Crypto Podcaster Chris Blec has commented on a centralization issue that could jeopardize the whole DeFi economy.
“3 signers could bring down DeFi”, says Blec
According to a Twitter thread published by Chris Blec, host of the Proof of Decentralization Podcast, most Chainlink oracles are only secured by a 3-of-20 multisig wallet provided by Gnosis Safe. This means that only three signatures would be needed to potentially point the oracles in question to a compromised aggregator, leading to faulty price feeds.
Furthermore, he points out that we cannot be sure that the multisig stewards are actually 20 unique individuals. He also notes that Chainlink co-founder Sergey Nazarov, who is likely one of the multisig stewards, has significant ties to the World Economic Forum. Blec concluded:
It appears that you CANNOT use DeFi without putting inherent trust in 1-3 unknown signers with WEF/globalist connections on an undocumented Chainlink multisig which has the ability to manipulate any Chainlink price feed and cause an unprecedented DeFi black swan.
Is DeFi decentralized in name only?
The blockchain oracle problem states that any smart contract can only be as decentralized as the oracles it relies upon. What makes the issue at hand so problematic is that Chainlink is the most widely used oracle solution by DeFi protocols on multiple blockchains. This means that a price feed that is just slightly off could potentially trigger mass liquidations across many DeFi platforms. Blec adds:
Hundreds of DeFi apps are using Chainlink oracles, and *all* DeFi protocols are interlinked regardless. If 3 of these 20 keys are compromised in any way (hack, regulatory attack, etc), DeFi could experience an unprecedented black swan and suffer irreversible destruction.
Roughly three hours before publishing his thread, Blec asked for comments from Chainlink developers. At the time of writing, there has not been an official statement yet, but Community Ambassador ChainLinkGod played down the issue, however without denying Blec’s claims.
Chainlink Labs VP of Eng is Ben Chan, former CTO of BitGo (largest multi-sig custody provider) and co-architect of WBTC (largest wrapped token)
Don't have all the answers, but can say that CLL is highly security oriented, supporting the growth of the network in its early stages
— ChainLinkGod.eth (@ChainLinkGod) May 4, 2022
This year’s record-breaking consensus attack on the Ronin Network exemplifies the dangers of heavy centralization in blockchain networks. Ronin’s L2 network was only secured by nine validators, out of which five were controlled by a single company. The US government later attributed the theft of 624 million USD in crypto assets to the North Korean hacker collective Lazarus Group.
As Twitter user @CryptoBullrog noted, not all DeFi protocols rely strictly on Chainlink oracles. However, due to yield farming platforms, other interdependencies between DeFi projects, and the multi-billion USD locked across DeFi platforms, any tampering with the Chainlink oracles might cause ripple effects that by far outclass the damage caused by the Ronin hack.
I’ll just argue that its not entirely fair to say all of DeFi would collapse.
Last I checked DAI has its own oracles and USDC is redeemable so not a problem.
Everything paired to ETH would also be fine.
That’s a lot of stuff so DeFi would likely come out okay.
— The Bullrog (@CryptoBullrog) May 5, 2022