Why centralized oracles are a threat to the $16B DeFi industry | Interview with Sergey Nazarov

if you had a system of smart contracts and oracles in 2005 and six and seven it's very possible the 2008 financial crisis wouldn't have happened anywhere near to the degree that it did happen this is sergey nazarov he's the co-founder at chain link a technology that connects blockchains with off-chain data by using oracles oracles make sure that value containing smart contracts correspond to the same value in the real world thus they ensure trust in the emerging decentralized finance ecosystem that we can actually prove that there's a certain amount of money in a bank account backing a stablecoin the implementation of oracles is still far from being perfect a few weeks ago a series of hacks exploited a vulnerability in this technology resulting in the theft of around 40 million dollars have blockchain oracles become defy's weak points and what is chain link's solution to the oracle problem to find out join our latest coin telegraph interview with sergey nazarov and coin telegraph's tech editor andrei shevchenko what do you think of latest hacks which just to for context there were like five hacks in the past month uh taking like combined like 40 million dollars that were all executed flashlights so what do you think projects could have done better in that case so i i i think there's two fundamentally faulty assumptions around the security of people's price discovery and and price data mechanisms that need need to be seriously revisited the the first assumption is that you can source price data into a d5 protocol from a single exchange from a single price discovery mechanism whether that's an unchained dex pool or or a centralized exchange it doesn't matter the the fundamental problem here is that 80 to 90 of those attacks that you're describing they're using flash loans to manipulate um a decentralized exchange or pool or some mechanism that creates unchained price discovery so the first foundational issue is if you have a crypto asset in your d5 protocol and that crypto asset has changed is traded on 50 exchanges you want a system that provides you an accurate global price across those 50 exchanges you don't want to just take one exchange and hope for the best because of that one exchange becomes thinly traded or if somebody gets a flash loan which essentially makes that exchange easy to manipulate in the case of an unchained dex then you're in a position where somebody controls the outcomes in your d5 protocol the reason that this initial set of attacks occurred and and kind of has been continuing to occur is because they're extremely easy to implement you don't need to hack anything you don't need to even be particularly technical to achieve these attacks or all you need to do is take out a flash loan which makes you well capitalized as an adversary and to apply that flash loans value towards manipulating the price um of a dex of a decentralized on-chain you know dax or pool or whatever whatever we want to call the price discovery mechanism right and that's why on top of the idea that you never want to use a single exchange to define the price within your d5 protocol you definitely don't want that single thing to be that single price discovery mechanism to be an on-chain decentralized exchange or something like that because that is um that is more than doubling your risk conversely in our case with chain link we source data from um hundreds of exchanges so chain link from the beginning was made to provide market coverage so that whatever asset we put on we are sourcing data from many different data providers connecting us to hundreds of exchanges and therefore uh wherever volume shifts chain link can properly represent the accurate global price yeah absolutely i guess so some flashlight attacks are more like market manipulation rather than actual hacks so this definitely is a complex problem in that sense um but to kind of go on a more general note here i want to get your opinions on what you think defy is going into right now so obviously with the summer of yield farming let's say we've saw a lot of new projects and uh a lot of them were maybe questionable but a lot of them were also good so overall the sector had a lot of evolution during that summer and do you think that the ecosystem is actually going in the right direction right now in terms of utility in terms of um just being useful to the world in a sense yeah i think it's extreme i'm i'm very impressed by a lot of the teams we we work with at synthetics and ave and and you're in a number of other places i think there's there's two kind of fascinating dynamics of unfolding literally before our eyes that that some people appreciate and and aren't clear to other people so the first one is you know composability and the ability to implement essentially a service oriented architecture on chain where a piece of the ave protocol can be used by synthetics or a piece of synthetics can be used by urine or a piece of urine can be used by ave so instead of building their own separate pieces that are of lower quality for for their own private use you now start you're starting to see a kind of templating of how certain operations in the d5 in the in the in the blockchain based finance landscape happen and i think what that's going to evolve into is to some kind of standards like the erc20 standard created a standard for tokens you're going to have ways that people say you know that's how i do that for a financial product within a blockchain and there's more and more focus on making a single good kind of on-chain service in the form of a contract that other contracts can use the the second great thing i think is the generation of yield so the ability for people to get yield trustlessly especially in an environment where inflation is rising and yield in the traditional financial markets is falling is creating a very very sharp contrast you you simply can't ignore that you can get point you know five or point one percent uh yield on an asset in the traditional financial world whereas in crypto you can get between one to eight percent on the same you know fiat currency in the form of a stable coin or if it's bitcoin or whatever it is right and so if that big gap in yield continues to perpetuate itself just to normal market conditions in the global financial system and the d5 landscape continues to have better and better collateral better and better kind of composable building blocks better and better oracles that feed in more and more high quality data for the creation of more and more markets while the global financial system continues to generate no yield and you know the the pressure of inflation drives people to seek mechanisms to maintain the value that they have in whatever whatever format they can get it into then the crypto format as a way to maintain value i think is going to be an extremely powerful force if it if it continues to develop the way it's developing and in our case our our goal is to provide really reliable oracles price oracles so that the type of issues we just discussed don't happen and the overall reliability and usability of defy is maintained through the provision of accurate price data as well as you know oracles for various other types of data yeah it's actually very interesting and to your point about yield i guess i have kind of a follow-up question here which is um so the promise of d5 in the sense is to be for example decentralized bank right so uh to have real world usage for example if i want to i don't know like buy a car on loan i can do that through d5 eventually right so in terms of yield um to connect that a little bit so what do you think will be the sources of yield in the future and that do you see maybe d5 kind of needing to expand beyond the crypto to crypto interactions and just into the real world and can the chain like maybe facilitate that yeah yeah i i think that's definitely going to happen and i think you you already see i think you already see one type of diversification and and funnily enough it is a kind of crypto asset but it's a little bit different um on the one hand i think you have all these kind of cryptocurrencies and crypto assets and all those things on the other hand i think you see nfts so nfts interestingly enough um are generating their own category of assets that are that are not necessarily based on the value of crypto they're based on the scarcity and the value of a digital good in a game or even just as a piece of art or some kind of rare scarce digital good generated on a blockchain in the case of nfts what would we provide to more and more forks now is something called chain link vrf chain link vrf generates unchained verifiable randomness so randomness is very important for the generation of nfts because you want to know that the system that made nfts didn't generate a bad nft for you but a good nft for someone else right you you people want to know that the nfts are generated fairly so that their scarcity and their own game ability is maintained as as an underpinning of their value i think the the next group after nfts and gaming based collateral is insurance so we are doing a large amount of work with people in the insurance industry right now we already have a few systems that are that are using or working on using chain link in different ways for providing weather insurance to farmers and and and actually a few of those folks are doing that now in different parts of the world and what what i think will happen and what i think is very logical is that the insurance cash flows that are essentially proven on chain at this point and and and all the information about the insurance relationship is is on chain those um cash flows can be turned into their own kind of asset into their own collateral into their own some kind of securitized or derivative workers or something like that and now you'll have cryptocurrencies stable coins you'll have gaming and you'll have insurance cash flows in in terms of the stable coins actually and and actually the transfer of tokens from other chains into into in environments that can use them we also have something called proof of reserve where thus far we've been using it to prove the accuracy of the wbtc um system and that there's actually bitcoin backing rap bitcoin but i i think what what you've recently seen is us expanding it into stable coins so that we can actually prove that there's a certain amount of money in a bank account backing a stable coin and that's not a annual audit that's like an automated audit every 10 minutes every hour every day proving that the assets backing the stablecoin are in a bank account the kind of final stage will be this very advanced stage where we're able to prove things about real-world assets and then proving things about real-world assets like the value of real estate or the value of of of some other off-chain asset in being able to prove the ongoing current value of those assets will be able to show a lot of reliability to the kind of defy ecosystem for that asset what it'll evolve into is us proving various things about many different off-chain assets that are not yet unchained and that proof will enable them to come unchained yeah absolutely that's so i think definitely something that people look forward to with oracle's i guess i have a small question here it's probably a very complex topic but um how automated can these things become like for example checking the bank account of a stablecoin like um how can you be for example sure that the bank account is not lying to the oracle somehow so it's different it's different categories of risk management right you basically have to think about what are your current risks and what are the risks that you'll eliminate there will always be new risks or or some version of risk that you acquire in the use of oracle's to verify things about assets if you're looking at a stablecoin and you're thinking well how do i know the stablecoin has assets in its bank account and one answer could be uh hey we're going to it's they're going to use ernst young they're going to use some some accounting firm that is going to audit them once a year okay you know that's one level of risk that you um as a stable coin holder as a stable coin user as a d5 protocol using stable coins within your d5 protocol you know to the tune of billions of dollars that that you can become comfortable with that risk and you can decide that's a risk i'm comfortable with it's not great because at the end of the day you have situations like wirecard that you basically find even even large globally traded public companies can can somehow find a way to get around these types of controls and these types of audits so i think what what the oracle networks in this case will do is they will provide a very different automated auditing function and so now now your risks are not do i wait one year for people to manually check this asset but do i have an oracle network that i can rely on hopefully in the case of chain link you can say yes i have an oracle network that can verifiably and reliably check things for me um independent of you know blockchain's operation and independent of the data source it's checking but i actually think there is a kind of middle of the road option where you don't force the bank or or the centralized lender or whoever to go completely on chain you build decentralized verification systems around them and you basically force a large amount of transparency and there's no reason why an oracle network can't go and assess the value of real estate assess the solvency of an enterprise assess the the state of bank accounts or gold accounts or whatever other account to prove that the on-chain asset that represents those things is in sync with reality and in fact the fascinating thing is that if you had a system of smart contracts in oracle's in 2005 and six and seven it's very possible the 2008 financial crisis wouldn't have happened anywhere near to the degree that it did happen because you might have had a system that was able to check the credit worthiness of various holders of mortgages and the the value of various houses and and combine all those things into smart contracts on on a kind of loan holder by loan holder basis and i think that transparency would have really softened the boom and bus cycle of the 2008 uh global financial crisis absolutely that's a very interesting point although i guess institutions will need to agree to do that but in any case i had a personal curiosity actually like this is going to be the last question but um so i've recently discovered that on chain link you can actually send the arbitrary http requests you know like just get something from an api that you set yourself and i'm curious why don't i why didn't i hear of that before why don't i see projects building on top of that so and my first thought is maybe that for example in ethereum the gas fees are too high to do this consistently but maybe there's something else going on here yeah so that that feature is a feature that some people utilize um in in some of their applications i i think what what what this all comes down to is the foundational fundamental value of smart contracts and the the question that that smart contracts provided answer to is how can i achieve hyper automation for billions of dollars eliminating people and and various people based systems as checks so once you achieve a certain level of security and combine that with a certain degree of usability you see an explosion in what people do in our industry you see them you see everybody making tokens or you see everybody doing private key voting and calling it a dow because that functionality has now reached a point where if you build it it won't be just the poc that you won't put real value or usage or funds behind it'll be something that you can put millions or billions of dollars into right and so yes you you can go use a single http request some people do that for the initial things they build but the foundational value of chain link and of smart contracts is very much the same in that it provides hyper reliability smart contracts provide hyper reliability for smart contract state and for the ability to define the relationship between parties um and between various outcomes in a state machine that is is is is proven to execute the way it was written under all conditions and in the case of chain link if you look at the reference data networks and the price feeds that people use and even some of the weather weather feeds that we're starting to use and look at you see um decentralization you see a multitude of different oracle notes and what that's a really big part of what chain link does is it allows people to compose different oracles run by different people different institutions different entities into an oracle network that that creates one level of reliability and and then it also provides access to a multitude of different data sources what you really want and any system that doesn't give you this has serious flaws is an extreme level of decentralization at the oracle mechanism level and whatever level of decentralization that's realistic to achieve at the data source level and in achieving those two things you approach this extreme reliability for externally connected smart contracts such as the ones in d5 such as the ones in decentralized insurance you could go and generate an http request to a single source exchange from from a chain link node that you run you could do that and you could use that to build a system and that could work but it's not clear to me that once you have millions or tens of millions or hundreds of millions of dollars in that system you wouldn't need to then use the chain link network to combine another an oracle network around multiple data sources and then what our system is actually architected to do is to scale with the value secured so if the value secured by chain link goes you know past five billion to six billion seven billion no past whatever past whatever amount the chain link oracle networks increase in size and as they increase in size they can also decide to increase the amount of data sources and and these are the things that you know are really the bigger future questions of once we achieve tens of billions of dollars secured how do we properly scale um the security of oracle mechanisms and the security of data sources and and that's that's part of what you're seeing also as we started with flash loan attacks is that the value secured has massively outstripped the security of the oracle mechanism in that case and that mismatch has led adversaries to exploit the d5 protocols with enough value but weak enough oracle mechanisms for price data and so that's the continual problem that that we need to solve as as the value in d5 continues to increase yeah absolutely makes sense i guess the gesture is that if you use that you would need to basically recreate chain link security model right exactly an extreme pleasure to talk with you and i hope the youtube like this interview and uh as always subscribe to the channel and see you next time yep great great sharing with you thank you very much coin telegraph like subscribe and hodl you

You May Also Like