Chainlink's (LINK) Security Explained

By Michael @ CryptoEQ | CryptoEQ | 17 Jul 2022


f335db6f2e4517432f34c0844de36a5d54528d4db563ba6c0ba03f49c1a7e6a0.png

If you want more cryptocurrency analysis including full-length research reports, trading signals, and social media sentiment analysis, use the code "Publish0x" when subscribing to CryptoEQ.io to make your first month of CryptoEQ just $10! Or simply click the button above!

Blockchains are valuable because they use cryptography to verifiably guarantee security. However, each blockchain is its own silo, separate from each other, and cannot directly fetch and incorporate external data. Chainlink has created the vital middleware infrastructure to provide information to and from blockchains without sacrificing decentralization or security. 

On-Chain Reporting 

The core technology of Chainlink depends on a two-part process – on-chain and off-chain. On-chain, Chainlink is simply a series of smart contracts that respond to requesting contracts demanding data. Off-chain, the Chainlink architecture is a network of oracle nodes that connect to public blockchains. The Chainlink DONs support two ways of delivering off-chain data to smart contracts on-chain. The most common method that Chainlink oracles use to access external data and bring it on-chain is the Decentralized Data Model, which features a regularly updated smart contract representing a piece of data that can be queried on-demand in one single transaction. In another method that Chainlink uses, called the Basic Request and Receive Model, a user’s smart contract requests data directly from Chainlink nodes, and the reported value is received in the subsequent transaction. The latter model can be used to fetch random values or unique datasets, whereas the former model is used to fetch specific pieces of data. The Decentralized Data model is powered by Chainlink nodes that use the OCR. Data is fetched and aggregated off-chain before a single transaction is submitted on-chain, which contains each node’s signature and data point.

The oracle network contains a collection of nodes with specific job specifications that facilitate specific job executions coordinated by on-chain smart contracts. Theoretically, there is no limit to how many Chainlink nodes may exist, as anyone is free to participate in the network based on the vision of the project. Nodes operate independently of each other and cannot communicate with one another. Instead, nodes communicate with the blockchain node to which they are “attached” and listen for job requests. Each node sells the use of specific data feeds, off-chain payments, and APIs directly to the smart contract.

Chainlink’s nodes are reliable and secured by independent, Sybil-resistant oracle nodes that are run by large enterprises and data providers. Chainlink’s data feeds are decentralized at three levels: the data source, the oracle node, and the network, which eliminates central points of failure in sourcing and delivering external data to smart contracts. Data feed performance can be verified and audited in real-time using data analytics tools such as reputation.link and market.link.

The Chainlink on-chain smart contracts are “externally aware,” meaning they carry a piece of data that helps them integrate with non-blockchain applications. This is unique to Chainlink’s smart contracts and instills the working of oracles into their own contracts. This enables a decentralized oracle data feed that is aggregated into the smart contract off-chain and then converted into on-chain data. Chainlink’s infrastructure on-chain assists in oracle selection and maintaining an oracle reputation record.

The on-chain workflow has three steps: 1) oracle selection, 2) data reporting, and 3) result aggregation. The order-matching smart contract collects proposed bids from oracle providers. It then selects bids using a reputation contract and aggregates the oracle providers’ responses. It then calculates the final collective result of the Chainlink query and feeds the oracle provider metrics back into a reputation contract. 

For operations off-chain, Chainlink consists of a network of nodes connected to the Ethereum network. These nodes listen independently for off-chain requests. Eventually, individual responses to smart contract queries are aggregated and returned to a requesting contract. The off-chain architecture is equipped with external adaptors and subtask schemas. Adapters are external services that enable programs in any programming language to be easily implemented. Subtask schemas ensure compatibility between adapters, even in an open-source environment.

Chainlink has three checkpoints in place for preventing inaccurate data and reducing vulnerabilities or manipulation. To safeguard against single points of failure, data sent through the network is curated and verified through a decentralized majority voting system of Sybil-resistant nodes. Smart contracts are only executed when the same data is authenticated by multiple nodes. The network also cycles through oracles and, as of May 2020, leverages Verifiable Randomness Functions (VRF), providing a verifiable tamper-proof source of randomness within the oracle selection process. This helps preclude malicious node operators from coordinating an attack because they do not know when or if their data will be selected.  

Additionally, users of Chainlink nodes (smart contract creators) can choose the level of security deemed necessary amongst the participating oracles. Some use cases require high decentralization, while others can sacrifice decentralization for assured quality. In either scenario, the smart contract creator can optimize for their individual preference. Data providers who operate their own Chainlink node also cryptographically sign their data at the source, which provides smart contracts with security guarantees of its authenticity.

Finally, Chainlink utilizes a reputation and certification system for oracle performance, with community monitoring playing  a role in creating the reputation system and associated node slashing mechanism. The reputation contract within Chainlink keeps track of oracle-service-provider performance metrics. When a smart contract requests data, nodes in the network submit their data plus their LINK tokens as a stake. If a node is determined to have submitted faulty or inaccurate data, its LINK tokens are distributed to the other nodes that submitted accurate data. This punishment system incentivizes a continuous stream of honest data from decentralized sources. If a node submits bad data, it not only loses its stake but affects its reputation within the system as well.

As of Q3 2022, Chainlink has 1000+ price oracles, which are used as an aggregate pricing network for DeFi applications. Chainlink also secures over 3 billion on-chain data points as of the end of Q2 2022, with over $20 billion in total value secured. The on-chain infrastructure within Chainlink can be updated at any time and is already compatible with other blockchains. 

Off-Chain Reporting (OCR)

In February 2021, the Chainlink team announced Off-Chain Reporting (OCR) which provides efficiency improvements to how data is processed and moved across Chainlink oracles, resulting in a ~90% reduction in oracle operating cost. The Chainlink team stated that with this upgrade, DeFi users will have a 10x increase in the amount of data that can be put into their smart contracts, broadening the surface area of DeFi and allowing for more data to be brought on-chain. 

OCR accomplishes all of this by allowing nodes to communicate off-chain, enabling them to aggregate data without the cost of gas. The new process for nodes involves each node fetching data from multiple sources, signing it via their private key, and broadcasting it to the rest of the oracle network off-chain. Once enough of the oracle network has responded, only a single transaction containing all the node's attestation is processed on-chain. The signatures are then validated on-chain by a smart contract, thereby providing the security, transparency, and tamper-resistant properties inherent in the main chain.

The LINK token is an ERC-667 token that inherits functionality from the ERC-20 token standard and additionally allows token transfers to also contain a data payload. that offers the standard transfer, approval, and transferFrom operations. It also implements an ERC-677 interface to allow payment and invocation to be executed within a single transaction.

The Chainlink project has had one of the most active development communities, as measured by GitHub commits, for years. LINK users can follow development progress using tools provided by the team. 

Scaling and Privacy

In the future, Chainlink plans to increase privacy and scaling by implementing Trusted Execution Environments (TEE) for private off-chain computation. While TEEs do alter the amount of trust involved in the system, they allow for less computation on the base layer and enable more performance in, essentially, a guarded sandbox. Additionally, Chainlink is looking to enable Threshold Signatures (TS) which will allow for batching requests into chunks, thereby reducing costs and computational load. Because both of these implementations are done off-chain, greater levels of data privacy can be obtained, although not guaranteed. 

In an effort to bring further privacy to the smart contract transactions within the LINK network, Chainlink acquired Town Crier in 2018. Town Crier published research that came out of Cornell University and IC3 to bolster smart contract data privacy & security. 

Chainlink, in another effort to bolster data privacy within smart contracts, also introduced “Mixicles” in late 2019 with the paper, “Mixicles: Simple Private Decentralized Finance. “Mixicles” use oracles to build simple, privacy-preserving decentralized finance (DeFi) instruments by splitting them into two parts where the state is separated from the payment output.  

Chainlink 2.0 & Super-Linear Staking

The aim behind super-linear staking is the creation of a cryptoeconomic security framework under which an attacker will need significantly more resources than that which all Chainlink nodes have staked, combined. One of the specific reasons for this aim is to resist attacks on the network from very well-funded actors. Particularly, Chainlink aims to prevent its node operators from being bribed. In many staking networks, if a node has X amount staked then a bribe of X+d, where d is some small amount, should be sufficient to incentivize an economically rational agent to take the bribe. Bribing all nodes (where there are n nodes) would cost n * X. Super-linear staking aims to make the capital requirements for a successful attacker to be considerably more onerous; where the sufficient bribe budget must be greater than: 

9f7ecb37573e293fa3a17ce0f911b600cc0e61697332ef4d755d5e558432148b.png

83fe0fa4d29cd40b10e07115cfa42fe04efa045af572e7e4bc4f469efd458e9d.png

source

Superlinear staking is achieved via a tiered, or second layer, approach to watchdog priority. There is a default tier (the oracle network composed of n nodes) and a backstop tier composed of a user-selected set of nodes that have particularly good reputation scores or many more nodes. If an attacker wants to slip a nefarious entry past validators then they might bribe a watchdog. Chainlinks super-linear staking requires that all node operators be bribed since any of them can alert the network to a suspected malicious event. Hence the quadratic scaling with n, where n is the number of nodes in the network. 

This model ensures nodes are incentivized to report correct values as agreed upon by other nodes. Each new user that joins the Chainlink DON, therefore, lowers the cost for other users on the network and also lowers the average cost per unit of economic security. Due to super-linear staking, more nodes existing in a network contributes to a more economically secure network. Chainlink will now be secured by both implicit and explicit incentives, and super-linear staking signifies Chainlink’s approach to change economics to capitalize on network effects with incentives to run more nodes, as well as on economies of scale where security becomes cheaper as more nodes join. 

Chainlink’s cryptoeconomics aims to create a feedback loop in which increased user fees incentivize node operation which in turn leads to more data being put on-chain. 

4e23f5596f27b2bdb95e73170816b212651dcdec58d2c5d540782a04935dd2b0.png

Source

This economic incentive-based data-security model, in addition to aiming to protect oracles and their users, makes it more profitable for data providers to lock up collateral. In addition to price appreciation in virtue of increased buy pressure, tokens are being locked up as deposits, and thereby effectively taken out of circulation. Combine this with LINK’s non-inflationary tokenomic model (it is fashionable for many DeFi platforms, particularly those offering very high APYs to users out of inflationary token emissions) and there is a strong case to be made for LINK’s potential to accrue value. This all in addition to the staking model guaranteeting oracle security.​\729890f03a68b5c14f7f1b80e4b952f472bab2c71897373a9eb16a23de88ba0e.png

The long-term goals of Chainlink staking include increasing the crypto-economic security for Chainlink services, which is enabled by LINK tokens being able to be locked up as a service-level guarantee for network performance. An oracle’s stake can be slashed for violating the SLA terms. Another goal is higher community participation in the network and the generation of sustainable rewards for participation with the ability to stake LINK alongside node operators. Stakers will also have the chance to raise alerts against oracles and get rewarded if an oracle’s performance standards are not met. Related to user alerting, Chainlink is also introducing a reputation model for nodes to bring further security. This is another goal of Chainlink staking - to establish a reputation framework based on which nodes can be selected to participate in network services. Nodes will be judged based on response time and data accuracy as well as considering the amount of LINK each node is willing to stake for their oracle services.

Native LINK token emissions will set an initial base level of rewards, and as network usage increases, more rewards can come from other sources such as user fees and loss protection. 

971de48caced734bc0c2c23aa8057ace005b162b6dac309b9954bf1fd96b99fe.png

​Source

Chainlink v0.1 is projected for release later in 2022 and will first focus on a reputation framework and staker alerting system. A later v1 release will introduce additional functionality such as stake slashing and incorporating user fees as rewards. A v2 release in the future will introduce loss protection. The introduction of super-linear staking marks a new era for Chainlink’s network economics, with first releases designed to create a risk-minimized foundation, and later releases designed to scale Chainlink into a global standard with a growing user base.

CCIP: Cross-Chain Interoperability Protocol (CCIP)

Chainlink’s new Cross-Chain Interoperability Protocol (CCIP) features a cross-chain message relaying service and a cross-chain token bridge. Other forms of off-chain computation are also in development such as FSS, DECO, and Town Crier. The advancements of CCIP can create a sort of cross-chain hybrid smart contract that can allow blockchains to communicate with each other. 

The token bridge that is a part of the CCIP uses hundreds of independent Chainlink nodes to sign and validate cross-chain token transactions, which reduces a single point of failure and enables cross-chain asset transfer. CCIP creates a universal “plug and play” standard for developers working on smart contracts and allows developers to select the best code for the task at hand. Developers using CCIP can take advantage of the security of Ethereum and another chain’s speed and scalability, all in one smart contract.

How CCIP’s cross-chain message relaying service works is: A smart contract from a source chain can invoke Chainlink’s Messaging Router to leverage the Chainlink DON to securely send messages to the destination chain, after which another Messaging Router will validate it and send it to the destination smart contract. The use cases this feature enables is cross-chain yield harvesting, cross-chain collateralized loans, low-cost transaction computation, and new categories of DeFi applications over time. The CCIP token bridge is powered by Chainlink’s OCR 2.0 which involves Chainlink’s nodes cryptographically signing and validating all cross-chain token transactions. The token bridge supports minting and burning and locking and unlocking of ERC-20 tokens and is secured with Chainlin’s anti-fraud network. The bridge offers developers a universal interface that can transfer tokens to any Chainlink-integrated blockchain across both EVM and non-EVM chains. This eliminates the need for developers to build separate bridges with complex security vulnerabilities.

How do you rate this article?

72


Michael @ CryptoEQ
Michael @ CryptoEQ

I am a Co-Founder and Lead Analyst at CryptoEQ. Gain the market insights you need to grow your cryptocurrency portfolio. Our team's supportive and interactive approach helps you refine your crypto investing and trading strategies.


CryptoEQ
CryptoEQ

Gain the market insights you need to grow your cryptocurrency portfolio. Our team's supportive and interactive approach helps you refine your crypto investing and trading strategies.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.