@phuqle Just a basic assumption in all of this crypto stuff. You assume there are no angels. Obviously if 51% of the supply is held by outstanding, incorruptible citizens of the world, you’ll be fine. But for the sake of doing complex and impressive looking security analyses/game theory, we like to model that everyone is a nihilistic degen that can be bought out at market price.
Thank you! I didn’t assume that btw. And I still don’t understand. If majority ~ >50% corrupted, then the minority forks the old chain to have the new chain and issue new tokens. I assume that the value of the new tokens = the value of the old tokens of the minority which is <50% of the old tokens market cap.
And how does it link to the cost of the fork is half of the old tokens market cap?
Forking doesn’t assume control, it creates an entirely new chain which Uniswap would not be using. Assuming that the devs then swapped to the new chain, you’ve still just suffered a massive attack that has debilitated the platform by draining its funds and leaving users having lost trust. You can’t just fork problems away
And he wasn’t saying you assume no angels, he was saying when modeling out possibilities such as threats in crypto, the general assumption is that people have the worst intentions. If you are prepared for the worst, then you are prepared for the best as well. Given the stakes, that’s the safest way to do this. Of course, Uni’s TWAP oracle has clear vulnerabilities and is just one of many attempts at solving something but missing potential threats, so it’s easier said to assume these things than it is in practice. Hard to account for everything in design, which generally speaking is why most companies do NOT try to build their own version of a product where a suitable, affordable version of what they need already exists. It’s very high risk to spend that many resources just to fail. Even after all the time spent on oracles for the uni team they have to go back to the drawing board completely if they want to get it right on their own, and it’s another risk. When you’re talking about people’s money “most of the time it works” is not good enough. The TWAP oracles simply are not robust enough. Uni needs to make a choice to abandon their dex and try to compete as an oracle (idiotic) or adopt an existing, functional oracle solution which suits the needs of DeFi. And there is currently only one option, for better or for worse. I really don’t get the adversity some projects have to using Chainlink, they have proven time and time again to prevent losses in case of attacks and the network has only gotten better with time. Even Maker who refused to use Chainlink now indirectly uses Chainlink because all of their feed providers do. Compound is adopting Chainlink in conjunction with Uni’s oracle (Uni’s oracle not needed but another case of ego where Compound’s founder simply can’t admit that Chainlink got it right where they could not on their own). Uni is the last bastion of DeFi that is fighting Chainlink. For what? Going to kill the network.
I’m not saying that there shouldn’t be alternatives, I’m all for that. But developing a robust, useful oracle system is not an overnight task. It’s not a 1 month task. it’s not a 1 quarter or 1 year task. It will take all of Uni’s dev resources multiple years to do this properly. In what world would that be the right decision unless they wanted to fully pivot?
I have an FX multi-bank trading platform background and for me “Oracle problem” is very similar to a price-fixing problem on FX market. (ex. google: “Global banks admit guilt in forex probe, fined nearly $6 billion”)
The solution for FX was to move away from fixings as price Oracles, where there might be some particular interests that can be in billion of $$$, and focus more on the tradeable price. Even if $10 billion would be at stake to get 50%+1 on price Oracle, we are never sure, if the interest is not bigger than $10 billion (imagine Crypto Market Cap of $100 trillion).
This brings me to a basic question: how to create better link between the value of ERC-20 token and the value of USD/EUR/GBP/JPY/… to get more people using smart contracts in the real economy?
From my perspective, the real race to bring more trust to a stable coin market is not a race between price Oracles (we learned from FX that they are vulnerable by its nature), but how to make Tether-like projects (ERC-20 to FIAT “bridges”) big enough to compete with CLS settlement system. If we will get the settlement right (from ERC-20 to FIAT), the instrument price will always follow. Arbitrage will do the rest even if the price of all tokens would drop 99% in 1 minute. This would not be the case for price Oracles.
Currently, CLS is big enough to get the trust of $2 trillion per day (google: “CLS FX TRADING ACTIVITY march 2021”), if Tether-like solutions will get closer to CLS, the interbank market will follow and then a Crypto Market Cap of $100 trillion will become possible. CLS has achieved scale in fully CENTRALIZED way. Our job is to do it in a fully DECENTRALIZED way.
To fully integrate ERC-20 with FIAT we can copy one popular pattern from FIAT:
It is common to see wealthy people putting money in 50-100 banks to get credit risk distributed (done usually by family office). It is not possible to avoid counterparty risk in FIAT, but government deposits insurance of $100k-250k for each individual bank is at least addressing some part of the risk. Having it in different jurisdictions is reducing the risk even more.
Let’s try to replicate this on blockchain:
- Every regulated crypto broker/crypto bank that has access to FIAT system should issue its own stable coins in all supported currencies. The stable coin would represent a deposit with this particular broker/bank. Each broker/bank could have its own rules on how deposit works (ex. if this would be a bank, it would be probably willing to use this FIAT money for its own lending activity, the same way as in case of regular FIAT deposit)
- The only function of the broker/bank would be to redeem their stable coins for FIAT (they don’t need to make markets → this will be done by market participants)
- This would result in 200-300 stable coins in all possible currencies issued by different brokers/banks
- Stable Coin Baskets would be created via smart contracts (ETF like products with stable coin basket redemption to allow arbitrage via FIAT settlement)
- Stable Coin Baskets would compete with each other for the best basket of stable coins/best smart contract structure/best governance
- Even if one or the other stable coin issuer will stop redeeming its own stable coins for one or the other reason the whole system should survive.
- Each Stable Coin Basket/Basket of Baskets can have its own protocol fees and Treasury that would compancate when some coin in the basket would become “insolvent” (= not convertable to FIAT).
Our first task: make it very simple for regulated crypto brokers/crypto banks to issue their own stable coins
I’ve expanded upon my thoughts on this proposal in this Twitter thread here. In my opinion, this proposal would require a serious pivot from the Uniswap team from being a decentralized exchange to also creating a dedicated oracle protocol, a multi-year full-time task to accomplish. Projects specializing in building a specific piece of composable smart contract infrastructure is the beauty of the DeFi stack, it leads to efficient usage of limited developer resources.
To note, the Chainlink Network is already cryptoeconomically secured by the $46B FDV LINK token through implicit incentives (oracle nodes are paid in and hold native tokens whose value is derived from the health of the network as a whole). This form of cryptoeconomic security is already seen with the Bitcoin and Ethereum networks today (miners hold and are paid in native coins) and is why the honest majority assumption works, it’s backed by economic incentives and penalties. Additional cryptoeconomic security through explicit staking (the slashing of deposited stake from malicious nodes) is being worked on and will be implemented with Chainlink 2.0, discussed in the recent whitepaper.
These approaches raise the cost of attack, which is why I believe Chainlink Price Feeds are already well suited for securing high-value DeFi smart contracts like Aave, Synthetix, and algorithmic stablecoins like Reflexer, Ampleforth, etc.
Thanks for elaborating on forking and the risks Uni’s oracle might face. However I still don’t understand this, maybe I’m just too dumb
Any links/resources to read in order to understand it is very much appreciated
I guess the assumption is nobody will continue to trade on uniswap if UNI is used to break oracles. And then UNI price crashes to zero. Not sure how well it holds up because uniswap is trustless.
So how does chainlink implement this cryptoeconomic security? To my knowledge there is no penalty system in place. Remember this one time where a node operator by accident swapped the gold price feed with that of silver. Some users on synthetix profited hugely from this, while the nodes still had their LINK payouts (no penalties applied). Point is that a node can serve just about any data no matter the quality. There is no mechanism to judge on whether this data is correct and penalize accordingly. Probably this is what Vitalik meant with ‘incentives are not clear’.
I can expand upon Chainlink’s cryptoeconomic security for clarity. Chainlink oracle networks are cryptoeconomically secured today through implicit incentives. Each Chainlink node in the network holds and is paid in LINK tokens for their oracle services. The value of LINK itself is derived from the health, adoption, and reputation of the network as a whole, creating a strong economic incentive for each node to provide a secure and reliable source of external data (e.g. ETH/USD) in order to uphold the value of not only their current LINK holdings but also their future revenue (which is denominated in LINK).
We see implicit incentives in existing networks like Bitcoin and Ethereum. Because Ethereum miners hold and are paid in ETH, they operate the protocol faithfully because a corrupted network would result in the devaluation of ETH due to the destroyed trust of the network, creating financial harm to themselves. In the Chainlink Network, a successful collusion attack between the most reputable and profitable nodes that ends up results in a significant loss/exploits for DeFi protocols would likewise destroy trust in the network, resulting in a devaluation of the value of LINK.
In addition, each individual Chainlink node is a publicly identifiable entity with their individual future revenue, reputation, and off-chain business on the line. Chainlink nodes operated by enterprises like Deutsche Telekom and data providers like Kaiko have significant revenue both within and outside of the Chainlink network, which would be forfeited through malicious activity. Therefore, for economically rational nodes, it is more profitable to be honest, which is why the honest majority assumption works for networks like Bitcoin, Ethereum, Chainlink, etc.
What you noted about the gold price feed from a year ago wasn’t an attack on the network but a misconfiguration of a single feed that resulted in minimal issues. If tens of billions of dollars had been stolen as a result, the value of LINK would have certainly been significantly affected here, creating a financial penalty. The devaluation of the native token depends on the severity of the network issue/attack. The Chainlink network has been significantly hardened since then and uses an entirely different oracle network model, so such issues have not occurred since, but the security of the Chainlink network is not static and continues to evolve.
The Chainlink 2.0 whitepaper was recently published which modeled an explicit staking mechanism where nodes stake their LINK tokens in a service agreement and can be slashed for providing manipulated data. Here, a two-tier oracle network model is used, with a low-cost first-tier that continuously generates oracle reports and a higher-cost maximum-security second tier used for settling disputes, which creates a super-linear staking impact where the cost of attack is significantly greater (quadratic in the number of first-tier nodes) than the sum of all deposits within that network.
The first-tier consists of nodes explicitly staking LINK while the second-tier consists of the most reputable, reliable, and profitable nodes in the Chainlink network who have the greatest financial exposure to LINK and as rational economic actors resolve the rare disputes accurately in order to uphold the value of their LINK holdings, LINK staked in other first-tier networks, future LINK revenue, and individual reputation. The whitepaper goes much deeper into this mechanism than I can cover here, but this mechanism would provide slashing-based cryptoeconomic security in addition to the existing implicit incentives-based cryptoeconomic security.
Reposting this from another forum to add to the discussion (not my opinions)
This is a good thread so I will drop some alpha
Vita|ik makes UNI oracle thread
intentionally designed as |ow-frequency/high-latency oracle
speci?cally mentions Optimism
mentions lots of weird quirky constraints that it will need to have which don’t make sense on
Here is the deal. Optimisms business model is to Auction off MEV. Every single block on
Optimism will need to have near optimal MEV extraction for this to be economical.
This presents a problem when we think about oracles. If you are the block sequencer on
Optimism, where will you put the oracle update transactions? Where ever they are most
pro?table for you. And in extreme cases you can actually censor them. Yes I know some
Optimism fag will tell you how they added some feature to prevent censorship, but without
disclosing specifics I am categorically telling you they cannot promise true censorship resistance
on Optimism in it’s current design.
This is a huge problem for oracles obviously.
The reason for the high-latency nature of Vitalik’s oracle is to make the oracle update window
span far enough into the future that the MEV aspect happens less frequently. How ever,
whichever lucky sequencer manages to catch the occasional oracle update gets a nearly
guaranteed fat arbitrage, as it has been hours or potentially days since the last oracle update,
so the arbs will be fucking huge.
The fatass giga arb is what will incentivize the sequencers to actually include the oracle update
in the block. Othenlvise they would just keep trading on grossly mispriced assets.
This setup provides nearly guaranteed MEV against protoools which use oracles. Optimism
needs MEV to fuel their revenue. If this kind of design was not used, the MEV could potentially
dry up as protocols get smarter at designing around MEV and actually giving a shit about their
This is a bit of a dirty secret, but idgaf. The truth will set us free.
There is currently no way for a consumer to steer a data curation process or incentivize the chainlink network to add more weight to a specific datasource. Having a honest majority is a fair starting point, but it’s not enough. There can be all sorts of other data quality issues down the line that you have to monitor constantly. Data usage is always context dependent and some consumers might prefer some feeds over others in their aggregation .
I think that CL ideally should hand over the curation to the protocol actors instead of managing it themselves. This feed misconfiguration is a good example that this is a pain point to be improved upon. This is needed to make it more decentralized and censorship resistant.
This also the reason why the proposal for the UNI oracle makes sense to me. You want have data quality control in the protocol user’s hands by adding a dispute governance process. I’m not sure how the disputes are resolved in chainlink 2.0 but it does sound like a good way forward.
Chainlink is a framework for building oracle networks, so anyone can create a network that uses and weights any selection data sources desired for their use case, which we have seen in the creation of different oracle networks for different dApps. The management of the Price Feeds used by the larger DeFi projects like Aave and Synthetix was already been improved upon with the hiring of Ben Chan a year ago to lead engineering at Chainlink Labs (who was previously CTO of the multisig firm BitGo and co-architect of WBTC) to improve the processes around specific parameter changes, as well as an expansion of the multisig participants to include the larger ecosystem users as signers.
If maximizing market cap is the goal for security, why not use an oracle that fully operates on the blockchain’s native currency e.g. ETH?
Using a native token for oracle networks maximizes security and long term sustainability in the form of implicit incentives and network subsidies. As noted before, oracles holding and getting paid in a token whose value is derived directly from the health of that oracle network provides greater security as nodes operators are more financially exposed to the health of that network, aligning incentives. Using ETH doesn’t provide this dynamic as its value comes from the health and adoption of the Ethereum network, not any specific oracle network. Additionally, a native token provides subsidies (like a block reward) which is used to not only bootstrap new oracle networks, but also provide oracles a higher revenue (creating a higher opportunity cost of malicious activity as they could lose this income) and lower costs for users as they don’t have to pay the full costs, increasing usage of that oracle solution. This is why we have not seen any oracle solution operate at scale without a native token. This dynamic applies to both Chainlink and this proposal.
I am the original conceiver and designer of Augurs oracle system. Wanted to add some information not in this thread yet.
– Augur security margin (assuming it is still designed the same) comes from the universe forking where the oracle service is frozen while the two versions of REP compete for market cap. The one with the higher market cap at the end of the competition gets control of the existing markets. This requires an attacker to not just have n/2 of the market cap, but to have enough to inflate a worthless crypto at a price for an extended period of time. I forget some specifics, but assuming all holders of the fake REP sell (as is rational to do) at slightly above full market value of the real REP (as is required for the attacker to win), the cost of attack in actually n. Its possible to extend this into an infinite security margin by having multiple rounds where the attacker must double the amount of money honest holders have each time. This infinite security margin comes at the cost of arbitrary long amount of time to freeze the oracle services.
– Chainlink V2 has serious security margin issues as laid out in the V2 whitepaper. It seemed suspicious when I skimmed the paper originally, but it was not until a writeup made the week in ethereum news making a convincing case that a second tier does not help at all with the security and it is not actually n^2. That said, I am completely confident Chainlink will resolve this design issue. After all, they had to make it in secret with NDAs and a bit too many non crypto university professors. Now that they are able to get wider community input I am confident Chainlink v2 will be a quality product with many capabilities. Makes me wonder though if Chainlink V2s multi hundred page paper with huge ambitions and complexity as well as security margin issue was why Vitalik chose to make this plea to Uniswap instead. He probably just wanted a high market cap erc20 that was not Chainlink to make the request to since a high market cap is a prerequisite to a secure oracle.
– Augurs model can be sped up close to real time if the data at hand is simply a price number because it doesnt require human interpretation. A node can be coded to just automatically contest and stake against incorrect prices with a single block delay, doubling until a fork. Because it can be automated it wont be as slow as Vitalik and others in this thread are assuming. It would even be fast enough (1 block delay almost always) for liquidation, although someone can delay the price update a few blocks in a row by frivolous contesting. This frivolous delay would probably not be able to be more than several blocks though because of the bond doubling each time. Another catch is that all services relying on this oracle would have to be able to gracefully handle the price feed being delayed, or potentially frozen for a long time if a fork happens.
– I agree with the general sentiment that this is orthogonal to Uniswap raison d’être. While it would add value to the UNI token, it is a pretty serious ‘side project’ to do an upgrade that includes UNI tokens splitting in a fork. It may also for security add requirements for UNI token holders to take action in the event of a major contentious event. It may also be a waste of resources if Chainlink delivers a high security margin solution with the ability to contest and lose increasingly staked amounts. I expect that a sped up and automated version of Augur oracle but for price feeds that typically resolves in a single block will eventually exist, and Chainlink will probably take it. Still if Uniswap governance has a huge amount of money to throw around, this has a chance of adding value to the UNI token, and perhaps this is worth doing, but really think they probably have better value propositions.
Good post. I would argue that UMA is the sped up + price focused version of Augur that you suggest in your post. The UMA design owes a lot of inspiration to both Augur and V’s schellingcoin post.
coming from vbuterin, I don’t think I have any arguments not to support your proposal
Guessing this idea is dead now since @vbuterin abandoned it and Uniswap is exploring Arbitrum which uses Chainlink oracles?
This is great proposal and uniswap will be more great.
one small step for crypto, one giant leap for cryptocurrency