It seems that the decentralized finance (DeFi) ecosystem can’t catch a break, seeing glitches after glitches after glitches.
This trend continued on Friday when Chainlink, a prominent DeFi project centered on Ethereum that is attempting to connect blockchain applications to off-chain data and payments, suffered an error with one of its price feeds, allowing users to make tens of thousands of dollars worth of profits they wouldn’t have otherwise received should the glitch not have taken place.
Chainlink Suffers “Pricing Anomaly,” Ethereum Users Make Away With Thousands
One of the main issues with blockchain applications right now is that they cannot natively use online data as inputs.
Enter Chainlink, a project attempting to enable smart contracts — predicated on allowing the execution of “tamper-proof digital agreements, which are considered highly secure and highly reliable” — to involve “inputs and outputs” that are equally as secure. It does this by acting as a bridge, hence “link” in “Chainlink.”
Unfortunately, the bridge is not yet perfect.
On Friday, a Twitter user going by “JuanSnow,” who seemingly primarily comments on DeFi and Chainlink, posted the below tweet.
In it, he showed that an error had occurred with Chainlink’s silver-to-USD (XAG/USD) price feed. For a short period of time, around seven or so hours, the feed registered a silver ounce price of ~$1,600, dozens of times higher than the actual market rate of $18.
The XAG/USD Chainlink price feed was incorrect for over 6 hours yesterday. Someone made $6.8k in profit due to this error. https://t.co/yP9Kr6iEr2
— JuanSnow (@JonSnowisLink) February 21, 2020
Per JuanSnow’s analysis, users managed to make around $37,000 worth of profit during this period, seemingly leveraging the price discrepancy to buy and sell digital representation of silver on Synthetix, which presumably uses the silver price feed from Chainlink.
Fortunately, the issue eventually reverted and Chainlink wrote a short blog post on what exactly happened.
The team first asserted that while seemingly a large error, it wasn’t large-scale:
We acted quickly and the price pair was updated to broadcast the correct information. This pricing anomaly caused a few minutes of downtime for the single affected user on this price pair and affected less than forty thousand dollars.
The post then explained that what happened was there was a human error, which saw node operators servicing the XAG/USD oracles incorrectly requesting a price of gold rather than silver, creating a discrepancy:
The XAG-USD contract was updated by a highly redundant architecture of 7 different data aggregation providers which were being queried by 9 independent node operator teams. The human error occurred while seeking to improve the XAG/USD network… [they] incorrectly request[ed] a gold price (XAU) instead of the silver price (XAG).
Chainlink asserted that this was not an issue with the oracle technology itself, then added that they will address this issue by “accelerating an increase in multi-signature signers for the release of new features and updating of oracle networks.”
Ethereum DeFi’s Latest Issue
As alluded to earlier, this is the latest controversy in the DeFi ecosystem based on Ethereum.
Last week, Ethereum decentralized finance protocol bZx suffered two “attacks.” The two attacks weren’t exactly the same, but the gist of both of them are as follows:
- A user took out a “flash loan” of a large sum of ETH from bZx. A flash loan is where a user borrows and returns the loaned capital in the same transaction.
- The ETH was used to purchase another Ethereum-based asset.
- The user deployed manipulation to change how other protocols see the price of said Ethereum-based asset, allowing for profits to be made due to oracles registering the false market prices.
The attacks saw members of the DeFi ecosystem lose $300,000 and around $650,000, respectively, for a total of nearly $1 million.
Some prominent industry commentators, including Litecoin’s Charlie Lee, have accentuated how situations like this prove how DeFi is not ready for mainstream adoption yet.