What’s Wrong With the Chainlink 2.0 Whitepaper? (For Simpletons)

Eric Wall
11 min readMay 1, 2021

--

Spoiler for the impatient

In Chainlink 2.0, the “solution” to the problem that trusted oracles can collude and feed incorrect oracle answers into the blockchain is to have another group of even more trusted oracles be responsible for punishing the first group. You can now do something else with the rest of your day.

Ok. I realize that right now I’m probably communicating with a giant army of people (LINK marines) who, for the most part, proudly self-identify as belonging on the far-left end of the IQ bell curve.

Because of that, I’ll need to be extremely pedagogical.

I already realize I lost most of you with the term “pedagogical”, but please stay with me, I’ll explain.

It means I’ll try to explain things in an as thoughtful, intuitive and simple manner as possible. If you feel at times as if I’m speaking to you as if you were a young child, or perhaps a golden retriever, this is exactly my intention.

The Academic Pedigree of Chainlink 2.0 Whitepaper Authors

The reason I need to be “pedagogical” is because the Chainlink 2.0 whitepaper is written by a rather impressive lineup of members of academia.

Ari Juels, in particular, is a Professor at Cornell Tech and was previously the Chief Scientist of RSA.

It is perhaps not surprising then that he is worshipped among LINK marines as some kind of deity of superhuman intellect.

How can I then claim the authority to go against the word of this man? What of my merits could I possibly demonstrate to make anyone trust my word over his?

The answer is I simply cannot. I do not have 40,000 citations. I have 4.

I think.

But!

If I explain the problems of the paper in extremely simple language that even a golden retriever can understand, we might just escape the appeal to authority fallacy and take this argument into an arena of clear reason where anyone can follow along as to what is being said and what is being debunked, no matter where you belong on the IQ bell curve.

If I can achieve that, well, we might just be on our way. So let’s begin.

What this debunking is about

  • This article debunks the long-awaited cryptoeconomic mechanism that everyone has always talked about would secure Chainlink in the future — staking
  • More specifically, it addresses the new, crucial form of staking which previously hasn’t existed in the Chainlink protocol, called explicit staking, unveiled in the Chainlink 2.0 whitepaper
  • It also debunks the ”super-linear (quadratic) security” claims

What this debunking is not about

  • If the LINK token is unnecessary (this topic is exhausted)
  • If the LINK token is overvalued (also exhausted)
  • The centralization of the LINK supply (also exhausted)

Why Chainlink’s “Explicit Staking” is One of the Most Half-Baked Ideas in the History of Cryptoeconomic Design

Let’s start by simply explaining the problem “explicit staking” is meant to solve.

So, one of the key functions of Chainlink is to leverage a mix of nodes to read and forward information about the outside world (“external data”) and feed it into the blockchain.

One such example of outside information is the BTC/USD exchange rate. Below, you’ll see the current mix of nodes that are responsible for fetching this data.

After the data has been fetched from a minimum of (in this case 21) nodes, the Chainlink smart contract system uses a quickselect selection algorithm to find the median value to be used as the “trusted answer”. In golden retriever-speak, it means “the answer in the middle”.

For their servitude, the nodes are paid in a token called LINK by the requesters of this information.

Up until this day, this simple routine has been the core of Chainlink nodes’ business —they provide trusted, aggregated feeds of information which they’re paid for in the LINK utility coin.

As of today, there’s billions of dollars in DeFi applications that rely on these trusted data feeds to secure their smart contracts.

So what’s the problem?

If it isn’t painfully obvious to you yet, trusted data feeds have nothing to do with “cryptoeconomics”.

Let’s define cryptoeconomics: cryptoeconomic security is the concept of making evil actions cost more for the attacker than what the upside is.It is about creating systems that punish evil actors financially for not doing what they’re desired to do, so much that you as a user can rely on them to act faithfully in alignment with a protocol’s mission. In a cryptoeconomic system, you don’t need to trust that people are honest. You just trust that people are economically rational and are doing what’s best for themselves financially.This principle is the core, or atleast it was supposed to be the core, of all that underpins the modern public blockchain invention: the idea that we can build trustless systems and do away with trusted points of failure.

Now, LINK marines as well as the Chainlink team has come up with a cringeworthy term called “implicit staking” which tries to argue basically the following:

“Hey, nodes actually do have something at stake! Their future LINK payments!”

It is easy to see why this argument is “silly” (I will try very hard to not use the term retarded in this piece even though the core of my being wants to intensely) because if we allowed that argument to be valid, then every centralized exchange (i.e. Binance, Bitstamp, Coinbase), traditional bank, even your hairdresser, would be “cryptoeconomically secure”.

Binance earns fees when you trade there. If they would steal everyone’s money, they lose their future revenues on trading fees! Oh no! CrYptOeCoNoMiCaL sEcUrIty.

Your bank makes money on (among other things) loans. If they would run away with everyone’s money, they couldn’t lend out any money anymore! Oh no! CrYptOeCoNoMiCaL sEcUrIty.

Your hairdresser makes money cutting your hair. If he/she would skim your card at the card reader and leave the country on a motorcycle the next day because they wanted to move to Argentina with their girl/boyfriend, they couldn’t make any more money cutting your hair! Oh no! CrYptOeCoNoMiCaL sEcUrItyYyyyyyYYYyYy.

Yet, in the real world, exit scams actually do happen. All the time. Everywhere. Anybody in the world, no matter how long they’ve spent building a reputation, and no matter how much potential revenue they can make by just continuing to do what they’re doing with that reputation, can have an incentive, a change of heart, a desire to do something else and decide to make as much money from their present customer base as possible and chase after new adventures/other, more lucrative/pleasurable opportunities in life.

Especially if their “present customer base” happens to be billions of dollars worth of DeFi applications, and the asset they’d steal is one of the most censorship-resistant and easy-to-smuggle get-away assets on the planet. Lol.

Future LINK revenues are also hard to model with certainty. No one knows what the future holds. The DeFi landscape is rapidly evolving and there is no guarantee that Chainlink cannot be dethroned as a dominant oracle system by a competitor in the future, or suffer some kind of error/scandal that makes people opt for other solutions.

If you don’t understand this, you do not only not understand cryptoeconomics, you also don’t understand anything about how the world works.

For something to be cryptoeconomically secure, you must have a guarantee that the particular entity you rely on loses something of concrete value that they currently already own that is worth more than what they make from defrauding you.

Yet, LINK marines still run around spreading the misinformation that Chainlink is “cryptoeconomically secure” based on this half-assed argument of security that has nothing to do with cryptoeconomics whatsoever.

Enter explicit staking

Now, to be fair, LINK marines probably already know this. If you didn’t, you wouldn’t bring up the mythical, soon-to-be-developed “explicit staking” mechanism that is supposed to save Chainlink from these ails. You would simply say “implicit staking secures the protocol and that’s that”.

From the Chainlink 2.0 whitepaper.

So I assume that we already agree with each other than there is a crucial, cryptoeconomic component that has been missing in Chainlink that everyone agrees needs to developed, and that is exactly why the Chainlink 2.0 whitepaper purports to have unveiled such a mechanism.

I have been waiting for this for nearly 2 years, and the core of my historic Chainlink criticisms has revolved around the lack of such a mechanism. Needless to say, I’ve been waiting with quite some anticipation.

The explicit staking model turned out to be retarded

This is where we get to the explicit staking part. This part of the paper, to put it bluntly, is retarded. This section assumes that Chainlink nodes are staking LINK and the innovation here is that this stake can be stolen from them by second group of trusted LINK oracles at will! (And sent to the node in the first group who alerted them of the error).

The “IQ through the roof/beast mode of intellect” part of this design is that the second oracle group is assumed to be much more reliable… because… (and no kidding, I quote the paper):

Note how they don’t mention that the tier 2 group should have any amounts of LINK at stake — guess why? Because if these nodes collude there is no one to slash them!

How to steal money in Chainlink 2.0 without any cryptoeconomic punishments

  • One node in the first tier colludes with the second tier and incorrectly escalates an answer as faulty, stealing all the stake from the first tier which the colluding group can now split among itself. All this requires is that the second tier collaborates or controls one node in the first tier (which would actually be a rather normal scenario).
  • Think of the first tier and the second tier as a single large group of oracles (because that’s what it actually is) and nobody escalates any error. They simply report incorrect data and rob the DeFi ecosystem of all the funds that relies on Chainlink oracles they possibly can and share the profits among them.

You, a LINK marine: “but as long as there’s one honest node in the first tier, he can simply escalate the error and get quadratic rewar — “ NO. THAT ONLY WORKS IF YOU TRUST THE SECOND TIER TO BE HONEST. THAT’S NOT CRYPTOECONOMIC SECURITY.

The first reason why this paper is extremely frustrating to read is because the paper explicitly states that the design is supposed to be secure under the assumption that nodes are economically rational rather than honest.

In fact if the paper actually analyzed the system’s threat model under the assumption that oracles (all oracles, not just “tier 1”) were economically rational instead of ”honest” (and not just pretending to do so) it’d be clear as day that the economically rational move by the tier 2 is to act maliciously to extract as much capital as possible, because there aren’t even any punishments when they do so, since they have final say and fundamentally can’t be punished!

Yep, you understood it correctly. The way to fix the broken Chainlink oracle security model is apparently to backstop it with a bigger set of Chainlink oracles that function under the exact same broken security model as it has always functioned under.But don’t worry. By the time people catch on to this problem, Chainlink will have released Chainlink v3 where the tier 2 group is backstopped by a tier 3 group with even more trustier oracles! So no problem. Cryptoeconomics, yo.

“Super-linear (quadratic) security”

The paper goes on to pretend that because the node that escalates an erroneous answer in the first tier will receive all the deposits of everyone else in the tier if the answer truly is erroneous, the scheme reaches super-linear (a.k.a “quadratic”) security against a bribing attacker.

“Watchdog” simply means any node among the tier 1 oracle group. They can escalate errors.

This is completely bonkers because it assumes a completely non-cryptoeconomical adjucation layer (the second tier) to resolve disputes in the first tier. As such deviates from the entire security assumption premise of the whole chapter. Sigh.

As I’ve just explained, there isn’t even anything at stake for any oracle as long as you get the tier 2 oracles to participate in the collusion — the tier which has exactly nothing cryptoeconomical at stake by definition.

No, you don’t have to bribe the oracles with the amount of every tier 1 staker in aggregate to make an attack economically rational. Under a cryptoeconomic rational assumption, you can bribe all the oracles of Chainlink with a broken umbrella and a crayon it would still be the economically correct decision for the colluding tier 2 oracles to refuse to acknowledge any tier 1 wrongdoing when they’re called in to a dispute, and then there will be no punishments for anyone in the entire system*.

*Except for any defiant tier 1 node who tries to do the right thing (because he loses all his stake in this case). Lol.

The second reason this paper is extremely infuriating

This part is just incredible. Despite this smoke and mirror 0-security bullshit mechanism (trusted nodes backstopped by trusted nodes) the authors still have the audacity to imply that the the Chainlink staking mechanism provides a higher degree of robustness than Layer 1 PoW/PoS systems.

I just can’t, people.

Chainlink explicit staking, visualized. We solve trust assumptions by adding a second tier of trust assumptions.

I seriously hope that anyone with half a brain that has read this far understands that if a trusted tier of nodes is backstopped by another trusted tier of nodes that don’t even have any stake that can be slashed, the whole model degrades back to a trusted system without any cryptoeconomic assurances.

Final remarks

This was a tough one, I know. Don’t feel sorry if you didn’t see through this BS right away, LINK has mooned so much (thanks to you) they had cash enough to hire half a university of people to confuse you.

If you feel disgruntled and disappointed by this result, don’t despair. This problem can easily be resolved by you buying even more LINK so they can hire another half of a university to confuse you back to normal again.

$link to the moon!

--

--

Responses (32)