chainlink pricHow to Prevent Price Oracle Attacks in DeFi Sergey Nazarov, Chainlink on Decrypt Daily

cost of chainlink gate per ft chainlink bank of america chainlink pric How to Prevent Price Oracle Attacks in DeFi Sergey Nazarov, Chainlink on Decrypt Daily
chainlink pric chainlink forbes How to Prevent Price Oracle Attacks in DeFi Sergey Nazarov, Chainlink on Decrypt Daily
how you doing welcome back to the show great math thank you for having me recent oracle hacks recent oracle hacks sir harvest 24 million dollars compound 89 million dollars you have been talking about this and predicting this for a while now do you think that one that changly could have avoided these hacks and tell me how these hacks are happening and how gently could avoid these yeah so i i think theres a found foundational kind of issue here where theres an assumption about the complexity of the oracle problem and data quality around financial products in the decentralized finance ecosystem generally so i think all of these hacks have have a common thread whether theyre related to flash loans or whether theyre related to using a single centralized exchange as a price source i think the thread is people are relying on a single exchange whether its a decentralized exchange or whether its a centralized exchange as a price source and and that is a level of essentially centralization risk which which is playing out in a very negative way for people that make those architectural decisions now this is something as you said weve been trying to explain to people for for for years now last year we we put out a lot of information about this this year i spoke very publicly at ethereal about these specific exact types of issues and then we put out actually an advisory for the developer community a caution warning explaining um exactly how how these types of exploits would it would unfold and theyve unfolded exactly the way weve described right the exploit is pretty straightforward you basically make sure to to to find a d5 protocol that that uses a single exchange as its source of price data you find a way to manipulate that single exchange and you effectively gained some measure of control over this highly decentralized financial protocol right and the decentralized financial protocol could be well architected and it could be well audited and it could have good private key security for some kind of multi-sig scheme but i think people need to start viewing oracles on the same level of i have to have good private key security i have to have good smart contract audits and i have to have good oracles and and baking your own oracle is is is is in some ways akin to rolling your own crypto or or making your own private key you know security device or something like that because its its a much more complicated problem than than people assume and a lot of the times those assumptions become clear once once theres issues right so the the way that chain link solves this problem has always been resistant to these problems for the first day of its operation is that we dont source data from a single exchange we we actually have multiple data providers and we get data from hundreds of exchanges so this means that the chain-link system in addition to being a highly secure and reliable oracle has data quality in mind from the beginning and it is this data quality point that we have been talking about for for for well over two years now as a key component of financial products on chain of decentralized financial products because a financial product is essentially a set of state changes that is triggered either by signatures from private keys or in d5 predominantly by oracles right so oracles are the things triggering and essentially allowing the decentralized financial product to know about the world and if you make an architecture that makes that decentralized financial product have a skewed view of the world or or a view of the world that can get manipulated um you you fundamentally on an architectural level have just made a serious kind of error right chain link fundamentally solves this from day one weve been architected to solve it because were exclusively focused on solving this problem were focused on solving the problem of oracle security and the transition of data from off-chain environments into on-chain environments were also focused on on generating some amount of data quality which is once again why we source data from hundreds of exchanges not one not two not three unfortunately i think the next version of this exploit is where people go after protocols that use two or three or four exchanges or one or two exchanges and say i have i dont have one exchange i have two i have three all that does it may is make it a little bit more difficult it just means that instead of manipulating the price on a single exchange you now have to do it on two or three and i i think its a serious concern that both developers of these uh protocols should should look into that users of the protocol should evaluate on a level of technical risk and the level of technical risk that theyre exposed to through using these protocols and people making new protocols and launching them really have no reason to have to build their own oracle just like they have no reason to roll their own crypto or make their own private key security devices there are now systems that properly transition data into on-chain environments and in chain-links case we disperse the sources of that data so widely and in such a decentralized way that for crypto prices we get that data from hundreds of different exchanges such that we provide you market coverage and a global price so i i think that its its a serious issue i think unfortunately its an issue thats going to continue and that when people architect these systems they should seriously look at not only how is the oracle securely delivering the data but how is that oracle securely delivering it from a multitude of data sources that are resistant to manipulation you know that the headline takeaway here is you shouldnt be using an unchained dex for a price or oracle period you shouldnt be using any single exchange as a crypto price oracle period and if your system does that or if your system does a little bit better than that with two or three exchanges your security team and your internal development team should sit down and begin to seriously reconsider that architecture so youre not of it sergey nazarov co-founder of chain link thank you for coming on and explaining this and making my job a hell of a lot easier great chatting with you matt thank you again On the Decrypt Daily Podcast Chainlink Co-founder Sergey Nazarov explains the recent headline-grabbing flash loan-funded exploits around centralized oracles. To prevent these kinds of attacks, DeFi projects need to adopt oracle solutions that meet the same security guarantees as the underlying blockchain protocol. In this video, Nazarov walks through how Chainlink’s decentralized oracle network protects dApps and their users against price manipulation attacks around single-source or centralized price feeds.Sergey Nazarov is the Co-founder of Chainlink, the most widely adopted blockchain oracle network for powering universal smart contracts. With Chainlink, developers can connect any blockchain with high-quality data sources from other blockchains as well as real-world data. Managed by a global, decentralized community of hundreds of thousands of people, Chainlink is introducing a fairer model for contracts. Its network currently secures billions of dollars in value for smart contracts across the decentralized finance DeFi, insurance, and gaming ecosystems, among others. Chainlink is trusted by hundreds of organizations to deliver definitive truth via secure, reliable data feeds, from global enterprises SWIFT, Google, Oracle to development teams at the forefront of the smart contract economy Web3 Foundation, OpenZeppelin, OpenLaw, Hedera Hashgraph, Zilliqa, Synthetix, Aave, and many others. Learn more about Chainlink: Website: Twitter: Telegram: If you’re a developer, visit the developer documentation or join the technical discussion on Discord