In light of the recent attacks surrounding the bZx protocol, we have worked closely with the Chainlink team to identify vulnerabilities and integrate superior solutions to harden our overall security. Specifically, to prevent the recurrence of the price oracle attack on February 18, 2020, in which a user used a flash loan to manipulate an illiquid on-chain oracle far beyond the true market price to gain a major advantage on his bZx margin position.

After many focused discussions and weighing the different options, we have decided to quickly adopt Chainlink’s decentralized oracle networks as the basis for our new price oracles over the long term. By using Chainlink’s decentralized oracle solution, each of our critical price feeds is secured by numerous independent nodes, which collectively source data from over 7 independent data aggregators. This gives our price oracles significantly greater exposure to true market-wide price discovery from top liquidity sources and introduces far stiffer security barriers thanks to decentralization at both the oracle and data levels. Thus combined, this eliminates any attack vector that can be easily exploited by vastly increasing the amount of capital and multi-party coordination needed to carry out any future attacks.

To better understand the advantages of this new oracle model, we’ve outlined the security concerns around using on-chain oracles. We then discuss why switching to Chainlink’s decentralized oracle solution will bring critical security back to bZx and ultimately re-establish marketwide trust. Since all DeFi protocols are subject to such oracle attacks, this incident can serve as an important case study on how to improve the security of the entire ecosystem, while continually pushing towards the end goal of completely decentralized finance.

The Limitations of On-Chain Price Oracles

Before diving deeper, it should be noted the extreme importance of data in the DeFi ecosystem. Smart contracts are data-driven instruments that produce outputs based on inputs. In the case of DeFi, accurately settling financial contracts is critically dependent on having quality market data in real-time that reflect true market conditions. Even if the underlying smart contract is coded perfectly, the output is still fully dependent on the input it receives. This means that securing accurate market data is as crucial to the security of decentralized finance as the underlying smart contract itself.

Decentralized exchanges (DEXs) are an exciting frontier for the blockchain space as they allow the non-custodial exchange of digital assets without a central third party. There are two models emerging:

  1. order book exchanges, such as Kyber Network, which matches buyers and sellers;
  2. non-order book exchanges, such as Uniswap, which use on-chain liquidity pools and simple bonding curves. Both models have greatly accelerated the advancement of DeFi and will likely continue to do so moving into the future.

The problem is that on-chain DEXs are still quite a novel concept and therefore subject to low liquidity. This low liquidity makes their on-chain price subject to major fluctuations far outside the true market price when aggregated across all the top liquidity sources. For this reason, on-chain price oracles are not suited for being reliable price oracles, especially on their own or even in an aggregated model where they hold substantial weight.

If a Dapp is using such an oracle model and it is known to the public, any user can exploit this price oracle with limited resources. This has been compounded with the introduction of flash loans, which allows users to quickly access capital with almost no upfront costs. They can use that capital to easily manipulate an illiquid price oracle for the benefit of a trade they’ve placed on a Dapp that sources their price feeds from this on-chain oracle. This was the exact exploit introduced in the second hack, which is why bZx is moving to a new solution powered by Chainlink.

To mitigate the vulnerabilities associated with on-chain price oracles, we have now switched our price oracle mechanism to Chainlink’s decentralized oracle networks. We will be using and sponsoring some of Chainlink’s Price Reference Data for DeFi, which already includes many of the critical data feeds we need. Those data feeds are also used and supported by other DeFi projects such as Synthetix, Aave, Nexus Mutual, and Loopring, and will likely expand to include more in the near future as there is great value in multi-project support for common price feeds that are widely used across the market. This ensures the maintenance of critical price feeds in a truly decentralized ecosystem effort.

Chainlink’s Price Reference Data Contracts are decentralized oracle networks made up of multiple independent, security reviewed, and Sybil resistant node operators. These nodes are run by leading blockchain DevOps and security teams, many of which have extensive experience running POS nodes that secure millions of dollars in value across multiple blockchain networks.

These decentralized oracle networks provide on-chain prices for a variety of important markets, such as BTC/ETH, DAI/ETH, SNX/ETH and more. On-chain prices are calculated by having each independent node retrieve data from one of ten different data aggregators, with every network containing several independent data aggregators. The nodes’ individual responses are then aggregated together to form a collective response, which is then sent on-chain as a new price update to the reference contract. Updates can be programmed to occur in time intervals (hourly, daily, etc.), price deviations (such as every 1% change in price), or some combination of both.

This new model offers increased security since both the data delivery mechanism of the oracle and that actual data source itself is far more decentralized and accurate than any on-chain oracle mechanism. Since there are numerous independent oracles that secure each price feed, there is no single point of failure at the node level. This is beneficial towards maintaining perfect uptime, as well as avoiding a single oracle being the sole subject of truth or tampering with the price feed due to incompetence or bribery. Likewise, having numerous independent nodes source data from many independent, yet trusted data aggregators, the on-chain price used by Dapps to execute critical smart contract functions reflects the true market price since its obtained via an aggregation of the top liquidity sources for that particular market price.

This allows bZx far better exposure to true price discovery that cannot be easily manipulated by outside forces. While some coins simply have illiquidity even when aggregated across all exchanges, most coins have much stronger liquidity when combining the various liquidity sources across the market. Therefore, attacking all these at the same time is not only more complex, but also requires significantly more capital to carry out. Chainlink allows bZx to tap into market-wide price discovery, which will substantially harden our oracle mechanism against illiquidity attacks.

Even in the situation where a DEX has strong liquidity for a particular market, such a market is likely to have great market-wide liquidity given its general popularity. Therefore, the security guarantees are still much stronger when aggregating the price from all the top liquidity sources, as opposed to just one, even if it’s highly liquid. Important price feeds are even more critical to protect, given they can be used in more combination across DeFi with potential access to larger pools of capital.

“We’re excited to work with the experienced and technically sound team developing on Chainlink to mitigate any future oracle attacks on bZx. Chainlink’s decentralized oracle networks greatly increase the accuracy of our critical price oracles by deriving them from an aggregation of the top liquidity sources. This gives us market-wide exposure to price movements while retaining the highest-security standards thanks to extending the security guarantees of our underlying smart contracts to include a secure, decentralized oracle mechanism. We’re confident that incorporating Chainlink will harden the security of critical bZx functions that are dependent on accurate price feeds, ultimately reestablishing bZx as a trusted protocol within the greater DeFi ecosystem.” - Tom Bean, Founder and CEO of bZx

If you’re a developer and want to connect your smart contract to existing data and infrastructure outside the underlying blockchain, reach out to us here! We can help you quickly and securely launch your data-enabled application and/or Chainlink Price Reference Data Contract on mainnet today. You can also visit the developer documentation or join the technical discussion on Discord. Learn more by visiting the Chainlink website or follow us on Twitter or Reddit.

Chainlink is a decentralized oracle network that enables smart contracts to securely access off-chain data feeds, web APIs, and traditional bank payments. It is well known for providing highly secure and reliable oracles to large enterprises (Google, Oracle, and SWIFT) and leading smart contract development teams such as Polkadot/Substrate, Synthetix, Loopring, OpenLaw, Etherisc, Conflux, and many others.

About the author
Nick Sawinyh
Proud father, husband, and corgi-owner. Marketing @ bZx