How Does RedStone Oracle Work?
RedStone Oracle is a modular oracle infrastructure provider that uses a novel 'pull' model — instead of constantly pushing prices on-chain (like Chainlink), protocols embed RedStone price data directly in transaction calldata, reducing gas costs significantly. RedStone secures over $8B in TVL across 70+ blockchain networks, competing with Chainlink and Pyth in the oracle market. The pull model is innovative and gas-efficient, but shifts implementation responsibility to integrating protocols — a misconfigured integration can be exploited without RedStone itself being compromised.
TVL
$570,000
Sector
DeFi
Risk Grade
C+
Value Grade
C+
Core Mechanisms
Oracle > Pull-Based
NovelRedStone Core pull model — data embedded in transaction calldata
Novel pull model where price data is attached to transactions rather than pushed on-chain
Oracle > Push-Based
RedStone Classic push model for Chainlink-compatible integrations
Traditional push model for protocols requiring on-chain price availability
Oracle > Cryptographic Attestation
ECDSA-signed data from data providers
Cryptographic signatures verify data authenticity from approved providers
Governance > Token Staking
RED token staking for data provider accountability
Stakers slashed for malicious data provision
Data Feed > Modular
NovelModular data source aggregation across 70+ chains
Novel architecture enabling rapid expansion to new chains without full infrastructure deployment
How the Pieces Interact
Protocol developers incorrectly implement pull oracle, allowing stale or manipulated data to be passed without validation
Data provider key compromise enables submitting malicious signed price data accepted by all pull-model integrations
Insufficient staking requirements allow sybil data providers to submit malicious data with minimal slashing risk
Price discrepancy between chains creates arbitrage that drains DeFi protocols relying on RedStone for liquidation prices
Silent data feed deprecation or source removal causes downstream protocol to receive default or stale values without alerts
What Could Go Wrong
- Pull-based oracle model requires on-chain transaction to include price data — malformed or stale data passed by callers
- Oracle infrastructure is high-value target — compromise affects all protocols using RedStone feeds simultaneously
- Decentralized data node network security depends on staking and slashing — sybil attacks possible at low stake
- Off-chain signed data model shifts trust assumption to data provider signing infrastructure
Pull Oracle Misconfiguration Enables Mass Protocol Exploitation
ModerateTrigger: Multiple protocols incorrectly implement RedStone pull oracle, leaving staleness checks absent; attacker exploits with old price data to drain collateral
- 1.Attacker identifies DeFi protocols with misconfigured RedStone pull oracles lacking staleness checks — Old price data can be submitted without triggering validation failures
- 2.Attacker uses stale price data to undercollateralize loans or trigger incorrect liquidations — Multiple protocols drained simultaneously using same oracle misconfiguration attack
- 3.RedStone issues emergency integration guide; protocols pause for audit — Significant funds lost; RedStone reputation damaged; integration re-review across 100+ protocols required
Risk Profile at a Glance
Overall: C+ (42/100)
Lower score = safer