 If you had a system of smart contracts in Oracle's in 2005 and 2007, it's very possible the 2008 financial crisis wouldn't have happened anywhere near to the degree that it did happen. This is Sergei Nazarov. He's the co-founder at Chainlink, a technology that connects blockchains with off-chain data by using Oracle's. Oracle's makes sure that value contained in smart contracts corresponds to the same value in the real world. Thus, they ensure trust in the emerging decentralized finance ecosystem. That we can actually prove that there's a certain amount of money in a bank account backing a stablecoin? The implementation of Oracle's is still far from being perfect. A few weeks ago, a series of hacks exploited a vulnerability in this technology, resulting in the theft of around $40 million. Have blockchain Oracle's become defi's weak points? And what is Chainlink's solution to the Oracle problem? To find out, join our latest Cointelegraph interview with Sergei Nazarov and Cointelegraph's tech editor Andrei Shevchenko. What do you think of the latest hacks? Just for context, there were like five hacks in the past month, taking a combined like $40 million that were all executed flashlights. So what do you think projects could have done better in that case? So I think there's two fundamentally faulty assumptions around the security of people's price discovery and price data mechanisms that need to be seriously revisited. The first assumption is that you can source price data into a defi protocol from a single exchange, from a single price discovery mechanism, whether that's an on-chain dex, pool, or a centralized exchange. It doesn't matter. The fundamental problem here is that 80 to 90% of those attacks that you're describing, they're using flash loans to manipulate a decentralized exchange or pool or some mechanism that creates on-chain price discovery. So the first foundational issue is, if you have a crypto asset in your defi protocol and that crypto asset is traded on 50 exchanges, you want a system that provides you an accurate global price across those 50 exchanges. You don't want to just take one exchange and hope for the best because if that one exchange becomes thinly traded or if somebody gets a flash loan, which essentially makes that exchange easier to manipulate in the case of an on-chain dex, then you're in a position where somebody controls the outcomes in your defi protocol. The reason that this initial set of attacks occurred and kind of has been continuing to occur is because they're extremely easy to implement. You don't need to hack anything. You don't need to even be particularly technical to achieve these attacks. All you need to do is take out a flash loan, which makes you well capitalized as an adversary and to apply that flash loans value towards manipulating the price of a dex, of a decentralized on-chain dex or pool or whatever we want to call the price discovery mechanism. And that's why on top of the idea that you never want to use a single exchange to define the price within your defi protocol, you definitely don't want that single thing to be that single price discovery mechanism to be an on-chain decentralized exchange or something like that. Because that is more than doubling your risk. Conversely, in our case with Chainlink, we source data from hundreds of exchanges. So Chainlink from the beginning was made to provide market coverage so that whatever asset we put on, we are sourcing data from many different data providers, connecting us to hundreds of exchanges, and therefore wherever volume shifts, Chainlink can properly represent the accurate global price. Yeah, absolutely. I guess some flash loan attacks are more like market manipulation rather than actual hacks. So this definitely is a complex problem in that sense. But to kind of go on a more general note here, I want to get your opinions on what do you think defi is going into right now. So obviously with the summer of yield farming, let's say, we saw a lot of new projects and a lot of them were maybe questionable, but a lot of them were also good, so overall the sector had a lot of evolution during that summer. And do you think that the ecosystem is actually going in the right direction right now in terms of utility, in terms of just being useful to the world in a sense? Yeah, I think it's extreme. I'm very impressed by a lot of the teams we work with at Synthetix and Ave and Urine and a number of other places. I think there's two kind of fascinating dynamics unfolding literally before our eyes that some people appreciate and aren't clear to other people. So the first one is composability and the ability to implement essentially a service-oriented architecture on Chain, where a piece of the Ave protocol can be used by Synthetix or a piece of Synthetix can be used by Urine or a piece of Urine can be used by Ave. So instead of building their own separate pieces that are of lower quality for their own private use, you're starting to see a kind of templating of how certain operations in the block chain-based finance landscape happen. And I think what that's going to evolve into is to some kind of standards, like the ERC-20 standard created a standard for tokens. You're going to have ways that people say, you know, that's how I do that for a financial product within a block chain. And there's more and more focus on making a single good kind of on-chain service in the form of a contract that other contracts can use. The second great thing I think is the generation of yield. So the ability for people to get yield trustlessly, especially in an environment where inflation is rising and yield in the traditional financial markets is falling, is creating a very, very sharp contrast. You simply can't ignore that you can get 0.5 or 0.1% yield on an asset in the traditional financial world. Whereas in crypto, you can get between 1% to 8% on the same fiat currency in the form of a stablecoin or if it's Bitcoin or whatever it is. And so if that big gap in yield continues to perpetuate itself just through normal market conditions in the global financial system and the DeFi landscape continues to have better and better collateral, better and better kind of composable building blocks, better and better oracles that feed in more and more high quality data for the creation of more and more markets. While the global financial system continues to generate no yield and the pressure of inflation drives people to seek mechanisms to maintain the value that they have in whatever format they can get it into, then the crypto format as a way to maintain value I think is going to be an extremely powerful force if it continues to develop the way it's developing. And in our case, our goal is to provide really reliable oracles, price oracles, so that the type of issues we just discussed don't happen. And the overall reliability and usability of DeFi is maintained through the provision of accurate price data as well as oracles for various other types of data. Yeah, it's actually a very interesting and to your point about yield, I guess I have kind of a follow-up question here, which is, so the promise of DeFi in a sense is to be, for example, decentralized bank, right? So to have real world users, for example, if I want to buy a car on loan, I can do that through DeFi eventually, right? So in terms of yield, to connect that a little bit, so what do you think will be the sources of yield in the future? And do you see maybe DeFi kind of needing to expand beyond the crypto-to-crypto interactions and just into the real world? And can Chainlink maybe facilitate that? Yeah, yeah, I think that's definitely going to happen and I think you already see one type of diversification. And funnily enough, it is a kind of crypto asset, but it's a little bit different. On the one hand, I think you have all these kind of cryptocurrencies and crypto assets and all those things. On the other hand, I think you see NFTs. So NFTs, interestingly enough, are generating their own category of assets that are not necessarily based on the value of crypto. They're based on the scarcity and the value of a digital good in a game or even just as a piece of art or some kind of rare scarce digital good generated on a blockchain. In the case of NFTs, what would we provide to more and more folks now is something called Chainlink VRF. Chainlink VRF generates on-chain verifiable randomness. So randomness is very important for the generation of NFTs because you want to know that the system that made NFTs didn't generate a bad NFT for you but a good NFT for someone else. People want to know that the NFTs are generated fairly so that their scarcity and their ungameability is maintained as an underpinning of their value. I think the next group after NFTs and gaming-based collateral is insurance. So we are doing a large amount of work with people in the insurance industry right now. We already have a few systems that are using or working on using Chainlink in different ways for providing weather insurance to farmers and actually a few of those folks are doing that now in different parts of the world. And what I think will happen and what I think is very logical is that the insurance cash flows that are essentially proven on chain at this point and all the information about the insurance relationship is on chain. Those cash flows can be turned into their own kind of asset, into their own collateral, into their own some kind of securitized or derivative workers or something like that. And now you'll have cryptocurrencies, stablecoins, you'll have gaming and you'll have insurance cash flows. In terms of the stablecoins actually and actually the transfer of tokens from other chains into environments that can use them, we also have something called proof of reserve where thus far we've been using it to prove the accuracy of the WBTC system and that there's actually Bitcoin, backingrap Bitcoin. But I think what you've recently seen is us expanding it into stablecoins so that we can actually prove that there's a certain amount of money in a bank account backing a stablecoin. And that's not an annual audit that's like an automated audit every 10 minutes, every hour, every day, proving that the assets backing the stablecoin are in a bank account. The kind of final stage will be this very advanced stage where we're able to prove things about real world assets and improving things about real world assets like the value of real estate or the value of some other off chain asset. In being able to prove the ongoing current value of those assets will be able to show a lot of reliability to the kind of DeFi ecosystem for that asset. What it'll evolve into is us proving various things about many different off chain assets that are not yet on chain and that proof will enable them to come on chain. Yeah, absolutely. So I think definitely something that people look forward to with oracles. I guess I have a small question here. It's probably a very complex topic, but how automated can these things become? Like for example, checking the bank account of stablecoin, like how can you be for example sure that the bank account is not lying to the oracles somehow? So it's different categories of risk management, right? You basically have to think about what are your current risks and what are the risks that you'll eliminate? There will always be new risks or some version of risk that you acquire in the use of oracles to verify things about assets. If you're looking at a stablecoin and you're thinking, well, how do I know the stablecoin has assets in its bank account? And one answer could be, hey, they're going to use Ernst and Young. They're going to use some accounting firm that is going to audit them once a year. Okay, that's one level of risk that you as a stablecoin holder, as a stablecoin user, as a DeFi protocol using stablecoins within your DeFi protocol to the tune of billions of dollars that you can become comfortable with that risk and you can decide that's a risk I'm comfortable with. It's not great because at the end of the day you have situations like Wirecard that you basically find even large globally traded public companies can somehow find a way to get around these types of controls and these types of audits. So I think what the oracle networks in this case will do is they will provide a very different automated auditing function. And so now your risks are not, do I wait one year for people to manually check this asset? But do I have an oracle network that I can rely on? Hopefully in the case of Chainlink, you can say, yes, I have an oracle network that can verifiably and reliably check things for me. Independent of, you know, blockchain's operation and independent of the data source it's checking. But I actually think there is a kind of middle of the road option where you don't force the bank or the centralized lender or whoever to go completely on chain. You build decentralized verification systems around them and you basically force a large amount of transparency. And there's no reason why an oracle network can't go and assess the value of real estate, assess the solvency of an enterprise, assess the state of bank accounts or gold accounts or whatever other account to prove that the on chain asset that represents those things is in sync with reality. And in fact, the fascinating thing is that if you had a system of smart contracts and oracles in 2005 and six and seven, it's very possible that 2008 financial crisis wouldn't have happened anywhere near to the degree that it did happen. Because you might have had a system that was able to check the credit worthiness of various holders of mortgages and the value of various houses and combine all those things into smart contracts on a kind of loan hold. Loan holder by loan holder basis. And I think that transparency would have really softened the boom and bust cycle of the 2008 global financial crisis. Absolutely, that's a very interesting point. Although I guess institutions will need to agree to do that. But in any case, I had a personal curiosity actually like this is going to be the last question. So I recently discovered that on chain, like you can actually send the arbitrary HTTP requests, you know, like just get something from an API that you set yourself. And I'm curious, why don't I hear that before? Why don't I see projects building on top of that? So, and my first thought is maybe that, for example, in Ethereum, the gas fees are too high to do this consistently. But maybe there's something else going on here. Yeah, so that feature is a feature that some people utilize in some of their applications. I think what this all comes down to is the foundational fundamental value of smart contracts. And the question that smart contracts provided answer to is how can I achieve hyper automation for billions of dollars, eliminating people and various people based systems as checks. So once you achieve a certain level of security and combine that with a certain degree of usability, you see an explosion in what people do in our industry. You see them, you see everybody making tokens or you see everybody doing private key voting and calling it a Dow. Because that functionality has now reached the point where if you build it, it won't be just a POC that you won't put real value or usage or funds behind. It'll be something that you can put millions or billions of dollars into, right? And so, yes, you can go use a single HTTP request. Some people do that for the initial things they built. But the foundational value of Chainlink and of smart contracts is very much the same in that it provides hyper reliability. Smart contracts provide hyper reliability for smart contract state and for the ability to define the relationship between parties and between various outcomes in a state machine that is proven to execute the way it was written under all conditions. And in the case of Chainlink, if you look at the reference data networks and the price feeds that people use and even some of the weather feeds that are starting to use and look at, you see decentralization. You see a multitude of different oracle notes. And what that's a really big part of what Chainlink does is it allows people to compose different oracles run by different people, different institutions, different entities into an oracle network. That creates one level of reliability and then it also provides access to a multitude of different data sources. What you really want and any system that doesn't give you this has serious flaws is an extreme level of decentralization at the oracle mechanism level and whatever level of decentralization that's realistic to achieve at the data source level. And in achieving those two things, you approach this extreme reliability for externally connected smart contracts, such as the ones in DeFi, such as the ones in decentralized insurance. You could go and generate an HTTP request to a single source exchange from a Chainlink node that you run. You could do that and you could use that to build a system and that could work. But it's not clear to me that once you have millions or tens of millions or hundreds of millions of dollars in that system, you wouldn't need to then use the Chainlink network to combine another oracle network around multiple data sources. And then what our system is actually architected to do is to scale with the value secured. So if the value secured by Chainlink goes past five billion to six billion, seven billion, past whatever amount, the Chainlink oracle networks increase in size. And as they increase in size, they can also decide to increase the amount of data sources. And these are the things that are really the bigger future questions of once we achieve tens of billions of dollars secured, how do we properly scale the security of oracle mechanisms and the security of data sources. And that's part of what you're seeing also as we started with flash loan attacks is that the value secured has massively outstripped the security of the oracle mechanism in that case. And that mismatch has led adversaries to exploit the DeFi protocols with enough value, but weak enough oracle mechanisms for price data. And so that's the continual problem that we need to solve as the value in DeFi continues to increase. Yeah, absolutely makes sense. I guess the gist of it is that if you use that, you would need to basically recreate Chainlink's security model, right? Exactly. An extreme pleasure to talk with you and I hope that YouTube would like this interview. And as always, subscribe to the channel and see you next time. Yep, great sharing with you. Thank you very much.