“ChainLinkGod,” the Chainlink Community Ambassador, has fired some damaging accusations at MakerDAO, claiming that the MakerDAO oracles seem to be selling exclusive rights to post their price data on-chain to insider groups.
According to ChainLinkGod, the insider group can then make millions as they will be the only entity that can liquidate positions on the protocols using MakerDAO’s oracles.
The Entire Accusation
According to ChainLinkGod, the oracles sell the rights to liquidations to flashbot or bloXroute bots, or they use the power they have to capture liquidation fees for themselves. MakerDAO oracles only sign the price data off-chain, and a relayer is needed to post it on-chain.
ChainLinkGod believes that MakerDAO’s oracles are effectively extracting MEV from protocols through permissioned liquidations.
MakerDAO put out a strongly worded rebuttal of all accusations leveled by ChainLinkGod. MakerDAO completely denied participating in or benefiting from liquidations in the Maker Protocol or any other existing Protocol.
Calling the accusations slanderous, MakerDAO said it reflected poorly on Chainlink’s community as ChainLinkGod had dug up an old issue that had already been in the public domain, which has since been remediated. MakerDAO also stated that the update to fix the issue permanently is in the final stages of the rollout.
A Little Bit Of Context
The Oracle Domain Team discovered a hidden state-size dependency within Scuttlebutt, a gossip network utilized by MakerDAO oracles. The issue was widely discussed on the governance and Risk call several times and flagged and documented in the MakerDAO forum.
Malicious actors could have potentially used the dependency to spam the network and overwhelm it, which is why two different solutions were proposed and formulated.
The Short Term Solution
Two solutions were formulated; in the short term solution, the team patched Scuttlebutt and increased the state size to a higher threshold, rendering any spam attacks ineffective. However, this change was nested quite deep in the dependency tree, making it unclear if it would have any adverse effects.
Because Oracles are critical pieces of infrastructure when it comes to DeFi, and needed to be handled with a high degree of caution, which is why the team decided to test the solutions before deploying them. Testing the Scuttlebot state size patch was successfully completed and rolled out on the 13th of April, 2021.
The Long Term Solution
The long-term solution was to integrate libp2p as a parallel gossip network. A parallel network would ensure 100% uptime in the event that either Scuttlebutt or libp2p faced an attack or a bug. The development of the libp2p integration has successfully been completed and rolled out in an earlier upgrade.
However, it must be noted that the configuration option to activate libp2p has not been triggered as there are still some stability checks pending.
A Fundamental Flaw
MakerDAO pointed out that it was successfully able to fix the issue. However, the Chainlink architecture has a flaw that makes this situation unavoidable. It was also pointed out that Chainlink also lacks separation between Feeds and Relayers, something that Maker Oracles have had since the beginning.
Clarification And Apology
After MakerDAO’s response, ChainLinkGod issued a clarification and apology while also admitting that he was unaware that the Scuttlebutt network being permissioned was a temporary fix for a previous issue until the Libp2p integration was completed.
ChainLinkGod also clarified that it was clear after understanding the complete context that Maker Oracles were not selling any exclusive rights to signed price data and that the transactions were just a result of circumstances.
Credit: Source link