Ep. 90 – Securing oracles for smart contracts – insights from Chainlink

Never miss an episode subscribe with

As smart contracts adoption on the blockchain continue to grow, ensuring end to end security is becoming more important. Oracles, trusted source of data, are increasingly seen as the weakest link in blockchain. In this podcast, Johann Eid, Product Manager and Developer Evangelist, at Chainlink  explains to us the role decentralised oracles can have in providing this end to end security.


What is blockchain?

Blockchain is essentially a decentralised ledger. It is transparent and can be public in a similar manner as to Bitcoin. Decentralised, transparent and permissionless technology such as blockchain can have a tremendous impact in the way people interact between each other. Bitcoin was the first type of blockchain before it was followed up with Ethereum. With Ethereum you can develop applications on top of the blockchain thus enabling new ways for people to interact with each other.


What is a smart contract?

Contracts are useful when two people who don’t necessarily trust each other want to interact with each other. They give trust to a third party to enforce that the contract executes in a manner that it should. Presently, these third parties are law firms, accountants, banks, and large institutions. Smart contracts embed the logic and enforcement of those contracts on the blockchain.

The properties of smart contracts work in a manner where you have a deterministic input which generates a predictable and consistent output. Thus, whether you have an insurance contract or a derivatives one, due to the properties of blockchain and smart contracts you can have two trust less parties, based in different parts of the world, transact together.


Off chain connectivity for smart contracts

Most smart contracts such as parametric insurance contract on the blockchain require real world data. Whether that is data generated by IoT devices or from legacy systems. For example weather related insurance smart contracts would need real world data provided by weather stations. Meaningful data is required to provide the deterministic input to trigger a smart contract.

Chainlink has estimated that 80% of smart contracts require off chain connectivity. Chainlink states that smart contracts are unable to connect with external data feeds, APIs, or any other off-chain resources on their own.

Chainlink acts as an all-purpose HTTP protocol-like equivalent (or HTTPS using a TEE) for messaging at the protocol and application level both on-chain and off-chain. Chainlink nodes are able to format messaging and data from public APIs into a readable format for smart contracts.


Are oracles the weakest link on the blockchain?

Oracles is often the name given for a source of data from which a smart contract connects to. Blockchains high level of cryptography makes them very secure. Smart contracts sitting on the blockchain are also secure. However, the oracles that provide real world data to smart contracts, more often than not, sit off chain and are thus sometimes considered to be the weakest link on the blockchain.

Decentralised oracle networks, such as the one provided by Chainlink, provide a means to secure the integrity of the data that is provided to smart contracts. If for example 12 oracles are providing weather data to a smart contract and if one is compromised due to a technical error or malicious activity you still have 11 oracles providing reputable data.

Utilising a centralised, closed source, single oracle to provide a smart contract with real world data there is the risk of compromising the end to end security of the network. That oracle represents a single point of failure which defeats the decentralised nature of building a decentralised application (DAPP).

There are a number of risks involved with getting off chain data to a smart contract:

  • Data provider level:
    • If you have one data provider you are limited to what can be done to mitigate the risk. The best solution is to invest in additional sources of data.
    • If you have numerous data providers and one of the data provider turns out to be malicious then using the median level of the aggregate data set instead of the outlier one is the recommended approach
  • Node provider level. If the data is collected onto a single node there is the risk of it failing. Have decentralised nodes mitigates the risk


Arriving to a consensus

In situations where you don’t have malicious actors but the data providers are providing different data points. How is consensus achieved? Aggregation of data and finding the median of those data points is the means for achieving consensus. There are different aggregation means such as the waiting average that is dependent upon the level of trust attributed to each data providers.


Growth in IoT devices bringing more security

A lot of contracts, including insurance ones, revolve around IoT data. The present proliferation of IoT devices means more data providers which further secures the data provider layer. On top of it you have the node operator layer which relays the information to the blockchain thus providing an end to end security system. The growth of IoT devices brings more decentralisation and more redundancy which for Johann represents a big opportunity.



Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *