❤️Tutorial 46: The Risks of Chainlink Heartbeat Discrepancies in Smart Contracts
When integrating decentralized price oracles like Chainlink into smart contracts, developers often rely on periodic price updates called heartbeats. However, relying on fixed heartbeat intervals without considering potential price deviations between updates can introduce vulnerabilities. One such risk is the exploitation of price discrepancies due to delayed or infrequent updates, creating arbitrage opportunities that can be exploited by malicious actors. This section outlines the key risks and explains why developers should be cautious when working with heartbeats in price feeds.
Heartbeats and Price Deviations
Price feeds typically operate with a deviation threshold and a predefined heartbeat interval, which determines how often the price is updated on-chain, regardless of whether the deviation threshold has been crossed. For example, a Chainlink price feed may have a 24-hour heartbeat and a 2% price deviation threshold. This means the price is only updated if the asset's value changes by more than 2%, or if 24 hours pass without an update, whichever comes first.
The problem arises when the price of an asset fluctuates within the allowed deviation range, and the price feed does not get updated within the heartbeat interval. During this period, the on-chain price may remain outdated, while the actual market price changes. As a result, discrepancies between the on-chain price and the market price can arise, opening the door for potential arbitrage.
Arbitrage Vulnerabilities
Arbitrage occurs when a difference in price exists between two or more markets or systems, allowing traders to exploit the price difference for profit. In the case of price feeds relying on heartbeats, if the market price of an asset changes significantly within the deviation threshold but does not trigger a price update on-chain, a user can take advantage of the outdated on-chain price to engage in arbitrage.
For example, imagine a scenario where the on-chain price of an asset, such as a staked ETH (stETH), is hardcoded or not updated for 24 hours due to the heartbeat interval. During this period, the actual market price of stETH could fluctuate within the allowable deviation (e.g., ±0.5%). By the time the price is updated on-chain, an arbitrageur might have exploited the outdated price to gain an unfair advantage, profiting from the price discrepancy between the on-chain value and the real-world market value.
Price Discrepancy in Multi-Asset Systems
This issue is particularly pronounced in systems that rely on multiple price feeds for different assets. For instance, in protocols where various forms of tokenized assets (e.g., rETH, stETH, cbETH) are used, the price feeds for each asset may have different deviation thresholds and heartbeat intervals. If these prices are not updated consistently, the resulting price discrepancies can lead to inaccurate valuations of assets within the system.
For example, if the price of rETH deviates by +2% while stETH deviates by -0.5%, the overall exchange rate between the assets could become skewed. This misalignment opens up opportunities for users to manipulate the system by timing their actions to exploit these price differences, leading to imbalances or unexpected outcomes.
Mitigating the Risk
To mitigate the risks associated with heartbeat discrepancies, developers should avoid relying solely on a single price oracle or fixed heartbeat intervals. Instead, they can implement the following strategies:
Use Multiple Price Feeds: Aggregating data from multiple independent oracles can help ensure that the price of an asset is updated more frequently and accurately, reducing the likelihood of exploitable discrepancies. Although this increases gas costs and system complexity, it provides a more robust defense against price manipulation.
Dynamic Update Intervals: Instead of fixed heartbeats, developers can consider using dynamic update intervals that trigger based on real-time market conditions. This approach ensures that price updates happen more frequently during periods of volatility, reducing the window for potential arbitrage.
Price Discrepancy Monitoring: Implement on-chain logic that monitors the price difference between oracle data and real-world market prices. If the discrepancy exceeds a certain threshold, the protocol can pause transactions involving the affected asset, preventing arbitrage until prices are realigned.
Time-Limited Price Validity: Set time limits on the validity of price feeds. If a price has not been updated within a specific timeframe, the contract could prevent further interactions with the affected asset until an updated price is retrieved. This ensures that outdated prices do not persist in the system.
In summary, relying on hardcoded heartbeats and deviation thresholds in price feeds can lead to significant vulnerabilities, especially in volatile markets or multi-asset systems. To avoid price discrepancies and potential arbitrage, developers should consider multiple price feeds, dynamic update mechanisms, and robust monitoring tools to maintain accurate and up-to-date pricing within their smart contracts.
Last updated