UMA Protocol: How does the popular Optimistic Oracle work?

UMA is a decentralized oracle designed to record any type of data on the blockchain, except those that can't be verified.

It's called an optimistic oracle because it operates on the assumption that if no one disputes the data, then it's considered accurate. UMA also has a built-in arbitration system to handle disputes.

This oracle provides data for projects like cross-chain bridges, insurance protocols, prediction markets, and derivatives.

The types of data can vary widely — from cryptocurrency prices to sports or political events. However, all the data relates to real-world events that can be verified at some point.

Here are a few examples of such data:

• Elon Musk will tweet about cryptocurrencies before August 31st.
• Trump will say the word «tampon» in an interview.
• There will be a monkeypox outbreak in 2024.
• The price of Solana will be over $140 on August 23rd.
• Satoshi’s identity will be revealed in 2024.

Let’s break down the basic process of how the oracle gathers reliable data. When we talk about data here, we’re referring to the examples mentioned above. Throughout this article, you’ll see terms like «statement,» «assertion,» «event,» or «prediction» — all of these describe the data the oracle deals with at different stages of its lifecycle.

Here’s a simplified look at how data flows into the oracle:

• Statement. A statement is submitted to the oracle along with a reward. The idea is that whoever can successfully challenge the statement gets the reward.
• Challenge period. During this time, anyone can challenge the statement. If no one does, the statement is considered ready for finalization, meaning it’s accepted as true and reliable.
• Dispute. Even after the challenge period, any participant can still dispute the statement to claim the reward or just to keep things honest. That last bit is kind of a joke — disputes don’t happen all that often. Game theory suggests most people play fair in the protocol’s ecosystem.
• Voting. If a dispute is raised, UMA token holders vote to resolve it. UMA is the protocol’s token, and it gives holders the right to vote on disputes and earn rewards for doing so.
• Settle. The final step is settling, where the statement is officially confirmed as true.

Let’s walk through an example.

Vasily — thankfully not Terkhin — believes that Spain won the 2024 Euro Cup. This is a well-known fact, so Vasily decides to teach the Uma oracle about it. He submits the event to the oracle—this is the statement stage. The challenge period passes with no disputes—it’s pretty obvious. Then the final step, settle, confirms in the oracle that Spain was the champion. From now on, the oracle can always answer who won.

Vasily is pumped up by his success and plans to submit the entire 2024 Euro Cup results table.

But Vasily was actually rooting for France, who came in third. He decides to cheat by moving them up to second place. A disputer catches this and raises a dispute. It’s worth noting that both Vasily and the disputer have skin in the game—they’ve staked some tokens. The voting happens, and Vasily’s attempt to cheat fails because the oracle’s arbitration system works as it should, and the event is flagged as false. At the final settle stage, the oracle awards some of Vasily’s tokens to the disputer as a reward. Vasily loses his tokens, and the disputer comes out ahead.

That’s a quick overview of how Uma’s oracle works to validate new data from the real world.

The UMA oracle allows smart contracts to quickly request and receive information. However, there's a process that needs to happen before that information is confirmed, which involves a certain amount of time and a full verification process.

The following system components are involved in the oracle's operation:

• Asserter — The participant who submits a statement from the real world into the system. For example, «The exchange rate of the yuan today is equal to one dollar.»
• Disputer — The participant who can challenge the statement published by the asserter.
• DVM — A software module for resolving disputes between the asserter and disputer. However, using this module is optional and can be replaced with a custom dispute resolution system.
• Voter — The participant who votes to decide whether the asserter or the disputer is correct.
  Let’s take a look at the diagram from the official documentation that shows how all these system components interact.

According to the diagram, the Uma oracle works as follows:

1. The asserter publishes a statement and puts up a collateral in a token approved by the protocol. During the challenge period, the disputer can open a dispute if they disagree with the asserter's statement. To initiate the dispute, the disputer also stakes collateral. If the statement isn’t challenged within the allowed time, it’s considered true.
2. After that, the DVM initiates an independent voting process among all UMA token holders. This process includes commit and reveal stages, where initially, no one knows how others have voted, and then each participant reveals their vote.
3. After voting concludes, if the asserter was correct, they receive half of the disputer's collateral, with the other half remaining in the protocol. If the disputer wins, the reverse happens — they take half of the asserter's collateral.

To participate in voting, a voter needs to have their UMA tokens staked in the protocol. This is a key difference between DVM v1.0 and v2.0. The motivation for staking is the opportunity to earn rewards. Overall, this is a common feature used by many protocols, and Uma doesn’t offer anything new in this regard.

Voters participate in the voting process in two stages: submitting their vote in secret and then revealing it. This is known as the «commit/reveal» scheme. In the first stage, the vote is hashed and submitted to the smart contract, and in the second stage, the vote is revealed. This ensures that no one can see how others have voted, which guarantees a truly independent voting process.

There’s also an interesting mechanism called slashing. According to this mechanism, staked balances are redistributed from participants who either don’t participate in voting or vote incorrectly, to those who vote correctly.

It’s important to define what «correct» and «incorrect» participants are. An incorrect participant is one who ends up in the minority after the vote.

For example, the system proposes an event: «Zimbabwe will win exactly 10 gold medals at the Olympics.» It’s unlikely, but let's say the stars align, and Zimbabwe wins exactly 10 gold medals. It seems straightforward, so we vote that the event is true. However, for some reason, the majority of participants, maybe due to a mistaken source, vote that the event didn’t happen, thinking Zimbabwe didn’t win any medals. In this case, even though we voted honestly, we would be labeled as «incorrect» voters and subject to slashing.

It’s worth noting again that an incorrect participant is someone who voted with the minority. However, this scenario is unlikely because participants don’t know how others have voted until the reveal stage. Since voting is secret, no one wants to end up in the minority, so they’ll try to vote correctly.

This mechanism eliminates the economic incentive to act dishonestly or sabotage the voting process. The documentation refers to this as a penalty for not participating in voting.

OOV3 is the code name for the Optimistic Oracle V3 smart contract. If you need to integrate with the Uma protocol, this is the smart contract you'll be working with.

During deployment, the constructor of the smart contract takes three parameters:

• finder: A smart contract that stores the addresses of all active protocol smart contracts. This allows for efficient use of it in any third-party smart contract.
• defaultCurrency: The address of the token in which the protocol will accept collateral.
• defaultLiveness: The time frame during which a dispute can be initiated over a statement.

The core logic of the smart contract is straightforward and mirrors the protocol’s workflow in three steps:

1. Assert truth: Proposes an event/statement from the real world for validation.
2. Dispute assertion: Allows for the event to be challenged.
3. Settle assertion: Confirms the event as truthful, accurate, or correct.

There are two public functions for asserting an event: assertTruthWithDefaults() and assertTruth(). Essentially, the first function calls the second one with default parameters, so let's take a closer look at the second function in a simplified form.

After the assertion is created, the countdown begins for the period during which a dispute can be initiated. To do this, any party that disagrees must call the disputeAssertion() function. It's a small function, so let's take a closer look at it.

Once the dispute period has passed, the assertion can be finalized for public use. To do this, you need to call the settleAssertion() function. Let's take a closer look at it.

It's time to get more familiar with the DVM dispute resolution system. In the repository, this part of the code is located in a separate folder called data-verification-mechanism.

The main contract that's a good starting point for understanding the system is Voting.sol. Below, we'll be looking at its second version: the VotingV2.sol smart contract.

This system is larger than OOV3, but we'll aim to cover the most important aspects. At the center of the diagram is the VotingV2.sol smart contract itself, along with the interfaces it inherits: OracleInterface, OracleAncillaryInterface, OracleGovernanceInterface, and VotingV2Interface.

To participate in voting on disputes, UMA token holders need to stake their tokens. This is handled by a separate smart contract, Staker.sol, which VotingV2.sol inherits from. In the diagram, this is highlighted in green.

The yellow/orange highlighted smart contracts are those used within the main VotingV2.sol. They add additional logic, and for some of them, their addresses need to be provided to the VotingV2.sol constructor during deployment, implying they must be deployed separately beforehand. Let's list them and explain their roles:

1. VoteTiming.sol: Defines the timing intervals for UMA token holders' voting, specifically the order of commit/reveal operations. Remember, voting occurs in two stages. First, voters submit a hash of their vote, and then they reveal this hash.
2. Finder.sol: Responsible for storing the addresses of other smart contracts used throughout the protocol and beyond.
3. FixedSlashSlashingLibrary.sol: Manages the redistribution of UMA tokens between honest and dishonest participants, favoring the former.
4. VotingToken.sol: This is the UMA protocol's token. Its address is provided to VotingV2.sol during deployment. Users must stake this token to gain access to voting.
5. ResultComputationV2: A crucial library responsible for tallying votes.
6. Previous voting contract: The address of the previous version of the Voting.sol smart contract. It's only used for retrieving rewards or information stored in the old version.

The purple-highlighted sections in the diagram represent groups of functions implemented by the VotingV2.sol smart contract:

• Voting functions
• Voting getter functions
• Price request and access functions
• Owner admin functions
• Staking functions
• Migrating support functions
• Private and internal functions

There's no need to go into detail about what each function group does — the names are pretty self-explanatory.

With all this in mind, you can explore the VotingV2.sol smart contract on your own.

Now let's talk about the slashing mechanism. We've already identified it as the primary mechanism for incentivizing UMA token holders to participate in dispute resolution.

To understand how this mechanism works, we need to trace it back to its starting point in the code. A good place to start is the internal _updateTrackers() function in the VotingV2.sol smart contract. Let’s take a closer look at it.

This function is used in many places throughout the code. But if you look closely, most of the instances are tied to user actions: stake(), unstake(), withdrawRewards(). There are a couple more instances—go find them yourself, as they say.

So, it turns out that any action a voter takes will trigger slashing for them. They won’t be able to avoid it. That means you can’t just stake tokens, accumulate staking rewards without participating in the voting, and then withdraw the rewards later. When the user tries to withdraw, they will trigger slashing on themselves with their own transaction and get penalized. The only way to avoid the penalty is to participate in voting and do so honestly.

Additionally, the protocol allows anyone to trigger slashing for anyone else at any time. So, even just waiting it out until the protocol potentially cancels slashing through a DAO won’t work. Someone will definitely trigger slashing for such a user. All it takes is calling the public updateTrackers() function. This function will, under the hood, call the internal function of the same name.

If you don’t want to make the user go through the entire voting history, you can use a function that allows you to define the maximum depth of events for slashing. This is handled by the updateTrackersRange() function.

Let’s summarize when a user encounters slashing. Take a look at the diagram.

The only thing we haven’t covered is how the slashing code is written. I’ll leave that as a homework assignment. Hint: check out the _updateAccountSlashingTrackers() function.

Important! Earlier, we mentioned the FixedSlashSlashingLibrary.sol library. On closer inspection, you’ll see that it simply handles the amount of tokens that will be deducted from a user as a penalty for not participating in voting or for voting incorrectly.

Uma offers several example projects that demonstrate how to use the protocol:

• Prediction market. Implements a prediction market where the outcomes are verified using the Optimistic Oracle V3.
• Insurance contract. Implements an insurance contract that allows you to obtain a policy with the possibility of receiving a payout in case of an insured event.
• A generic data assertion framework. Allows making assertions on arbitrary data, verified through the Optimistic Oracle V3.

Let’s dive into the most interesting example, the "Prediction market." I chose this example because I know of a popular service in the prediction markets space, Polymarket, which uses the Uma protocol.

How does a prediction market work? The service is populated with predictions that users can vote on, choosing one of the possible outcomes. For example: "Bitcoin will be worth $100,000 tomorrow." A user can agree with this statement or disagree, and cast their vote for either the positive or negative outcome.

You can think of it as a betting service. We’re betting on a specific outcome of an event. When the event happens, the bet either pays off and we earn money, or we lose everything. Usually, a prediction has two or three outcomes, but sometimes there are more. A fungible token is created for each outcome. To place a bet, you need to buy this token. The acquired token can be exchanged on other platforms for a more well-known token, if it’s listed there. Often, the ability to exchange is implemented directly within the prediction service itself.

Let’s jump right in. Let’s take a look at the constructor:

The main task of the prediction market is to create various binary assertions where users can express their opinions by indicating whether they "agree" or "disagree" with the assertion. These are referred to as possible outcomes of an assertion or prediction in the smart contract. There's a special mapping called markets for storing these assertions.

Now that we know the data structures that describe the prediction market, we can take a look at the initializeMarket() function, which creates markets on the smart contract.

The next step, after the prediction market is created and users have placed their bets "for" or "against" and the predicted event has occurred, is to submit the proposed outcome to the UMA protocol to validate the result. Our smart contract implements the assertMarket() function for this purpose.

At this point, a reasonable question might arise: how does the PredictionMarket.sol smart contract know when the oracle has settled the event and is ready to tell us that our assertion is correct? It's time to remember the callbacks that the oracle can perform. We just need to implement one of these callbacks, called assertionResolvedCallback(). When the assertion is verified by the oracle, it will trigger this callback.

The entire sequence of calls we described above can be summarized in a diagram for clarity.

With this, the main logic of how the PredictionMarket.sol smart contract interacts with the Uma oracle comes to an end. We intentionally skipped over the details related to the inner workings of the prediction market itself. Often, for each outcome in the market, a fungible token is created. When users choose an outcome, they are essentially buying these tokens under the hood and, moreover, can trade them (this functionality is beyond the scope of this example). The beginnings of this logic are also present in our example contract. The functions responsible for this are: createOutcomeTokens(), redeemOutcomeTokens(), settleOutcomeTokens().

Previously, to participate in voting, it was enough to hold UMA tokens in your wallet. The protocol used a snapshot mechanism to record users' balances, which acted as an "entry ticket." In the new version, you must stake UMA tokens on the protocol's smart contract to gain access to voting.

At the time of writing, users are offered an APR of 30.1%. However, this doesn't mean you can stake and passively earn rewards. Remember that the system has a slashing mechanism, which can redistribute stakers' balances.

According to the documentation, each voting period lasts 48 hours:

• The first 24 hours are for encrypting your vote. This is the commit stage.
• The next 24 hours are for revealing your vote. This is the reveal stage.

Staking rewards accumulate continuously and can be claimed at any time.

However, there’s a catch when you need to unstake your tokens. You’ll have to first make a request, wait for a certain period during which your tokens won’t earn rewards, and only after that can you withdraw your staked tokens with a separate transaction.

Important! At the time of writing, the penalty for missing a vote is 0.05% of the staked balance.

In addition to being used for voting on real-world event assertions, the UMA protocol token is also used for protocol governance.

The voting process is divided into two stages—commit and reveal — and lasts 48 hours, which we've already covered.

The protocol has its own proposal standard, similar to Ethereum's EIP. These proposals are called UMIPs (UMA Improvement Proposals).

It’s worth noting that the protocol uses a progressive approach to voting. What does this mean? It means that voting doesn’t immediately take place on-chain but starts with a special service called snapshot.org. In the end, the voting process looks like this:

1. Post to Discourse. First, you need to post your proposal on "https://discourse.uma.xyz/". The proposal outlines the key idea. At this stage, the community has the opportunity to discuss the proposal.
2. Snapshot Vote. Once the proposal is ready, the author creates a five-day vote on Snapshot.
3. On-chain Vote. If the Snapshot vote passes, the vote is conducted on-chain.

At the time of writing, the protocol on Snapshot has only 71 participants.

The Optimistic Oracle from UMA stands apart from other oracles. In the traditional model, oracles try to minimize human involvement by decentralizing data aggregation, selecting a leader to deliver the data, and using entire blockchains, additional consensus mechanisms, and multiple independent data sources. UMA does none of this; instead, the protocol takes a completely different approach, relying entirely on its community to determine the accuracy of the data.

This approach opens up entirely new use cases, particularly for prediction markets, insurance, and many other areas where data delivery speed is not the top priority, and they can afford to wait for the full cycle of data verification within the UMA protocol. However, this allows the oracle to provide an almost unlimited range of data types, essentially with semi-automated verification of their integrity and accuracy.

As usual, my personal opinion is this: it's an interesting protocol that has thought carefully about its incentive and restraint system for participants. It clearly understands its niche where it can be useful and tailors its service accordingly. The protocol definitely deserves attention because the solution is technically simple and elegant, yet completely different from the traditional oracle model. However, its practical success depends on the activity of the community, which needs to stake, vote, and resolve disputed assertions. But that’s a whole other story.