How Chainlink Price Feeds Secure the DeFi Ecosystem
Chainlink Price Feeds went live in early 2019 to serve the increasing demand from smart contract developers building DeFi applications that require access to secure, accurate, real-time financial market data on blockchain networks. Chainlink Price Feeds have since grown into the industry-standard solution for price oracles, with over 900+ decentralized oracle networks running in production that collectively help secure tens of billions of dollars for hundreds of DeFi applications across numerous blockchains and layer-2 networks. Chainlinked DeFi applications include Aave, Benqi, Compound, dYdX, Frax, Liquity, Sushi, Synthetix, and many more.
This post will take a deeper look at how Chainlink Price Feeds secure the DeFi ecosystem, starting by exploring why DeFi needs oracles before outlining the seven key advantages of Chainlink Price Feeds that have led to their adoption increasing exponentially.
Zoom in. pic.twitter.com/5NLkYipvoI
— Chainlink (@chainlink) February 11, 2024
Introduction to DeFi Oracles
In just a few years, Decentralized Finance (DeFi)—an ecosystem of blockchain-based financial applications—has shifted from being a niche use case of blockchain technology to becoming one of the fastest-growing industries in the world. At its peak, DeFi had over $300B in total value locked (TVL), a metric tracking the sum of all crypto assets deposited within DeFi applications.
A prerequisite to the security of crypto assets stored within most DeFi applications is access to financial market data. For instance, money markets need real-time asset prices to accurately issue and liquidate collateralized loans while algorithmic stablecoins need current asset prices to reliably automate the management of their monetary policies. However, obtaining financial market data is difficult for DeFi applications because blockchains are inherently disconnected from the outside world, and most high-quality financial market data is generated outside of blockchain environments (i.e. off-chain). This lack of connectivity between blockchains and off-chain systems is commonly referred to as the “oracle problem.”
Overcoming the oracle problem requires the use of secure middleware known as an “oracle,” which provides blockchains with access to off-chain data and services. Oracles are essential to DeFi, most notably because they power on-chain price feeds that enable DeFi applications to instantly fetch the current or historical price of various crypto or real-world assets when executing critical functions. Because the data from price feeds determine the actions taken by a DeFi application, they are a target for exploitation, with insecure price oracles having caused tens of millions of dollars worth of losses. Therefore, to protect the billions of dollars within the DeFi ecosystem, secure price oracles are a requirement.
Chainlink Price Feeds for DeFi
Chainlink Price Feeds are on-chain reference contracts that are automatically updated by decentralized oracle networks (DONs) consisting of Chainlink nodes. Each reference contract stores the latest and the historical price of an asset in the form of an exchange rate (e.g. BTC/USD), which smart contracts can then query on-demand. Each Chainlink Price Feed runs on a specific blockchain network and regularly updates with fresh data based on predefined parameters.
To fully understand how Chainlink Price Feeds are secured and operated, let’s explore seven of their distinct properties that help secure the DeFi ecosystem.
1. Multiple Layers of Decentralization and High-Quality Data
One of the primary ways that Chainlink Price Feeds maintain a high level of uptime and data quality is by using a multi-layered decentralized aggregation system. Such an architecture mitigates single points of failure and helps ensure each oracle report reflects the true market-wide price of assets. There are several steps to aggregation architecture of Price Feeds.
Data Source Aggregation
First, the data is aggregated at the data source level. Raw market data is generated by a diverse collection of centralized exchanges (e.g. Coinbase, Binance, Kraken) and decentralized exchanges (e.g. Uniswap, Curve, PancakeSwap) as a result of trading activity.
Professional data aggregation firms (e.g. CoinMarketCap, CoinGecko, Tiingo) collect this raw market data from across exchanges and calculate refined pricing datasets. More specifically, the refinement process involves generating a volume-weighted average price (VWAP), with data from each exchange averaged together but weighted proportionally based on volume. Data aggregators also commonly account for various differences between exchanges, such as market depth, latency, and spread, and filter out market anomalies like flash crashes, wash trading, and other outliers so they don’t influence the final aggregated data point.
The result is each data aggregator supplying a data point with full market coverage—a price that reflects a refined aggregate of all trading environments as opposed to a small segment of the market, which may be inaccurate. Data aggregators also produce refined price data using a similar methodology for other asset types such as fiat currencies, commodities, and equities. This price data is then made available through an application programming interface (API), often through a paid subscription plan, meaning data aggregators have clear financial incentives to maintain accurate data and high API uptime in the form of service-level agreements (SLAs).
Node Operator Aggregation
Next comes aggregation at the node operator level. Each Chainlink node supporting a Price Feed is configured to connect with the APIs of multiple premium data aggregators, including password-protected APIs via native support for credential management. Then, when new price updates are needed, each Chainlink node fetches data from multiple data aggregators and responds with the median (middle) value. As a result, each individual Chainlink node offers enhanced resiliency by automatically removing data outliers and protecting against unexpected API downtime from data aggregators.
Oracle Network Aggregation
Lastly there’s oracle network aggregation. Multiple independent Chainlink nodes are grouped together to form a decentralized oracle network (DON) that regularly produces aggregated oracle reports containing each node’s individual observation (medianized price point) and signature (cryptographic attestation). The oracle report generated by a DON is then stored on-chain in the corresponding reference smart contract for a specific dataset (e.g. BTC/USD reference contract on Ethereum). Each time an oracle report is published on-chain, the integrity of each node’s signature is verified before the medianized value of all responses is stored immutably in the reference contract.
In order to maintain a high level of tamper resistance, at least two-thirds of the nodes within a DON must contribute their observations and signatures for the new oracle report to be accepted on-chain. This prevents any single node or small group of nodes from corrupting the final stored value or publishing an incomplete report on-chain. Furthermore, since the final median value is taken after an oracle report is published, at least half of the responding nodes would have to be corrupted to influence the final value stored on-chain and made available to contracts.
Chainlink’s multi-tier aggregation strategy at the data source, node operator, and oracle network levels helps ensure that every update of a Chainlink Price Feed reflects a thoroughly refined data point with a highly accurate view of an asset’s market-wide price.
For more on how Chainlink Price Feeds maintain a constantly high level of data quality, refer to this in-depth article: Data Quality for DeFi Smart Contracts.
2. High Quality and Hyper-Reliable Oracle Node Operators
Each DON is operated by a geographically distributed collection of Sybil-resistant, security-reviewed node operators with significant experience running mission-critical infrastructure. Node operators run the Chainlink node software across both cloud services and self-hosted bare-metal infrastructure. The Chainlink node software is open-source, MIT-licensed, security-audited, and has been battle-hardened over many years of mainnet runtime.
The node operators that power Chainlink Price Feeds come from a diverse range of backgrounds and industries and combine considerable experience and expertise to facilitate the secure and reliable aggregation and delivery of market data to blockchains. Some of the main types of Chainlink node operators include:
- DevOps nodes: Organizations that specialize in operating blockchain infrastructure such as Proof-of-Stake validators, Proof-of-Work mining pools, and full node RPC providers. These operators have extensive experience running important Web3 infrastructure, managing cryptographic private keys, and receiving cryptocurrency as compensation for their services. DevOps nodes include leading PoS staking pool providers such as Stake.Fish, P2P Validator, Staked, and more.
- Enterprise nodes: Institutions around the world that currently operate backend infrastructure for the traditional Web2 economy. These include global telecommunication providers such as Deutsche Telekom MMS and Swisscom as well as other global institutions.
- Community nodes: Organizations from the Chainlink community that are focused on supporting the ecosystem’s growth and have proven high levels of reliability. This includes the winners of the Chainlink Oracle Olympics, CryptoManufaktur, LinkRiver, and NorthWest Nodes.
Chainlink node operators also include cryptocurrency exchanges like Huobi, data providers like Tiingo, DeFi apps like Kyber, and a diverse range of other participants. By bringing together experienced and incentive-aligned infrastructure providers, Chainlink Price Feeds provide smart contracts developers with a high level of assurance that data will consistently be delivered on-chain at specific intervals or update frequencies.
3. Cost-Efficient and Decentralized Data Delivery
In order to balance the demand for accurate market data with the costs associated with bringing such data on-chain, Chainlink Price Feeds are highly configurable in terms of when and how oracle reports are delivered on-chain. In particular, there are two trigger parameters for determining when a new oracle report is published on-chain:
- Deviation Threshold: The percentage change in an asset’s price compared to the last update. For example, a 0.05% deviation threshold would trigger an oracle update if the global price of an asset increases or decreases by 0.05% since the last on-chain update.
- Heartbeat: The amount of time that’s passed since the previous update. For example, a one-minute heartbeat would trigger an update if at least one minute has passed since the last on-chain update.
These trigger parameters are commonly layered together so the update frequency of a Price Feed is higher during times of market volatility for better accuracy but lower during times of low market volatility for reduced costs. Each trigger parameter is set based on a number of factors, including market demand, the value being secured, the gas costs on the receiving blockchain, specific use case requirements, the expected market volatility of an asset, and more.
High-throughput chains can generally support faster update frequencies since Chainlink can run at the native speed and costs of each blockchain. On higher-cost blockchains, optimizing for cost reduction is crucial to long-term economic viability and to ensure oracle reports are published on-chain even during extreme network congestion. This is a large reason why Chainlink Price Feeds were updated in early 2021 to support the Off-Chain Reporting (OCR) protocol. Chainlink OCR leverages off-chain computation and peer-to-peer networking to reduce operating costs by up to 90%, allowing for up to 10 times more data to be delivered on-chain than before OCR’s launch.
Instead of each Chainlink node delivering its individual response for each update on-chain as a separate transaction with an associated gas fee, Chainlink OCR allows nodes to aggregate their responses off-chain into a single oracle report. This oracle report is then delivered on-chain in a single transaction, in which each node’s signature is individually verified and the median value of all observations is stored. Not only does this lower operating costs, but it also allows for greater node decentralization, faster update frequencies, reduced update latency, and further oracle computation customizations.
More technical information on OCR can be found in the Chainlink Off-Chain Reporting Protocol Whitepaper.
Through a combination of configurable trigger parameters and cost-efficient data delivery on-chain, Chainlink Price Feeds are highly resistant to adverse conditions such as periods of extreme market volatility and blockchain network congestion—the times during which accurate and on-time oracle updates are most in-demand and most necessary to keep user funds secure.
4. Multi-Layered Defense in Depth Approach
Chainlink Price Feeds also employ additional layers of security and monitoring to proactively mitigate potential issues, including black swan events.
On-Chain Transparency
Every oracle report generated by Chainlink Price Feeds is stored on the receiving blockchain network as an immutable public record. This allows anyone in the world to analyze the historical performance and accuracy of every Chainlink Price Feed update since inception. Furthermore, because each oracle report contains every responding node’s individual signature and response, the historical accuracy and uptime of every individual node operator is auditable.
The transparent on-chain nature of the data provided by DONs and individual nodes has led to the creation of various public dashboards and visualization tools. For example, data.chain.link provides a holistic overview into the current state of various Chainlink Data Feeds, offering metrics such as the latest trusted answer, trigger parameters, latest update time, node composition, and contract address.
Additional dashboards and transparency tools include the Chainlink Market, which offers deeper insights into the performance of Chainlink Price Feeds. The website is managed by an independent project within the Chainlink ecosystem.
Active Monitoring
Node operators supporting Chainlink Price Feeds employ an active monitoring strategy within their infrastructure setups to proactively detect issues before or when they occur. This includes using internal analytics tools to track real-time and historical node performance, as well as setting up notification alerts that notify of potential issues regardless of the day or time.
Active monitoring includes tracking a number of key data points and areas such as the balance of coins required for gas fees, price deviations, unexpected errors, unresponsiveness, hardware resource consumption, and more. On top of node performance and reliability, data providers are also monitored for accuracy and uptime, enabling node operators to switch to different providers for sustained data quality and reliability as needed.
Failover Capabilities and Disaster Recovery
As is best practice for maintaining high uptime with mission-critical infrastructure, node operators in Chainlink Price Feeds incorporate failover systems for increased resiliency. This commonly takes the form of automatically spinning up new Chainlink node instances on-demand or running at least two Chainlink nodes in parallel at any one time—one serving as the primary node with the rest serving as backups. If the primary node fails or becomes unresponsive, then a failover process occurs in which a secondary node immediately takes over to minimize downtime.
Failover capabilities extend beyond the Chainlink node deployments to also include the blockchain full nodes used to read from and write data to blockchains. This can take the form of a load balancer between multiple self-hosted full nodes, a failover pattern with premium full node RPC providers as secondaries, and various other approaches to high availability. Node operators also have disaster recovery systems in place to enable them to swiftly recover from black swan events. Approaches include taking regular snapshots, performing cloud migrations, and other methods of recovering if data becomes unexpectedly corrupted.
To learn more about some of the general security practices that Chainlink node operators employ, refer to the Chainlink Documentation on Security and Operation Best Practices and Best Practices for Deploying Nodes on AWS.
Backup Oracle Networks and Client Diversity
Chainlink Price Feeds on some blockchains leverage additional redundancies in the form of backup oracle networks, with feeds consisting of a primary DON and a secondary DON. The DONs update two separate reference smart contracts, with a proxy smart contract pointing to one of the two versions. In normal circumstances, the primary DON operates as the default DON for a feed. However, if there is an issue with the primary DON, then the proxy contract can switch over to a secondary DON.
The secondary DON consists of nodes that update to new node software releases on a delayed schedule, creating a form of software client diversity and adding another layer of protection for Chainlink Price Feeds against unexpected software bugs. While a Chainlink Price Feed has never needed to switch to a secondary DON, the capability exists and serves as a powerful tool to mitigate black swan events.
5. Robust Blockchain-Agnostic Architecture
Chainlink is a blockchain-agnostic oracle protocol that is natively integrated into over a dozen leading blockchains, sidechains, and layer-2 rollups. By being deployed natively, Chainlink Price Feeds can deliver data directly to blockchains without any cross-dependencies on other blockchains. This enables data to be delivered at the native speed and cost of the supported chain so DeFi applications on higher-throughput chains can benefit from higher-frequency and lower-cost oracle updates. Furthermore, Chainlink Price Feeds on one blockchain will not be affected if another blockchain network experiences downtime or congestion issues.
In comparison, alternative price feed designs that rely on third-party relayers to bridge price oracle reports from a primary blockchain to a secondary blockchain can fail to deliver data if the primary chain experiences reliability issues. These non-native price oracles are also subject to speed, latency, cost, and centralization issues that put DeFi protocols at risk.
For more on Chainlink’s approach to blockchain-agnostic oracle networks, check out Chainlink’s Blockchain Agnostic Design: Native Oracle Support for Any Network.
6. Economy-of-Scale via the Aggregation of User Fees
Chainlink Price Feeds operate on a shared cost model where, over time, feeds are collectively supported by a diverse community of paying users, known as sponsors. This allows multiple sponsors who require the same piece of data on the same blockchain (e.g. AAVE/USD rate on Arbitrum) to aggregate their fees to support the rewards provided to node operators, offsetting their costs for generating oracle reports. This shared cost model results in a powerful economy-of-scale effect, where every new sponsor of a Chainlink Price Feed further increases that feed’s security budget.
An increased security budget can then be used to scale up the feed’s guarantees and performance, such as the addition of more oracle nodes and data sources for greater decentralization, an increase in update frequency for greater data precision, and more. Similar network improvements can be seen in the Chainlink ETH/USD Price Feed on Ethereum, which scaled from an initial set of three nodes to now being supported by 31 independent node operators. Furthermore, the aggregation of user fees means users do not need to pay the full costs of a Price Feed’s operation, but rather only a portion of the total cost.
7. Long-Term Sustainability Supported by Adoption
In addition to providing a high level of security and reliability today, Chainlink Price Feeds are optimized for long-term sustainability. As adoption increases, a greater pool of user fees can be generated to support the on-going operation and expansion of the Price Feeds. Over time, feeds can become entirely supported through user fees alone, as a greater number of sponsors integrate and contribute funding.
This optimization provides both existing and future users with greater assurances that Chainlink Price Feeds will continue to exist and be financially supported long into the future, supporting the continuing growth and adoption of the DeFi economy.
Price Feeds Are Just the Tip of the Iceberg
The intense focus placed on data quality and oracle infrastructure security has propelled Chainlink Price Feeds into becoming the most time-tested and widely used price oracle solution across the DeFi economy. Furthermore, Chainlink Price Feeds have been specifically designed to scale alongside the growth of DeFi, helping the ecosystem grow to become the preferred backend for major global financial markets worth billions to trillions of dollars in value.
Price data is just the tip of the iceberg, with Chainlink already supporting a wide range of Data Feeds with similar security and quality standards, such as Proof of Reserve, weather data, sports results, blockchain metadata, and much more. Beyond the delivery of data, Chainlink is increasingly powering new forms of trust-minimized off-chain computation using DONs, as well as developing a secure cross-chain communication protocol for the Web3 ecosystem.
This combination of external data, off-chain computation, and cross-chain communication makes Chainlink a full-stack solution able to provide any off-chain service required by smart contracts. If you are a DeFi developer and want to integrate Chainlink Price Feeds, check out our documentation, ask a question in Discord, or set up a call with an expert.