Oracles are a blockchain primitive for propagating real world data on chain to be used in the context of decentralized applications. Oracles are often used in the context of Defi applications to price assets where liquidity is fractured between on-chain and off-chain sources

Push Oracles

The most broadly used and familiar type of oracle. These oracles consistently watch for price movements of curated assets and push the responses on-chain

  • Pros:

    • No user involvement to propagate prices

  • Cons:

    • Total fees of constant updates incur a high cost for cumulative transactions that must be propagated back to the data consumer, no matter their usage patterns

    • Cost fluctuations on chain relative to what protocols are willing to pay means older/staler data

Pull Oracles

Gaining popularity since 2022, pull oracles use their own data layer to stream data to paired with signatures from oracles verifying this data. Protocol users then can bring this data on chain themselves only when they need it

  • Pros:

    • Pull oracles tend to be much cheaper since posting prices to the destination chain is only done when the oracle is in use

    • Since price updates do not need to land on chain, it is much cheaper to stream fresh prices to the data layer and give tighter data staleness guarantees to the user

  • Cons:

    • Since users can see the price they are submitting on chain in their transactions, this may alter user behaviours which may break certain assumptions made in protocols' design decisions

Secure Enclaves

Secure Enclaves, or TEEs (trusted execution environments) are a class of hardware that can confidentially and verifiably run a process or an entire virtual machine

  • When running an application inside a secure enclave, the application may emit any output paired with a "quote"

  • These quotes sign the desired output with a unique signing key from within the TEE which can then be verified by any user to confirm that the generated output must have been generated by the binary listed within the quote

Enclave Quote

An "Enclave Quote" is a cryptographically signed message that originates from within a secure enclave. This message is authenticated using the certificate chain of the chip manufacturer and may include data produced by an application operating inside the enclave.

A quote serves as a verifiable mechanism to attest that a specific output was indeed generated within a secure and authenticated enclave environment.


"MR_ENCLAVE" refers to Intel's designation for an "enclave measurement". This is a signed 32 byte hash of that represents the binary or runtime loaded into the trusted execution environment. The hash serves as a definitive fingerprint of the code executing within the enclave, proving its authenticity and integrity.

All enclave quotes include an MR_ENCLAVE value, allowing for verification of the specific code that produced a given output. It confirms that the output originated from an authenticated and untampered code base within a secure enclave.

Last updated