I've recently read through the Chainlink whitepaper, and I'm curious to hear what others think about a potential sybil attack I've been thinking about. This type of attack is briefly discussed in the paper as a mirroring sybil attack, where a malicious actor runs multiple oracle nodes that mirror the data of just one of the nodes. This means only one of the nodes has to do any real work, or pay for any real services, while the other nodes can freeload and get paid. I posted a similar thread in r/LINKTrader, but thought I'd throw it out to a winder audience here, and this is also more thought out. Here's an example of what I'm talking about.
Consider that someone is running a chainlink oracle service that gives information about stock prices. They've purchased a feed of the data, which their oracle queries to return to the requesting user smart contract. The requesting contract is having Chainlink Core aggregate the responses from n oracles, and our hypothetical node operator prices his oracle just below the minimum ask price (in LINK) so that he will be matched with the bid from the user contract.
Now, suppose our oracle operator wants to increase his profits. He could increase his LINK ask price to the maximum that would still allow his node to be selected, but this would likely only net a slight increase in LINK fees. Alternatively, the operator could get clever and fire up an additional n - 1 oracle nodes (where n is the number of nodes requested by the user), and have these nodes simply mirror the data on the existing node he is running. These additional nodes would be very cheap to run, as they can just be virtual servers and do not have high computational needs. So the operator's costs have increased slightly, but his costs per node are now significantly lower than the other oracle operators, because he is able to distribute the cost of the data feed across several nodes that are sharing it.
LINK Fatal Security Flaw
Other urls found in this thread:
So now, the oracle operator simply sets the ask price for all of his nodes a couple percent below the market value, and he's effectively corned the market, as only his nodes will be selected. Other honest operators will not be able to compete on price unless they offer oracle services at a net loss. At this point, the user contract is still getting legitimate data, because the mirroring oracles are providing good data, but the data is no longer coming from decentralized sources. The oracle has effectively been re-centralized by a single individual exploiting mirroring and under cutting the market to force out the competition.
The potential solutions to this problem in the whitepaper do not seem adequate. One is that there will be a certification authority for certifying oracles, which already reeks of centralization. Also, these mirroring oracles would be difficult to flag as abusing the system, as they are still returning legitimate data, so they'd have a chance of being certified. The other solution is better, but it's not very relevant on current infrastructure, and that is using trusted hardware, so it can be verified what code the oracle actually ran, which would allow detection of mirroring oracles. Preventing against sybil attacks seems like a very fundamental issue for Chainlink to solve, so I'm a bit worried that it didn't get more attention and thought in the whitepaper.
...
Important contracts will all go to institutional nodes. The link trading on exchanges is basically uselesss. People always fud with "they'll make their own network." that's exactly what they're doing. It's called chainlink.
Start watching at 2:40
So then it's not decentralized? Sounds like a scam
tl;dr
link $100 EOY
Is Sybil related to Jason Parser? Do they work for the same shadowy organization?
Sybil is his jealous ex-gf who went live with Chad O'Fourke. She gave chad the whitepapers to shadowlink and he came up with Shadowfork Cash
Bump
Shadowfork Cash is a bullshit pump and dump shitcoin. It being over $1 defeats the purpose.
kek
delet
just buy one of the many other Oracle problem solvers
Aeternity, Corda, Oracle Chain, Zen Protocol, Mobius and even Microsoft is developing their own Oracle
Great, you almost made me market sell all my bags, but then I read
>trusted hardware
and remembered that Intel SGX will be in the hardware on each node, which should accurately report he hardware configuration of each node in a way which cannot be spoofed, and, therefore, should be able to detect/intercept/prevent such mirror attacks.
...but, goddamn, op, you really are onto something here. Keep up the good work.
>mfw apparent kindred spirit of a similar mind
I bought them all
Maybe try reading the white paper again you fucking retard.
Reputation factor of the nodes. If reputation is a combination of LINK tokens staked, as well as how many successful queries the node has returned, then for one actor to operate more than one node he would have to split his LINK among them, lowering each nodes eligibility to answer queries. Additionally I assume it takes time to answer lots of queries and build a reputation, thus making it impractical to get into the game later on.
Also trusted hardware, but I'm not too clear on how far along it is, or how it works.
Please correct me if I'm wrong on anything fellow stinkies.
Doesn't intel SGX running town crier fix this?
> Preventing against sybil attacks seems like a very fundamental issue for Chainlink to solve, so I'm a bit worried that it didn't get more attention and thought in the whitepaper.
It doesn't get a lot of room in the whitepapers that's true, but Sergey has talked about it in some of his talks if you look around.
Yes
Op's obvious fud is obvious.
You're forgetting that this person would have to split up his LINK across the nodes. So he can either have one highly trusted node with a lot of rep or a bunch of untrusted, low rep nodes.
Net total effect is the same because of the LINK staking/rep system
This post's fatal flaw: you wrote too much.
>tfw too dumb to understand the chainlink whitepaper or this supposed security flaw
Should I just bite the bullet and buy some LINK? I mean you seem smart, you seem loyal.
...