Most lending exploits trace back to oracle manipulation. The Kaskad COB Oracle aggregates real-time bid/ask depth from 15+ major exchanges into a single consolidated order book, runs an arbitrage-exhaustion pass, and publishes the residual fair price on a sub-second cadence — from inside a TEE-attested enclave. Manipulation cost is provable, not asserted. Research by Eliott Méa, Kaskad's Lead Oracle Architect — backed by a grant from the Kaspa Ecosystem Foundation.
An oracle's job sounds simple — tell the protocol what an asset is worth right now. But every major lending exploit in the last cycle traces back to one of three vectors: a governance vote pushing parameters into unsafe territory, an oracle that got front-run, or a treasury without hard limits. Most lending protocols inherit a generic price feed and pray. Kaskad runs its own.
The COB Oracle is engineered for one job: pricing collateral for solvency-critical operations. Not a generic data service repurposed for lending — a purpose-built feed where every design choice serves liquidation correctness, attack-cost scaling, and freshness under stress.
The Kaskad COB Oracle is a TEE-backed multi-source price aggregation system. Two components:
kaskad-nuntius — a Rust binary that runs inside an AWS Nitro enclave. It fetches order book depth from 15+ exchange sources, aggregates them, and signs the result with a key that never leaves the enclave.kaskad-nuntius-contracts — a set of EVM contracts that verify enclave attestations on-chain and accept signed price updates.Real-time bid/ask depth is pulled from major CEX venues including Binance, OKX, Bybit, Coinbase, Kraken, KuCoin, Gate.io, MEXC, Bitget, Bitfinex, Bitstamp, Crypto.com, HTX, and more. Source authenticity is enforced inside the enclave: TLS sessions to each exchange are opened from within the Nitro enclave and covered by the same attestation that signs the published price — source-corruption reduces to compromising the exchange itself.
Rather than averaging last-trade prices, the oracle reconstructs a Consolidated Order Book: every source's bid/ask depth is normalised onto a shared price grid and stacked into a single combined book. It then runs an arbitrage-exhaustion pass — matching off any crossed liquidity exactly as an arbitrageur would, level by level — leaving a residual book that satisfies the no-arbitrage condition.
The fair price is the midpoint of that residual spread (its Chebyshev centre). The math is proven in A Mathematical Framework for Price Oracles — and the choice minimises worst-case error against any plausible “true” clearing price.
The key security property proven in the paper: moving the published fair price by any meaningful amount forces an attacker to perturb real depth across the combined book by a capital quantity that scales with both the size of the move and how thick the book already is. Because the cost is set by aggregate cross-venue depth, an attacker can't cheaply manipulate the feed by skewing a single exchange.
For liquid assets, oracle manipulation is expensive by construction— and exactly how expensive is provable rather than asserted. This is the line between “we've tested it and it seems fine” and “the math says it costs X to shift the price by Y”.
The enclave signing key is generated inside the AWS Nitro enclave and never exported. The enclave produces an attestation document containing the PCR0 measurement (a hash of the enclave binary). Anyone can:
NitroAttestationVerifier.solverifies the attestation on-chain and registers the enclave's signing address. KaskadPriceOracle.sol then accepts only price updates signed by a registered enclave address.
Today's V1 is a single attested node. The target architecture is the DAN (Decentralised Arbitrage Network)— a geo-distributed network of independent arbitrage agents and aggregator nodes. Each epoch the TEE-attested bots don't just observe but actively execute arbitrage against any crossings they see, then jointly sign the resulting post-trade snapshot via a threshold signature that KaskadRouter verifies on-chain. V2 removes any single point of trust from the price feed entirely.
Price updates are published every 30 seconds by default. A price update is also triggered on-demand when any user (or AI agent) interacts with the protocol through KaskadRouter — liquidators and borrowers always operate on a fresh price. The liveness of the oracle is not dependent on a single relayer process.
Because Kaspa is a DAG rather than a linear chain, the oracle can spread its publication across many parallel blocks in the same round. On a linear chain, a single adversarial block proposer can reorder or censor a publication; on a DAG, an attacker needs to control a majority of concurrent blocks — exponentially harder the wider the DAG gets. This is the structural reason Kaskad lives on Igra, which itself anchors to Kaspa L1.
Each asset has a per-update price change cap (15% for liquid assets). After 4 hours of on-chain silence, the first post-outage update is allowed a wider deviation (30%) but requires 2× the normal source quorum to proceed. Staleness is enforced by KaskadStalenessChecker, implementing Aave's IPriceOracleSentinel interface. Borrow and liquidation are blocked when any relevant asset's feed is stale beyond maxStaleness (capped at 4 hours). Supply, repay, and withdraw remain available — users can always reduce exposure.
KaskadPriceOracleCore oracle — verifies signatures, enforces quorum and circuit breaker, stores price history.NitroAttestationVerifierParses and verifies AWS Nitro attestation documents on-chain; extracts PCR0 and enclave signing address.KaskadAggregatorV3Chainlink IAggregatorV3Interface-compatible wrapper — one deployed per asset, drop-in for Aave's price oracle configuration.KaskadRouterAtomic price-update + protocol-action router; populates transient storage with the caller's address for the staleness checker.KaskadStalenessCheckerAave IPriceOracleSentinel implementation; blocks borrow/liquidation when any relevant feed is stale.Full contract addresses on the dedicated Contracts page.
Single TEE-attested node. Consolidated Order Book aggregation from 15+ CEX sources. Sub-second cadence. AWS Nitro enclave.
Decentralised Arbitrage Network. Geo-distributed independent arbitrage agents + aggregator nodes. Threshold-signed snapshots verified on-chain. Removes any single point of trust from the price feed.