The Breakdown - Chainlink's Sergey Nazarov on What DeFi Can Learn From Early Exchange Hacks
Episode Date: February 19, 2020The DeFi world continues to dissect the recent attacks on bZx. To most, the amount lost in the attacks is far less relevant than what the attacks suggest about how DeFi applications need to be designe...d. Within that, one key topic of conversation is the role of price oracles - the systems by which DeFi applications check the prices of assets that dictate what happens in a given smart contract. Since asset price manipulation was at the core of the recent attacks, this is a particularly pertinent area of inquiry. Yesterday, Chainlink announced that it would be helping bZx upgrade their systems taking advantage of Chainlink’s recently-launched “meta oracle.” On this episode of The Breakdown, Chainlink founder Sergey Nazarov discusses: The role of price oracles in DeFi How price oracles were targeted in the recent attacks What the DeFi industry can learn from early crypto exchange hacks
Transcript
Discussion (0)
Welcome back to The Breakdown, an everyday analysis breaking down the most important stories in Bitcoin, crypto, and beyond, with your host, NLW.
The Breakdown is distributed by CoinDesk.
Welcome back to The Breakdown. It is Wednesday, February 19th, and today we are going to be doing two things.
First, we're going to spend just a little bit of time touching on some of the key news from the last couple days.
The whole conversation around the defy attacks on BZX has taken a lot of the energy and
in time on this podcast, which will be the case again today, and I want to make sure that we're not
completely glossing over a couple interesting bits of news. But then second, we are, in fact,
going to turn our attention back to these defy attacks. In specific, we're going to actually
hear from Sergei Nazaroff, the CEO of Chainlink. Yesterday, Chainlink announced that they would
be helping BZX transition from their current Oracle approach to something that is hopefully more
decentralized and resistant to the types of attacks that we've seen. The reason is the reason
that I thought it was worth continuing this conversation is that to me, Defi is unarguably one of
the most important parts of the entire crypto industry. It is something that is driving a huge
amount of energy and excitement and optimism for the future. And these attacks really represent
something incredibly important and novel, which is the idea that in the future, exploits won't
just be hacks and security flaws, but about the fundamental designs of the system and how people
can take advantage of them, how people can take advantage of low liquidity and smart contracts.
In other words, there are much more sophisticated type of attack than just some sort of brute force
exchange attack hack, and I think that it's really worth spending time understanding what happened
and how this can be avoided in the future. And that's what Sergei is really here to help us do.
But first, let's look at a little bit of the news from the last day or so.
One of the banner headlines from yesterday was that the Bloomberg campaign had announced
their financial reform package and that it made mention of crypto. Now, in terms of what it specifically
said, there wasn't necessarily a huge amount of exciting or unexpected or new or different things, right?
They said, quote, cryptocurrencies have become an asset class worth hundreds of billions of dollars,
yet regulatory oversight remains fragmented and underdeveloped. For all the promise of the
blockchain, Bitcoin and initial coin offerings, there's also plenty of hype, fraud, and criminal activity.
Their plan went on to basically say that they want to clarify who is responsible for overseeing
different parts of the space, figuring out a framework to determine when tokens are actual securities.
Obviously, they're focused like all administrations would be and should be on preventing fraud,
and they want to clarify the tax regime.
So this is really just a sort of a duh package, right, in the sense that you should hope
that our regulatory apparatus is capable of engaging with these new types of assets in their own
terms, and that's really what the Bloomberg campaign is pushing for. Now, the two things that are
notable about this are, one, that it exists at all. And I think this was really captured well by
Niraj from Coin Center, who tweeted, what a ride it's been watching this once tiny hobbyist
issue grow into something presidential candidates have plans for. I think that point really
can't be overstated, just how notable and what a milestone moment it is in some ways that Bloomberg,
who is very quickly becoming the or at least one of the two contenders for the Democratic
presidential nomination, has seen fit to put this as a part of his financial reform package.
Now, the one other little notable detail is that this isn't taking the same blockchain,
not Bitcoin, that we've seen. It talks about for all the promise of Bitcoin alongside blockchain.
And that's a pretty notable thing, right?
It at least suggests that there is a willingness to engage and an openness to Bitcoin,
not just the technology behind it being something interesting.
So certainly something that we'll have to watch for more signal on.
Again, it's just one little bit of information inside a larger proposal
that is itself only partially filled out, but still notable.
Now, a second little bit of news today that got people nervous.
I noticed a tweet from Larry Sermak over at the block this morning that Maker was up 15%
in the last four hours, and quote, some weird transactions happening as well.
Now, in the thread, there's a lot of discussion around what might be happening.
Someone noticed that it seemed like uniswap was being drained of Maker.
Larry talks about how there was a huge surge in volume on BitFinex and OKX as well,
and someone who's clearly trying to accumulate as much as possible.
Udi Werthheimer says maybe Maker or someone affiliated with Maker is buying them up as a white hat thing.
Larry Sermak says, that's what I was thinking, because if there is just a tiny chance someone could pull it off,
i.e. some sort of strategic attack, it's not worth the risk. But Maker could also activate a delay
in the governance process, I think. Udi responds, maybe buying up the tokens will make it easier to get
the vote for the delay pass. I don't know, just thinking out loud. Taylor Monaghan, who we heard from
yesterday, also chimed in saying, it could be the Maker team got in touch with known whales,
asked them to remove liquidity from market. Less liquidity would also result in price spike
due to shallower market even without the huge buys.
Here's $8 million removed from Uniswap pool.
It would be interesting to see if known maker whales and or maker team are all doing the same.
So this one is pretty unresolved unknown, but I think it goes back to the conversation
and our main conversation today, which is new attack surfaces that are being exploited
in Defi, or at least a concern that in the wake of these attacks, more and more focus
is going to be spent on where there are chinks in the armor of Defi that can be exploited.
So with that, let's shift over to the main part of our conversation, our interview with Sergey from ChainLink.
Sergei Nazaroff is the CEO of ChainLink, which is a decentralized Oracle product, right?
Chainlink's job is to try to create a mechanism for smart contracts and on-chain functions to take advantage of off-chain data.
And in particular, in the context of Defi, the data that most matters to smart contracts is price data.
As we've seen with these attacks on BZX over the last couple days, part of the challenge was
price oracles that were reporting data that was, if correct, correct only after a manipulation
about one source. So in the first attack, the price of WBTZ was attacked, and the price
Oracle was then reflecting something wrong, allowing people to make off with more gains than
the system should have otherwise let them, because that price was artificially deflated on
WBTC. The second attack was something similar but was about driving the price of synthetic
USD up and then that extra price increased the amount of collateralization that was happening,
allowing the attacker to take away more eth than the smart contract system should have allowed
them to because that synthetic USD price rather than tracking to $1 as it should have got up over
$2. So in some ways both of these issues had at least a little bit to do with price oracles. So
So today, I wanted to have Sergey come in and explain a little bit more.
Now, Chainlink did announce yesterday that they would be officially helping BZX make this change,
but in some ways the interview isn't really about that.
It's more about the idea of price oracles and where they fit in Defi in general.
Now, one quick note on this interview, for the sake of presenting it as the conversation happened,
it's very, very lightly edited.
So it's much more natural, much less produced than normal.
Keep that in mind as you're listening, and I hope you enjoy it.
All right, Sergey, it is so great to have you back on the show.
Really appreciate you taking the time.
Great. Thank you for having me.
Okay, so this has been obviously the major topic of conversation over the last three or four days,
these attacks and what they mean for Defi.
And what we're interested in talking to you about today is specifically the roles of
price oracles in these attacks.
So I guess just by way of starting, can you actually give our listeners a quick primer on
the role of Price Oracles in D5?
Sure, sure. So what people are seeking to do in defy is replicate a traditional financial product like a money market or a derivatives product. And all of these products function on the basis of price data. So what that means is from a technical point of view, you have the product itself, which is in this case smart contract code, logic written in something like solidity on Ethereum. And that solidity defines.
how the contract, how the financial product will behave, how much interest it will pay,
who will benefit from an outcome from a derivative, you know, what settlement price should be
of certain futures contracts, not what, but how to react to price. So it codifies what the
contract is about. But the contract is then entirely dependent on the inputs into it. So if you
input one price, there's one interest rate. You input a different price, there's a different one.
You input one, you know, one threshold for market prices getting, getting to a certain high.
You have one price for settlement.
You have a or a different outcome for a derivative, right?
So I think the thing that's actually important is how defy contracts differ from how people conceptualize smart contracts up until this point.
People conceptualize smart contracts right now in two slightly, slightly limited ways.
The first one is people assume that smart contracts on Ethereum or HyperLiger or any of these networks,
can speak with external data sources.
Despite being called smart contracts, they in fact cannot.
So the security model that secures those state changes and that logic which defines the contract
means that it's computed on multiple independent redundant node operators, which their job is not
to go get data and input data because they can't really come to consensus about these various
external values.
That's that kind of breaks some of the security model and it forces you to choose who's responsible
for that and basically arrive at a place where smart contract code can only be about data that's
already inside the network where it began to exist. And this is, this, this idea has come from the
fact that everything that's almost everything that's a smart contract so far is a token.
And the token generates its own data on chain by generating tokens and then all the data that
the contract needs to interact with because it began on chain is still on chain. And so there's no
problem there of interacting with external systems for price data. Now, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the,
contract, they're starting to redefine what a smart contract is, right? So, people call a tokenization
contract, a smart contract, and they call a defy contract, a smart contract, but the attack surface
area of a contract related to generating tokens is only its on-chain code. That is a
kind of the only place from which you can attack it and also whoever holds private keys related
to moving the tokens and things like that. But with the Devi contract, you have an entirely new
attack surface area called an Oracle. So what the Oracle does is it sits between a secure system
like Ethereum where smart contracts are computed and external off-chain systems that know about
things outside of Ethereum. And these systems don't have private keys.
they don't have a way to get that data into a defy contract,
and they don't have a way for that data to be particularly reliable.
And this is what an Oracle or a decentralized Oracle network in the case of ChainLink does,
is it supposed to securely provide external data into a smart contract,
so that that smart contract can know about things like what is the overall larger market price,
and it can, if the Oracle represents that,
larger market price accurately, then the decentralized financial product has the correct
input and can function correctly. If the Oracle provides an incorrect market price, then even the best
written, most secure, most audited, decentralized financial product will fail because that input is
incorrect. And the nuance here is that when you talk about a smart contract in this defy context,
you're actually talking about something that is composed of an on-chain component,
which is the code and of an off-chain component, which is the Oracle.
Now, the on-chain component has been built and heavily reviewed by a large group of people,
but the Oracle component is right now just really coming into existence into a secure form,
largely through our work at ChainLink and kind of creating a decentralized mechanism
to guarantee that the input into a Defi contract is, in fact, reliable enough to trigger it,
And therefore, you can now once again call a DFI smart contract, a smart contract,
because both the on-chain code is reliable and also the off-chain code related to all the events
that effectively control the contract also now reaches a high enough threshold to be considered,
reliable enough to be included in the definition of a smart contract,
if that answers your question.
Yeah, absolutely.
I think that's a really, really helpful background because the place that I wanted to go with this is that it was, basically,
oracles have been at the center of the problems that we've seen with BZX over the last couple of days, right?
Can you explain just a little bit about how price oracles became part of this attack service for these attacks that we saw?
Sure.
So there's actually a few dimensions and a few attack vectors related to oracles.
One of them is the Oracle mechanism itself.
So there's the software.
There's the or the code that's responsible for acting as a data transport layer that's responsible for
transporting data into the contract.
And then there's the data source.
So the data source is either the data aggregator or an exchange API or in this case it was actually an on-chain data source where the price data was generated on-chain.
But you actually have these two dimensions of risk with oracles.
One is the code related to securing the Oracle.
And the other one is the data source, its security,
the quality of that data source, the ease of manipulating it,
and this capacity to manipulate it is often also
mitigated by redundancy.
So in short general terms, one of the risks
that we've been seeing unfold is some people
have said that perhaps an on-chain price oracle
is the only price feed that you need.
And the reality that that, that
is that that narrative is putting a substantial amount of people at risk because not only is it not a good idea.
The first point is that it's really not a good idea to use one source of price data.
For example, in ChainLink, we do not actually directly feed cryptocurrency exchange price data into our large reference data contracts.
We use data aggregators that are experienced high-quality teams like BNC, KICO, Amber Data,
crypto compare, you know, a whole bunch of other ones that are experienced teams that smooth out data.
Once that data is smoothed out, then you can consider the data source as mitigating these large amount of risks.
So the first point is not even whether you're using an on-chain data source or an off-chain data source, a cryptocurrency API or a Dex price.
it's that you don't really want to put yourself at the mercy of a single data source for a market that could very quickly swing.
So part of the problem is that even if the snapshot that you took when you were building the DFI product said that this market is very high in volume,
and then it would therefore would cost a lot to manipulate it, volume swings extremely quickly in the cryptocurrency space.
And so a month or two later, that market on that Dex or that cryptocurrency exchange that you chose as the market to power your DeFi DAP could suddenly be thinly traded and could be a very risky dependency, even if it's correctly feeding data into your defy application.
So I think the first nuance point to this problem is it is it is probably not a good idea to go to one exchange API
because the snapshot at the time of your building a defy application says that that is that is the market where where price discovery happens.
You're pretty much almost always you're pretty much always better off going to a data aggregator or ideally multiple data aggregators and
allowing them to smooth out all these risks which is which is a significant role that they play in this.
ecosystem for people that are sensitive to high quality data and crypto traders and people that
use them. But in financial markets, this is what data companies do, is they smooth out this massive
dimension of risk. And that's a big part of what they risk, what they exist. So the first thing is
perhaps not using a single exchange or a single market that could become rapidly different
and volume is perhaps, I think, to keep in mind. The second level of risk is the level of risk
with Dex Price Oracles. Now, there's a number of papers around front-running issues with Dexes
like Flash Boys 2.0 from Ari Jules and Phil Diane and lots of other good folks.
And that say that there's certain ways to manipulate existing decks prices. And other than that,
it's one of these things where because Dexas are sometimes very thinly traded or have large swings
and volume in and out of them, you basically arrive at a situation where the capacity to manipulate
those markets is actually sometimes greater than centralized markets. And there's a big,
so there's two levels of risk here. The first level is you chose one data source for a market.
that market became thinly traded.
It became easier to manipulate.
And in addition to all that, it was an unchain decks about which there's been
significant research that the prices in that environment can sometimes be manipulated.
Now, sometimes it's not worth manipulating them at certain costs.
But if they become a price oracle for your highly leveraged or high value decentralized
derivatives or futures product, then perhaps all of a sudden manipulating those on-chain prices
is sufficiently useful or valuable to justify those costs. And so that's why both using one
single data source is a huge risk, but using something that from a technical point of view has
certain additional risks for manipulation like an on-chain dex price and attaching your
market to that when that market can rapidly grow in value and give people a reason to attack it
is generally speaking something we caution people against. The way that we approach this
is we have multiple independent node operators pulling from multiple high quality data aggregators.
For example, even our smallest Oracle networks never go below seven nodes. And each of those
seven nodes is connected to its own data aggregator, which then smooths out price data,
from many, many different exchanges.
Likewise, if new exchanges appear,
if swings and volume happen,
it's accounted for by these high-quality data aggregator
and kind of data companies.
So the things to be really cautious about
are both the security of the Oracle mechanism.
So how is that software redundantly secured?
Is the software itself of a high level of quality?
Does it implement trusted execution environments?
doesn't implement, you know, various signing procedures and secure messaging procedures,
all these types of things.
And then the second point is making sure that if you really want to dig into these things,
you understand the world of financial data and price data, which is a complicated question.
Now, our hope is that defy developers don't actually need to do that.
Defy developers should be able to show up to an infrastructure where they have,
a price that can actually include on-chain prices if they want, or it can include off-chain prices.
So we have something called a meta-oracle capability where we can compose a larger market price from on-chain prices, off-chain prices.
Right now, it's predominantly driven almost entirely by off-chain price discovery in centralized exchanges.
But I think the way that this space and the way people build things in this space should look is not that people are,
force to solve the Oracle problem when what they're trying to do is build a decentralized financial
application. The way it should look is the same way more mature spaces, more technology look,
is where people who make applications have a stack of here's where I'm going to run my logic,
so that could be something like Ethereum, here's how I'm going to connect to various external
systems. And in our case, we have a lot of expertise and experience with deciding or helping
people decide what high quality data providers are or high quality method methodologies would be.
And therefore, we're able to provide a reliable on-chain price that's both decentralized
at the Oracle level and in this case, relative to this attack, decentralized at the data,
data source level. And I think that the lesson of this attack is kind of that both of those
things are very important, both the middleware security component and the data source security
component and and that sometimes you really need to consider if if something like an on-chain
generator of prices like a Dex is, you know, if those additional risks are actually worth
worth whatever you're getting from it. In my experience so far, the risks of an on-chain
dex price used as an Oracle greatly outweigh the benefits. And realistically, even we've seen so far
things like our meta oracle capability is the ability to implement something called pricing
bans using off-chain price data to ensure that an on-chain Oracle does an on-chain
decks doesn't deviate too far from market prices. So I think deckss are great and I think
they're doing a lot of great things for the space and I think they're improving and they're going
in the right direction. But linking the outcome of your very high value kind of very fast,
moving market to an on-chain decks whose code is entirely open and has different ways that
people can approach attacking it. And that being the only thing that triggers the outcomes in
your market is a significant risk that we've so far been able to solve with what we've made.
So we just recommend either people find a way to decentralize their data sources and
their Oracle mechanism or use something like us, you know, whichever, whichever works for them.
But if if things aren't considered in this more holistic way, both by users who want to
understand what is the security of a DFI DAP and by developers of the DAP, like what are
my security risks in relation to oracles and data sources in addition to contract code, then
it's very possible that this type of thing will continue.
And I don't think that'll be great for the space in general.
So that's kind of where I wanted to go and maybe leave this, is what you think the impact of these attacks on the space are. You know, it sounds like you guys, based on the announcement yesterday, are now actively helping BZX think through this for the long term. You've mentioned or made mention of some of the lessons that already were potentially seeing around using that kind of decks data as a single source of pricing information and the vulnerabilities that creates. But what are the other other?
lessons or takeaways. And I guess do you see this sort of attack happening more or just, you know,
new forms of attacks happening more as defy gets more popular? Yeah, I think these attacks are happening
predominantly towards these derivatives and futures and highly leveraged, fast-moving markets with
larger and larger amounts because there's a way to make get a payoff there. So the ratio of
effort to pay off is relatively low. So that's and the numbers are growing as defy grows. So what that
means that what that means is that if the ratio of effort to pay off is is getting better and better,
then attacks like this move up on people's target lists. Now realistically as as defy grows,
if if people don't successfully secure their oracle mechanism through whatever collection of
approaches they're comfortable with, then the losses,
will become larger.
And as the value in different subsets of the defy ecosystem,
whether that's lending or some kind of collateral-based system
or whatever it is,
as the value there increases,
and if the Oracle mechanism doesn't improve in security,
then those things also move up on people's target list.
So suddenly the ratio,
maybe if the ratio of effort is still relatively high,
but now the rewards are very, very high.
So I think we see a number of people out there that have different Oracle mechanisms,
some of which they baked without an external audit,
some of which that's speaking to the security of the Oracle software itself,
some of which is powered by price data feeds where volume swings really regularly in centralized markets.
And I think one of the things that's just been saving people is that the ratio of effort to payoff
is still low, relatively low.
But defy is definitely picking up speed.
There's definitely growth.
I mean, we recently passed a billion dollars,
and there's more and more usage of it.
And I think the reality is that as the amount of value
that goes into defy increases,
you'll see a progression of these types of attacks
around different sectors of defy.
So perhaps some more of these attacks
will happen in derivatives and futures-based platforms
with high volume fast moving markets, but that subsection of defy will probably become hardened
on this against this pretty quickly to a degree because we're working with a lot of people
in that space to effectively solve this problem, as well as other problems related to Oracle
reports so that people can't manipulate their markets.
Now, once that section of the defy ecosystem gets hardened, and if the value in defy keeps
increasing, I think people will start to focus on other markets that they'll figure out
to conduct all kinds of multi-layered kind of derivatives or shorting schemes related to an
Oracle failure in places where there isn't a fast-moving market, something with lending
or something based on collateral or something where you can't immediately trade in and
out of large amounts, but maybe you can create a derivative or a short around some kind
of Oracle event related to that collateral lending market and then have a huge payout that way.
And I mean, I think the reality is that part of the reason why this problem persists is because
the losses haven't been big enough, right?
So if if the loss at some point becomes big enough, you're going to see people take this
as seriously as they've taken cryptocurrency exchange security, right?
So what I've seen happen with exchange security over my, you know, I don't even know how
many years I've been in this space now.
I mean, building smart contracts for seven mining for years before that.
But over all that time, what I've consistently seen is that some kind of exchange fails in how exchange is secure the value they provide to users through private key security issues or whatever collection of issues.
And then the volume or the usage shifts to cryptocurrency exchanges that do have good security guarantees.
And as the value of cryptocurrency exchange usage grows, the losses become larger and larger, right, because everybody has more money.
So this seems like a very analogous situation to me that as defy grows, and especially if it starts growing rapidly, the people that have proper security for their Oracle mechanism will be able to explain that to their community and show themselves to be secure.
And then if somebody's Oracle mechanism fails, much like with cryptocurrency exchanges, if somebody's private key security scheme fails, then that becomes.
a top-of-mind kind of issue for users, not just for developers, but for users of that product.
And then those users historically, looking at cryptocurrency exchanges, migrate all of their usage
rapidly to secure systems that can explain how they are hardened against certain attacks.
So I think the growth of defy will is a very good thing.
I think it'll create more incentive to attack increasingly varied parts of defy.
And what I'm very hopeful of is that, you know, CoinDest and you know,
the community can start to think about how do we mitigate this risk before there is a big loss.
Because big losses by our community, by defy, paint defy in a negative light,
just like the Dow or large cryptocurrency hacks paint their respective systems in a negative light.
And I think the thing that's worth avoiding or worth kind of learning some lessons about
from how cryptocurrency exchange hacks and smart contract hacks have affected certain sectors
is that there's really maybe it's not a good idea to wait for that.
like maybe the better option is to somehow pay much more attention to the security risk
such that the losses never reach a level where people are saying that, you know,
oh, defy doesn't work because, you know, I heard that there was a hack for $300 million.
I mean, I don't want to hear that.
I want I want defy to keep growing at a massively fast rate.
But the reality is that that's a mix between how many.
users want to use DFI and how able DFI is to deliver on both returns and the technical
guarantees that DFI decentralized finance seeks to deliver. And even if those guarantees are
not fully realized from a security point of view initially, they're definitely something that
I think we should start realizing more as the value secured by DFI increases. Yeah, I couldn't
agree more. I think one of the things that I was discussing yesterday on the podcast was exactly this,
that right now we're experiencing these new challenges, figuring out new types of attack surfaces
and obviously new types of fixes in the context of a relatively enfranchised, empowered early adopter
crowd, right, who are by and large savvy to the types of risks that it entails. And I think
that's actually greatly to defy's benefit. You know, the stakes of some of these types of financial
products are massive if they go not just mainstream, but just get even a little bit bigger.
And so the fact that right now these sorts of challenges can be worked out without more
systemic risk and risk among people who really can't afford to take it, I think is to the
benefit of everyone who's invested in the long term, the long term health and growth and
opportunity of defy. But listen, Sergey, I really appreciate all your.
your thoughts. It's always great to have you here. I'm going to be excited to see what you guys
continue to build in this context and what we learn from each of these attacks and unfortunately
the ones that are probably yet to come as well. So thanks so much for your time. Yes, thank you for
having me. Again, great chatting with you. One of the things that I thought was most interesting
listening to Sergei in that interview was this idea that almost that DFI is going through a natural
evolutionary growth process where it is going to have attacks that come after it and try to exploit
new attack surfaces. And that in some ways, this is akin to the early days of crypto exchanges,
where attackers exploited basically everything that could be attacked in the context of
crypto exchanges, and it took a lot of painful learning. By learning from the mistakes of exchanges,
by taking more seriously the security of every aspect of the defy chain, we may be able to avoid
some of that pain, which is obviously to the benefit of everyone who's invested in the success
of defy in the space as a whole. So really interesting thoughts, and for me, just reinforcement of
why these attacks were so meaningful. It wasn't that a huge amount of money was made away with,
but they are warning shots. They are shots across the bow of what could come and why we need to be
so conscientious of everything that we're doing in Defi, especially while it's still early.
Anyways, guys, that is it for today's episode of The Breakdown. I hope that you enjoyed this interview,
and I hope you enjoyed the quick news briefing at the beginning. We will be back tomorrow with
another episode, and until then, thanks for listening, wherever you are. I'll catch you soon.
Peace.