Crypto’s data oracles are a hidden vulnerability
Good morning, and welcome to Protocol Fintech. This Monday: the crypto oracles, buy-now-pay-later debt and Singapore’s fintech bash.
Off the chain
Apple is a notoriously opaque company, and its size now allows it to hide the strength of the businesses it incubates. Executives offered a few hints in their latest quarterly call with analysts. Payment services set a revenue record (how much?); Apple is looking forward to rolling out a high-yield savings account (when?). Despite the hype, Apple’s push into financial services is more of a question mark than an exclamation point. It will remain so until we get some real numbers.
– Owen Thomas (e-mail | twitter)
Oracles of risk
The data oracles, the automated feeds that provide vital price data to smart contracts and enable trading on blockchains, are drawing increased scrutiny over their roles in recent hacks and the vulnerabilities the industry’s reliance on them creates. They are also attracting more investment from VCs and bigger crypto players who see an opportunity amid this fear.
The crucial role oracles play in crypto came a day after two hacks this month: a $114 million hack of Solana trading service Mango Markets and a smaller attack on Moola Market, both involving oracle price manipulation.
- Oracles bring off-chain data to blockchains so they can work. Blockchains cannot execute or record trades without the market prices provided by oracles. They’re a critical piece of infrastructure, in other words, though it’s rare for anyone but smart contract developers to consider their value or dig into their vulnerabilities.
- Many DeFi protocols rely on Chainlink, an open source technology, to provide pricing. Founded in 2017, Chainlink uses a network of interconnected oracles to provide 60% to 90% of market data across all of DeFi, according to Sergey Nazarov, co-founder of Chainlink Labs. This year, it has helped process more than $6.4 trillion in transactions, he said.
- Chainlink started on Ethereum but is now on more than 15 blockchains. It is also looking to expand its approach to other fields such as insurance and blockchain gaming.
There is a growing interest in alternative oracles. That’s despite — or perhaps because of — Chainlink’s ubiquity.
- Binance launched a native oracle service last week for its BNB Smart Chain, taking internally a system that had previously run on Chainlink, the largest oracle provider.
- API3 and Flux claim to be more decentralized than Chainlink. While Chainlink’s oracles are dispersed among various nodes, their selection is still controlled by Chainlink, said Dave Connor, co-founder and head of business development at API3, which is trying to solve this by managing its oracles with a DAO.
- Nazarov said ChainLink feeds are “decentralized at the data source, oracle node, and oracle network level,” meaning they have “strong protection against downtime and tampering.”
This debate between efficiency and decentralization is common in crypto. “The reality is that over time everything becomes more centralized,” said Boris Wertz, who invests in crypto at Version One Ventures, citing bitcoin mining and ether staking as examples.
- Some insiders say that having one large vendor or a small number of vendors supporting the industry poses a risk to a new industry like crypto. “I think that’s why there’s a lot of venture money going after alternatives,” said Shawn Douglass, CEO of Amberdata, which supplies data to Oracle Networks.
- It’s always a “good news, bad news” debate when a major player in a category does well, Wertz said. “Obviously, that player is most likely stronger in terms of security and scale than others. At the same time, if it is manipulated, many people will be affected.”
- Nazarov said Chainlink’s size isn’t a risk, because it’s open source and can be customized to be as secure as developers want it to be.
People disagree about how responsible oracles were for the Mango Markets attack and other events. But even if an oracle is correct, the way it’s used can pose “very significant risk,” said Austin Campbell, head of portfolio management at crypto infrastructure firm Paxos. Such debates are likely to continue. As institutional players get deeper into crypto and regulators dig in, critical parts of the infrastructure like oracles are sure to come under more scrutiny. Oracles can know things that are not on the blockchain. But their ultimate test may come in knowing themselves.
– Tomio Geron (e-mail | twitter)
A version of this story first appeared on Protocol.com. Read it here.
A MESSAGE FROM THE FINANCIAL TECHNOLOGY ASSOCIATION
The news is out! Join the Financial Technology Association’s first Fintech Summit: Shaping the Future of Finance, produced in partnership with Protocol. Taking place in Washington, DC on November 16, the summit will examine the most pressing issues in fintech.
Read more and book your place here.
On the money
Credit card debt is back at pre-pandemic levels. Total card balances in the US reached $916 billion in September, returning to December 2019 levels after balances fell sharply during the first months of the pandemic.
Hong Kong released a new policy statement on crypto. In a bid to shore up its fading status as a global financial hub, the autonomous region’s government said on Monday it would seek “risk-based handrails” to regulate virtual assets.
Senator Elizabeth Warren wants stricter Zelle rules. The senator sent a letter to the Consumer Financial Protection Bureau calling for rules to stamp out fraud on the payment platform.
“Buy now, pay later” pushes Gen Z into debt. Pay later offers have attracted young consumers with poor credit history, who saw it as an alternative to credit cards for the TikTok generation.
Binance is working on blockchain applications for Twitter. The crypto exchange backed Elon Musk’s Twitter purchase with $500 million. Now that the deal has gone through, there is a co-investor with Musk.
Overheard
SEC commissioner Horses “I’m Not Your Crypto Mom” Peirce advises caution when it comes to NFTs. “I think the SEC has provided very little clarity,” she told Decrypt. “There is a lot of uncertainty. And in situations where there’s so much ambiguity, I think people really have to be very careful. This is not the ideal state.”
Coming up
NFT San Francisco takes place Monday at the SF Jazz Center. Panels delve into NFTs and music, film, gaming and consulting.
Global Payments reports earnings on Monday. The Zacks’ consensus EPS forecast is $2.38 versus $2 for the same quarter last year.
The LA Blockchain Summit runs Tuesday through Thursday. Speakers include SkyBridge Capital’s Anthony Scaramucci and Miss Teen Crypto Randi Hipper.
Paycom and SoFi report earnings on Tuesday. The Zacks Consensus for PAYC is EPS of $0.81 versus $0.52 last year. SOFI’s consensus is $0.10 versus $0.05 a year ago.
Robinhood, Zillow and eBay announce earnings on Wednesday. Zacks’ numbers for HOOD are much improved, forecasting a quarterly loss of -$0.33 versus -$2.06 last year. ZG’s forecast also turns to -0.28 dollars against -1.22 dollars last year. Analysts’ forecast for EBAY is unchanged from a year ago at $0.74.
The Singapore Fintech Festival runs from Wednesday to Friday. Speakers include Vitalik Buterin and Melinda French Gates.
PayPal, Block, Coinbase and Bill announce earnings on Thursday. PYPL’s quarterly EPS forecast is $0.70 versus $0.90 a year ago. Analysts predict that SQ will swing to a loss of -$0.15 from earnings per share of $0.05 last year. And COIN’s forecast is a big swing down to $-2.23 from $1.62 a year ago. BILL’s loss is estimated at -$0.50, slightly down from -$0.47 a year ago. The company also dropped the “.com” from its name recently.
Don’t miss our Protocol Enterprise event “AI and Chips: What the Future Holds for the US and China,” Thursday, November 3 at 10:30 a.m. PDT/1:30 p.m. EDT. Protocol Senior Reporter Kate Kaye will moderate two panels on cross-border AI technology and AI “value competition”. Save your space now.
A MESSAGE FROM THE FINANCIAL TECHNOLOGY ASSOCIATION
At the #FTAFintechSummit, we bring together the most important players in fintech, from founders to policy experts, regulators and industry leaders. You will gain access to discussions on fintech transformations that are driving competition, breaking down barriers to financial services and shaping the future of finance.
RSVP today.
Thanks for reading – see you tomorrow!
window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){
(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l="+l:"';j.async=true;j.src=" })(window,document,'script','dataLayer','GTM-TBZ76RQ');
var gotag = document.createElement('iframe'); gotag.src = " gotag.style.height = 0; gotag.style.width = 0; gotag.style.display = 'none';
document.body.appendChild(gotag); console.log('gtag appended')
});
window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){
console.log("script runs"); const subscribeForm = document.getElementById("mc-embedded-subscribe-form");
subscribeForm && subscribeForm.addEventListener("submit", (event) => { const errorTarget = document.getElementsByClassName('mce_inline_error'); const responseTarget = document.getElementsByClassName('response');
if (errorTarget.length > 0) {
console.log("errors test");
for (let i = 0; i < errorTarget.length; i++) {
if(!errorTarget[i].classList.contains('newsletter-element__input')) {
setTimeout(() => {
errorTarget[i].style.display = 'none';
}, 4000);
}
}
}
if (responseTarget) {
setTimeout(() => {
for (let i = 0; i < responseTarget.length; i++) {
responseTarget[i].style.display = 'none';
}
}, 4000);
}
}, false);
});
window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){
function mc_resp_0(a){a.style.display='none';a.removeAttribute("class");a.innerHTML='';}
document.querySelectorAll("form#MC").forEach(function(form){form.addEventListener("submit",function(e){e.preventDefault();if(document.querySelector('#MC_robot').value !==''){return false}var script = document.createElement('script');let email=form.querySelector('input#MC_email');script.src=this.action.replace('/post?','/post-json?')+'&EMAIL='+email.value;document.body.appendChild(script);var callback = 'callback';window[callback] = function(data) {delete window[callback];document.body.removeChild(script);
var parts = data.msg.split(' - ', 2);if (parts[1] === undefined) {msg = data.msg;} else {var i = parseInt(parts[0], 10);if (i.toString() === parts[0]) {index = parts[0];msg = parts[1];} else {index = -1;msg = data.msg;}}let resp=form.querySelector('#MC_resp');mc_resp_0(resp);resp.innerHTML=msg;if(data.result=='error'){resp.classList.add('bad');}else{resp.classList.add('good');email.value="";}
resp.style.display='inline-block';setTimeout(function(){mc_resp_0(resp)},3000);
console.log(data);}
})});
});
window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){
(function(d,s){var DID="b0bf7582-16c5-4fc1-a03f-8f705ea43617";var js,fjs=d.getElementsByTagName(s)[0];js=d.createElement(s);js.async=1;js.src="https://track.cbdatatracker.com/Home?v=3&id='"+DID+"'";fjs.parentNode.insertBefore(js,fjs);}(document,'script'))
});
window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){
!function(e,t,r,n){if(!e[n]){for(var a=e[n]=[],i=["survey","reset","config","init","set","get","event","identify","track","page","screen","group","alias"],s=0;s
} else if(offsetElement.getBoundingClientRect().top < topValueToCheck && stickySahreContainer.getBoundingClientRect().bottom < bottomValuetoCheck) { stickyShareElement.style.position="absolute"; stickyShareElement.style.top= "auto"; stickyShareElement.style.bottom= "0"; stickyShareElement.style.left= ""; } else { stickyShareElement.removeAttribute("style") } }, 100); if(window.innerWidth > 768){ window.addEventListener("scroll", setSharePosition); window.addEventListener("resize" ,function(){ leftShareOffsetValue =window.innerWidth > 900 ? (( offsetElement.getBoundingClientRect().left-80 )): 20; }) } }
});