Original title: “DeFi Builders ignores data-related risks and may lead to large-scale failures”
Written by: Camila Russo
Facts have proved that the way in which blockchain applications obtain data is crucial, because the failure of these systems has become the core of many new attacks in DeFi.
Sergey Nazarov stated that most activities in the entire blockchain ecosystem currently take place in the fields of DeFi, insurance and gaming. He is happy to see more and more centralized companies begin to decentralize some of their businesses.
In the next few months, he is most looking forward to continuing to support DeFi, increasing the amount of data input provided by Chainlink, and increasing the incentives for node service providers. In the future, finance will increasingly be based on blockchain technology. The following is part of the interview:
The oracle’s importance to DeFi
The first is that some contracts need to interact with external data. For example, they need to know the price changes, according to the insurance contract, they need to know whether the goods have been delivered, how the goods are kept during transportation, or they need to know whether there is rain to pay the insurance policy to farmers.
These more advanced contracts all need to have the ability to understand these contents. Now, people may have some misunderstandings. Although they are called smart contracts, they should actually be called tamper-proof Crypto protocols, because what they really want to do is create records and record events. But the system that actually runs the smart contract has no ability to truly understand these events.
This is the so-called prophecy machine. It can understand and provide certain information that the system cannot know.
The difference between Oracle and blockchain
The problem with the oracle is that the smart contracts or logic executed in these blockchain environments are unable to access external data due to the security requirements of the blockchain. The security of the blockchain prevents access to some information through internal logic.
The oracles have certain concepts borrowed from the blockchain, but they are not blockchains. I think the problem with some solutions is that they try to adopt certain blockchain concepts and try to fully apply them to the oracle machine, ignoring the differences.
The oracle focuses on solving a completely different problem. The oracle needs to obtain uncertain, unverified, unsafe (sometimes unreliable) data from other places, and put it into a system that can improve its reliability. The first basic difference here is that the oracle has to process data from other systems. The Oracle is not meant to create a deterministic closed system. In fact, it is a non-deterministic system that attempts to use data with security or reliability problems, and combines some encryption methods to verify the source of the data to ensure In most cases, these data are generally of higher quality.
As an example, some people use Dynamic Membership to build oracle systems. Dynamic membership allows random people to appear and be processed. Chainlink really does not have such a solution. Chainlink’s solution is to provide node service providers. These node service providers can prove their data security and reliability. Then, these node service providers and users’ smart contracts form something called service agreements. On the chain, you can get the data delivered by the node service provider with a certain quality and frequency.
Not paying attention to data quality
There have been some problems in DeFi recently, some of which were triggered by the wrong oracle or price mechanism. One of DeFi ’s major crashes was the failure of the MakerDAO clearing system, partly because the price update rate was too late during the Tai Falls. At the beginning of the year, a bZx attack also occurred, possibly because the attacker manipulated the pricing of Uniswap and Kyber. You can see that there is a problem with pricing. The oracle system will cause DeFi to be attacked and cause problems for DeFi applications. Can the Oracle machine solution avoid these problems? Are these problems inherent in the DeFi application?
These problems are not inherent. They are a matter of application design. During that time, there were no users who suffered losses due to the use of Chainlink’s oracle. In my opinion, some oracle machines ignore their dangers, data quality, node service providers’ quality and the guarantees provided by node service providers to users.
It can be seen that people are solving this problem through the following two methods. One method is to use the blockchain, and then copy everything in the blockchain to the oracle machine. This often misses the key issues to be solved. The key problem to be solved by the oracle is the high reliability, high security, and high availability of access to external systems. They do not even know whether these systems are safe. Therefore, the first problem is “This is just a different blockchain.”
The second problem is that there are already one or two types of oracle mechanisms that do not consider data quality. They basically ignore the following facts: In traditional finance, there are a large number of successful data companies (such as Bloomberg, Reuters, etc.) in a highly competitive market, they eliminate the risks associated with data. Many people create both data companies and software that provides data transmission security. They have never created a data company and will ignore some of the risks posed by data.
Chainlink does not actually generate data. We provide power to data providers such as Bloomberg and Reuters to obtain high-quality data, leaving the data issue to a truly experienced data aggregation team. Chainlink focuses on transmitting data appropriately and ensuring the source of data to the greatest extent.
Data source issues
Some oracles first integrate two exchanges to determine the market price of the asset. After that, a third exchange appeared and obtained the entire trading volume. That is to say, the trading volume of the exchange that has been integrated into the oracle machine system only accounts for a very small part, so is the price easy to manipulate? The reason for this problem is that when the transaction volume is transferred to another exchange, there is no alarm mechanism, which creates huge risks. If the oracle uses a single exchange to define the price, how to predict the transaction volume of the exchange, especially for some tokens with rare transactions?
The only reason why these very dangerous patterns failed to arouse people’s discussion is that there is currently no level of loss of Mt. Gox. Some self-made oracle machines use the data of a certain exchange, and they do not have the ability to deal with these risks. If a problem occurs, the entire DeFi field will fall into darkness. People can use any oracle mechanism they like. But people should understand that it is not as simple as I connect to the API.
Chainlink’s mechanism focuses on security and provability, and is very lucky to be able to work with top data providers. We are working with as many people as possible to ensure that experienced teams provide higher quality data and respond to various security system risks. Such as market coverage risks or manipulation attacks, but these attacks have not been experienced by people. So I suggest that people seriously consider whether to entrust their destiny to oracles that do not even understand the risks of their design methods.