In a discussion about Oracle Hacks, Sergey Nazarov pointed to how ChainLink could have avoided these. He stated that there is a foundational kind of issue, whether about the complexity of the Oracle problem and the data quality around the financial products in the decentralized financial ecosystem.
He stated that generally, all of these hacks have a common thread, whether they are related to flash loans or whether they are related to using single centralized exchange as a price source.
I think the threat is people are relying on a single source, whether it is a decentralized exchange or whether it is a centralized exchange as the price source. And, that is essentially a level of centralization risk, which is playing out in a very negative way for people who are making the architectural decisions.
Now, this is something that we have been trying to explain to people for years now. Last year, we put in a lot of information about this. I spoke very publically at Ethereum about these specific exact types of issues. And, then we put out publically actually an advisory a cautionary warning for the developer community explaining exactly how these kinds of experiences would unfold and it exactly unfolded in the way we actually described.
The explanatory is pretty straight forward. You basically find a DeFi protocol that uses a single exchange as its source of price data. You find a way to manipulate that single exchange and you effectively gain some measure of control over the highly decentralized financial protocol. Essentially, the financial protocol could be well architected, it could be well audited, and it could have some good private key security for some multi 16, but I think people need to start viewing oracles on the same level of: I have to have good private key security, I have to have good smart contract audits and I have to have good oracles.
And, baking your own oracle is in some way akin to rolling your own crypto or making your private key in to a security device or something like that, because it is a much more complicated problem, than people who assume that there is a lot of the time and those assumptions become clear and then once there is an issue all of these details come out.
Right, so the way that ChainLink solves these problems and it has always been resistant to these problems ever since the first day of its operation – it is that we do not source data from a single exchange. We actually have multiple data providers and we get data from hundreds of exchanges.