Single oracle feeds with no fallback are not flagged to depositors as a concentration risk.
Pillar: Safety
The problem
A protocol’s exposure to a single price feed — with no circuit breaker, no fallback, and no deviation threshold — is not visible to depositors. Oracle manipulation has been the root cause of multiple nine-figure exploits.
Users deposit into protocols without knowing whether price information is sourced from one oracle or five, whether there is a TWAP buffer, or whether there is any fallback if the primary feed fails.
Why it matters
- Safety: A single oracle failure can drain a protocol I have no indication is exposed to it.
- Agency: I cannot make an informed risk decision without this information.
What exists today
Chainlink, Pyth, and other oracle providers publish their architecture. Individual protocols vary in how they use them. No disclosure standard.
The gap
No standard for oracle dependency disclosure at the protocol level.
Open questions
- What oracle architecture should be considered acceptable for institutional-grade protocols?
- How do you score oracle risk when multiple feeds are combined?