Many interesting smart contracts have been developed in recent years to provide services for finance and other applications. One fundamental limitation of blockchain-based smart contracts is that they execute in a closed environment and only have access to the data and functionality that is fed into the blockchain or already on the blockchain. Any interactions with the real world need to be mediated by a bridge service, which is called an oracle. As decentralized applications mature, oracles are playing an increasingly prominent role. With their evolution comes more attacks, necessitating a greater attention to the trust model of using oracles. In this SoK, we systemize the design alternatives for oracles, develop a threat model and showcase attacks, and discuss attack mitigation strategies.