{"id":541,"date":"2023-08-07T17:46:29","date_gmt":"2023-08-07T15:46:29","guid":{"rendered":"https:\/\/ackeeblockchain.com\/blog\/?p=541"},"modified":"2025-02-19T14:11:41","modified_gmt":"2025-02-19T12:11:41","slug":"chainlink-data-feeds","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/chainlink-data-feeds\/","title":{"rendered":"Chainlink Data Feeds, Security Researcher’s Perspective"},"content":{"rendered":"

This article provides a holistic view of the Chainlink Data Feeds, <\/strong>focusing\u00a0on security<\/strong>. The article targets mainly EVM<\/strong> and Solidity <\/strong>and has<\/span>\u00a0three main parts<\/strong>:<\/span><\/p>\n

    \n
  1. Architecture of the feeds and off-chain aggregation protocol<\/span><\/li>\n
  2. Trust model<\/span><\/li>\n
  3. Common data-feed-related issues<\/span><\/li>\n<\/ol>\n

    Firstly, we introduce the problems Chainlink solves<\/strong> and how<\/strong> they solve them: the core idea of the off-chain aggregation protocol is explained, and the core contracts are described. Then we discuss the trust model of the feeds<\/strong>. This will help you evaluate how risky it is for you to integrate the feeds into your protocol. Lastly, and most importantly, we discuss the data-feed-related issues: <\/strong>we provide explanations, code examples, and recommendations on how to avoid the issues.<\/span><\/p>\n

    Architecture & Off-chain aggregation<\/span><\/h2>\n

    Motivation<\/span><\/h3>\n

    During the execution of a smart contract, we can’t call external APIs as we need deterministic execution for all the nodes. As such, it is problematic to access off-chain data from smart contracts. Thus, we need EOAs to post the data to the chain.<\/span><\/p>\n

    We need three things for posting off-chain data to the chain:<\/span><\/p>\n

      \n
    1. independence and quality of the off-chain data feeds<\/span><\/li>\n
    2. decentralization of the entities that post the data to the chain<\/span><\/li>\n
    3. freshness of the data<\/span><\/li>\n<\/ol>\n

      Chainlink tries to achieve this via its off-chain aggregation protocol (OCR).<\/span><\/p>\n

      Off-chain reporting protocol<\/span><\/h3>\n

      OCR is a protocol built around a decentralized oracle network<\/strong>, which is a network of (hopefully) independent<\/strong> nodes. The nodes monitor multiple off-chain feeds<\/strong> to get information about current prices. As part of OCR, a leader is selected. The leader aggregates reports<\/strong> from other participants and then sends a transaction to the chain.<\/span><\/p>\n

      If the leader misbehaves<\/strong>, he gets slashed<\/strong>. The report is sent to the Chainlink contracts. There the report is read, signatures are verified, and the median of the prices is taken:<\/span><\/p>\n

      int192 median = r.observations[r.observations.length\/2];\nrequire(minAnswer <= median && median <= maxAnswer, "median is out of min-max range");\nr.hotVars.latestAggregatorRoundId++;\ns_transmissions[r.hotVars.latestAggregatorRoundId] =\nTransmission(median, uint64(block.timestamp));<\/code><\/pre>\n
      Architecture of the Data Feed contracts<\/span><\/h3>\n
      Each feed (e.g., BTC\/ETH, ETH\/USD,..) has two main corresponding contracts – a proxy<\/strong> and an aggregator<\/strong>. If you copy a data feed address from the Chainlink dashboard<\/a>, you get the address of the Proxy. The Proxy then points to the implementation – the aggregator.<\/span><\/p>\n
      Here is a diagram from the docs<\/a>:<\/span><\/p>\n
      \"\"<\/p>\n
       <\/p>\n
      The Proxy allows for the protocol to be upgradeable<\/strong>. The aggregator then handles all the reporting logic.<\/span><\/p>\n
      Proxy<\/span><\/h4>\n
      For the consumer contracts, the Proxy exposes the AggregatorV3Interface. This allows the consumers to retrieve the prices<\/strong> and additional metadata<\/strong>.<\/span><\/p>\n
      It also allows for upgrading the aggregator contract<\/strong> (the access controls are mentioned in the Trust model). During each upgrade, a phaseId variable is incremented. Using the phases, we can query even historical aggregators and, thus, historical data.<\/span><\/p>\n
      Aggregator<\/span><\/h4>\n
      The AccessControlledOffchainAggregator<\/a><\/span>\u00a0is the contract that handles the price updates. The prices are updated in two scenarios:<\/span><\/p>\n