that collusion will occur, and oracles enable more redundancy given:

1. It is simply easier to create a contract settled by a large set of oracles than a large set of multi-sig signers due to the significant increased coordination costs in creating a large multi-sig.

2. Most blockchains have technical limitations on how many people can join a multi-sig whereas there are usually no limitations on how many oracles can be used to influence a contract.

Optionality

Protocols, like the Lava Loans Protocol, make it easy for users to choose which oracles they want to use in their individual contracts. This enables users to tailor trust requirements for their needs, whereas with multi-sig products, users can’t tailor the multi-sig parties to meet their desired trust requirements. Giving users optionality with oracles also means that the failure of one contract does not indicate the failure of all contracts.

Privacy

In the specific case of bitcoin smart contracts, which power the Lava Loans Protocol, oracles are “blinded,” meaning that they do not know which contracts are using their data. Thus, it’s significantly more difficult for an oracle to attempt to manipulate a contract. In contrast, if you’re using a multi-sig or custodian to power your contract, they are aware of your contract and can more easily collude against you.

Geographically-distributed security

A multi-sig or custodian is usually a financial institution that is easier to target than a large set of geographically distributed, blinded oracles. Using oracles, contracts can be resistant to attack vectors stemming from one geography.

How are bitcoin oracles different than oracles in Ethereum?

In Ethereum, oracles attest to the price on-chain every block. This is expensive because oracles have to make a txn per attestation, and it introduces miner extracted value as miners can censor or potentially re-org oracle attestations to make profit. In bitcoin, oracles don’t have to attest on-chain because DLCs are off-chain contracts that settle on-chain. This is a massive unlock because not only does it reduce fees, it also solves one of the biggest problems in Ethereum (oracle MEV) and significantly improves reliability.

How private are bitcoin oracles?

Bitcoin oracles are just price servers and so they don’t know anything about the contracts using their data. This is also an added benefit of bitcoin oracles vs Ethereum oracles as in Ethereum oracles have full visibility on contracts using their data.

Can I choose my own oracles per contract?

Yes, if you read the multi-oracle DLC spec (linked here), you can learn that this is possible. Another benefit of bitcoin smart contracts is that each contract can have its own set of oracles. For example on Lava one contract can have a different set of oracles than another. This also does not exist in Ethereum, and it is another massive unlock for users and optionality.

How can I learn about the default oracle implementation?

At Lava, we’ve written the oracle implementation for bitcoin oracles. You can read it, contribute, or even run your own setup. The link is here.