Risk Oracles automate the most critical components of protocol risk management by adjusting parameters in real time based on market volatility and liquidity conditions.
As pioneers in this category, we have integrated Risk Oracles across markets on Aave, Pendle, and GMX, securing close to $10B in DeFi value in the process.
Introduction
Our previous article highlighted how DeFi has evolved into a sophisticated ecosystem with hundreds of billions in TVL. For context, DeFi TVL has grown from $245B to $305B in less than three months.
Oracles are fundamental in securing DeFi protocols by transmitting timely market data that underpins operations. However, this dependency has proven to be a double-edged sword. As DeFi matured, oracle-related attacks and exploits became increasingly common. Most of these are not the result of obvious pricing errors, but of protocols relying on reference data from oracles that use unsophisticated or inadequate methodologies, thereby producing illogical or exploitable inputs.
According to the OWASP Smart Contract Top 10 (2025), price oracle manipulation has emerged as the second most significant risk factor for DeFi protocols. This highlights how reliance on outdated oracle models has become a systemic vulnerability.
The Evolution of Risk Infrastructure
Originally, oracles were simple data pipelines that transmitted prices from offchain sources and published them onchain. As “price messengers,” they powered DeFi’s early growth.
These data pipelines must now evolve into intelligent data feeds that contextualize market information and reflect real liquidity conditions. However, improving price feeds alone is not enough. Price oracles, even when risk- and context aware, are not able to act on risk.
Risk Oracles automate the most critical components of risk curation by offering real-time parameter adjustment based on actual market volatility and context. They represent the next natural evolution in the oracle space, and as pioneers in this category, we’ve worked with leading DeFi protocols like Aave, Pendle and GMX to secure over $9B in value.
How Risk Oracles Work
Risk Oracles monitor various risk indicators in real time, leveraging the Chaos infrastructure and adjusting protocol parameters accordingly whenever a relevant variation is detected. It is important to note that Risk Oracles do not supersede the protocol's governance and can be constrained within governance-dictated and predefined limits. This allows for full governance control over the protocol's risk adjustment while prioritizing the safety of the users with the speed required by the constantly mutating risk landscape of crypto markets.
Chaos Risk Oracles are best paired with Chaos Agents, a middleware system of multiple orchestrated Agents between the Risk Oracle and the DeFi protocol whose parameters need to be curated. Each individual Chaos Agent is an independent smart contract equipped with protocol-specific configurations and is responsible for curating a specific parameter across multiple markets.
For example, you might have one agent for supplyCapUpdate, another for slopeOneUpdate, and so on. Chaos Agents across different Hubs leverage Common Modules, sets of independent immutable contracts that contain the logic to perform different operations, such as validating ranges and holding range configurations.
This modular and lightweight design allows the system to maintain maximum flexibility and adaptability while retaining full capabilities to manage the risk parameters of the target protocol.
Leading the Charge
DeFi protocols across multiple verticals have already adopted Chaos Risk Oracles:
- Pendle (Fixed Yield): Integrated Risk Oracles for Principal Tokens (PTs), which are increasingly used as collateral on Aave. PTs appreciate toward maturity but bring unique pricing and risk challenges. The Principal Token Risk Oracle introduces a multidimensional pricing and risk framework that evolves over time, adapts to market conditions, and resists manipulation.
- GMX (Derivatives): Integrated Risk Oracles to enhance trading efficiency by providing real-time adjustments to parameters such as price impact and OI caps. This integration has helped in reducing execution costs, tightening spreads, and lowering slippage on high-volume trades.
- Aave (Lending): Aave has a comprehensive risk management framework that spans multiple network deployments, hundreds of markets, and thousands of variables. The integration of Risk Oracles streamlines the risk process by reducing the latency of parameter updates while keeping every adjustment within the boundaries set by Aave’s governance.
The Road Ahead
As the DeFi ecosystem continues to grow, Risk Oracles will become as indispensable as (intelligent) price oracles. If DeFi 1.0 was defined by the widespread adoption of price feeds as foundational infrastructure, the current institutional adoption wave will see risk layers, both domain-specific and highly contextual, emerge as table stakes for DeFi protocols.
Risk Oracles will not be limited to a single vertical. On the contrary, we are already witnessing the early signs of an industry-wide shift, where every major DeFi protocol (derivatives, lending, liquid staking, fixed yield, structured products) adopts its own custom-ready suite. Risk Oracles will operate as both protective safeguards and competitive differentiators, enabling protocols to adapt effectively to a market that is more volatile, interconnected, and capital-efficient than ever. Just as price oracles created a unified, trust-minimized market for value, Risk Oracles will enable new financial primitives.
Over time, Risk Oracles will cease to be a “nice-to-have” and instead become the invisible infrastructure on which the first $1 trillion in DeFi TVL will be built.
Conclusion
Risk Oracles mark a pivotal inflection point for DeFi’s core infrastructure. By transforming passive price feeds into active protocol guardians, they fundamentally reshape the way protocols manage and monitor risk.
Aligning automation with governance, Risk Oracles enable protocols to scale faster, safer, and smarter. What once was a manual process is now becoming autonomous, auditable, and protocol-native.