LINK Question

Can anyone explain why this isn’t a problem? Is Chainlink just kicking the single point failure of a smart contract down the road?

Attached: 34DEFA5C-AAD7-4B58-B36B-B9B59ABD8062.jpg (1242x1427, 446K)

They're will obviously be a demand for multiple api sources dummy

If these needs to be humans involved, then blockchain isnt needed.

Then its better to let those humans run servers on www.

truly trustless smart contracts are impossible. If you have a solution for this problem you'd be rich

No it's not kicking the can down the road. Even if it's only grabbing data from one API source, it's still decentralized because it doesn't rely on one point of failure. For example, Oraclize has had service downtime that prohibited contracts activity. With Chainlink, that shouldn't happen.

Yes, this is the exact point philosopher, life coach, and former PUA Richard Heart made on the subject.

Do you realise the layers of security for APIs?

Now imagine that Chainlink is setting the industry standard for the nodes accessing that data.

think of chainlink as mailman and insurance, not the author of the mail. If the mail gets lost or the mail was delivered wrongly, it's the fault of the mailman and he will bear the consequence, not the author.

High demand datafeeds will also have multiple sources, it's only the niche types of data that will be more centralised

So let us see what you are proposing here: someone wants to tamper with data the decentralized oracle network fetches for the smart contract.

Since the oracles are decentralized, and the end-to-end participants of the contract are secure: the sabotager has only one choice to tamper the data: to take down the API/input of the data providers.

Now how does our sabotager know which sites he has to disable/tamper with? How does he even know how many oracles the contract has employed? He would have in the (best or worst) scenario attack hundreds of sites, at the same time, considering those sites unavailable (if he succeeds to take them down) would fail to provide the data and would not be included in the contract

This is like saying Smart Contracts fail because you make a smart contract with a painting company which automates the whole process, but when you return, instead of having a nice blue paint on your house, the painter fucked up and painted it green.

In your world you actually think that "smart contracts" have the intelligence of their own, this is what you are proposing you dumb shit

I don’t, not a dev. Is it possible for the api author to enter into a smart contract and alter the input/api feed to game the smart contract? I know it’s situational but I’d imagine some companies will want to engage in smart contracts triggered by their own apis

No, my question is more based on the data input author manipulating the data source to game a smart contract they are engaged in with another party. I guess Chainlink works as long as both parties are neutral to the data source. But doesn’t this exclude companies from using smart contracts with their own apis entirely? Who would trust the company? Is Chainlink not meant for this purpose?

>all the oracles are gathering from the same input

Attached: 1543306300466.jpg (500x500, 54K)

>How does he even know how many oracles the contract has employed?
Because that information is a part of user's smart contract that is on the blockchain and by definition visible to the public. Did you even read L*INK's whitepaper? I have.

>philosopher
>Richard Heart

Attached: 1543341711680.jpg (250x238, 7K)

So how would this attack be orchestrated in real-time

Let us say that a smart contract is made between 2 participants who both use Chainlink oracle network to predict the outcome of the game

Both have employed 50 oracles to fetch this data, in ideal scenario they would use 100 different sports betting sites/sport sites for the result

You now consider weakness that someone who wants to alter the true outcome/result of the game would literally have to attack all the (biggest) sport sites of the world?

There are three inherent problems with oracles and they're all acknowledged in the whitepaper: confidentiality, integrity and availability. Yes, they come out as CIA. First, confidentiality. Data entered on the blockchain is visible to the public, so anyone monitoring L*NK smart contracts can know personal and confidential info of the two people. In this case, it's that two guys made a bet, which seems harmless until the IRS or FBI get involved. Second, integrity. Oracles can refuse to process a user request for any reason, wasting everyone's time. And no, "muh free market" won't help because power centralizes in all areas of life and most of the oracles will eventually be owned by a dozen people tops, and they'll all know one another. Finally, availability. An attacker with extra funds can spam useless smart contracts to make the oracle network unusable. If you think that's impossible, just take a look at two manchildren who are squabbling over BCash wasting millions of dollars and tanking BTC.
So, the oracle network can be data mined, it can be owned by people who will censor requests or fulfill them selectively and finally a well-funded attacker can DDoS it. I was meaning to do a full writeup of all the weaknesses but no idea if anyone is interested in reading it.

The point of chainlink is to ensure that the oracle is never the problem. The data provider can still provide bad data, but if you have some large number of nodes agree on the data they received from the provider, then you can be certain that the issue is with the data provider and act accordingly.
Think of chainlink like a redundant mail service. 10 mailmen are used to collect and deliver redundant copies of a very important letter that the recipient fears could potentially be tampered with en route. Upon delivery of the letters, the recipient can verify if the information delivered is consistent between letters and is therefore reliable (or not). This sounds retarded and over redundant until you understand that some of these letters could be responsible for the transfer of billions of dollars of value.

Fuck, so underrated. Normally it’s many brainlets on biz these days.

Write it up, would love to hear some legitimate criticism of chainlink.

I'll do it with illustrations because the architecture is intricate. I plan on moving today but I'm a regular here so you'll know when I do it.

Please do user.

I guess anything is possible but that would be a problem with the API and not Chainlink. Chainlink's objective is to make oracle service as secure and as reliable as possible.

you give me idea

chainlink is a use case can be for ddos

just a send a 1 million request to a da site

then you a ddos with a chainlink

$0.1 EOY

Attached: justlink.jpg (600x885, 58K)

The oracle network concept is ripe for disruption.

You would still have to pay each node for each request. If you've got that kind of money to burn, I guess that would work.

Some people really are that rich and petty. Look at Peter Thiel and how he sued Gawker because they outed him as homo.

Then the attacker's on chain transactions can be tracked forever. It's stupid. There are easier and cheaper ways to DDoS a service.

Something big going on in Brussels

>Is Chainlink just kicking the single point failure of a smart contract down the road?
Someone didn't read the whitepaper

The attacker can also control a sizable portion of oracle nodes, apply to every user request, fail to fulfill it and pay the penalty or just take an inordinate amount of time to process it. The entire oracle network concept is needlessly complex and riddled with vulnerabilities.

wait what? So all the contracts made by everyone on the public blockchain are visible to everyone? Competitors, IRS, FBI, their friends, their moms etc?

Yes. Oracle nodes also have access to read all contract data in plaintext, otherwise how can they fulfill the data request? This instantly disqualifies big companies - imagine your health provider having to put your confidential health data on the blockchain to use the oracle network. Thinking that this will entice companies to jump to use L*INK is deluded at best and idiotic at worst.

Is referring to using nodes for DDoSing another service. It appears you're now talking about denying service to a smart contract. Either you don't understand the difference, and therefore have no idea what you're talking about, or you're trying to shift the conversation to another attack scenario because you now see the fault in this one.

>philosopher, life coach, and former PUA Richard Heart
Come on now, Richard, that's just going too far

All those cases ultimately have the same conclusion - frustrated users and unusable Cha*nlink network. Whether users spam fake contracts or oracle nodes fail to fulfill their duty or the endpoint websites get DDoSed by oracles and throttle access to their data, the result is the exact same.

Okay, you have no idea what you're talking about.
>users spam fake contracts
Yes please. That's paying for the network.
>oracle nodes fail to fulfill their duty
At a loss of reputation and penalty deposit.
>endpoint websites get DDoSed by oracles
Fairly sure you don't understand the bandwidth required to DDoS an API. Even if you created a request every block, you still wouldn't bring anything down.

blockchain oracles ddos apis, hahahahahhahahahahha
fucking how much of a brainlet are you