Developer Responsibilities: Market Integrity and Application Code Risks
Chainlink Data Streams provide access to high-frequency market data backed by decentralized, fault-tolerant, and transparent infrastructure, where offchain data can be pulled onchain and verified by Chainlink's Verify Contract, as needed by your application. The assets priced by Chainlink Data Streams are subject to market conditions beyond the ability of Chainlink node operators to control. As such, developers are responsible for understanding market conditions and other external risks and how they can impact their products and services.
When integrating Chainlink Data Streams, developers must understand that the performance of individual Streams is subject to risks associated with both market integrity and application code.
- Market Integrity Risks are those associated with external market conditions impacting price behavior and data quality in unanticipated ways. Developers are solely responsible for monitoring and mitigating any potential market integrity risks.
- Application Code Risks are those associated with the quality, reliability, and dependencies of the code on which an application operates. Developers are solely responsible for monitoring and mitigating any potential application code risks related to their own products and services.
See the Market Manipulation vs. Oracle Exploits article for information about market integrity risks and how developers can protect their applications.
Developer Responsibilities
Developers are responsible for maintaining the security and user experience of their applications. They must also securely manage all interactions between their applications and third-party services.
In particular, developers implementing Chainlink Data Streams in their code and applications are responsible for their application's market integrity and code risks that may cause unanticipated pricing data behavior. These are described below in more detail:
Market Integrity Risks
Market conditions can impact the pricing behavior of assets in ways beyond the ability of Chainlink node operators to predict or control.
Market integrity risk factors can include, but are not limited to, market manipulation such as Spoofing, Ramping, Bear Raids, Cross-Market Manipulation, Washtrading, and Frontrunning. Developers are solely responsible for accounting for such risk factors when integrating Chainlink Data Streams into their applications. Developers should understand the market risks around the assets they intend their application to support before integrating associated Chainlink Data Streams and inform their end users about applicable market risks.
Developers should be aware that some assets, particularly those with low liquidity, may experience significant price volatility due to factors such as wider price spreads among exchanges. In such conditions, large trades can significantly move an asset's price, causing unexpected price oscillations.
Traditional Market Assets
Among other assets, Data Streams supports foreign exchange (FX) spot markets for major currencies against USD, gold and silver spot against USD, and WTI oil spot contracts. In traditional finance, these markets are some of the most liquid instruments and are traded across most financial centers including London, New York, Tokyo, and Singapore. Unlike Crypto markets, most traditional markets do not trade 24/7 and therefore liquidity and spreads can vary during the day and trading week. For assets traded within traditional markets, Chainlink Data Streams provides developers with an indication of the market's status (either open or closed), such as via a market status flag in price reports, which can be used by applications as applicable.
The market status provided on Streams serves as an indication of the open and close hours for traditional market assets based on historical practice; it is provided for referential purposes only. Developers are responsible for independently assessing the risks associated with trading at these times, particularly at opening and closing price levels. Developers are solely responsible for determining the actual status of markets for any data feeds they utilize. Protocol developers are advised to proceed with caution and make trading decisions at their own risk.
Under the shared responsibility model, it is essential that developers understand the methodology, trading behavior and risks for the traditional market asset classes and instruments they are supporting and offering to their end users. Data Streams developers are solely responsible for defining and implementing their own risk procedures and systems, including being aware of market open and closing times, and bank holidays, when integrating associated Chainlink Data Streams.
DEX-based Assets
Data Streams also provides pricing data related to assets that trade, primarily, on decentralized exchanges (DEXs). Under the Shared Responsibility model, it is essential that developers understand the methodology and risks associated with such DEX-based assets. The risks include, but are not limited to:
- Data may be sourced by reading the state of onchain contracts and estimating the price at which trades in a certain asset pool could be executed. The accuracy of prices may be hindered by such factors as:
- Slippage: The movement of prices between (i) the time of observation, and (ii) the time of execution, caused by other transactions changing the state of the respective smart contract.
- Price Impact: The movement of price caused by the volume of trades being settled on a respective pool.
- Certain assets may not trade actively—if data is based on traded prices, it may not reflect the current state of the respective pool, and/or the current realizable price.
- There is a certain level of latency between (i) the observability of price data on DEXs, and (ii) the price data being reflected in our price feeds. This can increase the risk of frontrunning.
Application Code Risks
Developers implementing Chainlink Data Streams are solely responsible for instituting risk mitigations, including, but not limited to, data quality checks, circuit breakers, and appropriate contingency logic for their use case. Some general guidelines include:
- Code quality and reliability: Developers must execute code using Chainlink Data Streams only if their code meets the quality and reliability requirements for their use case and application.
- Code and application audits: Developers are responsible for auditing their code and applications before deploying to production. Developers must determine the quality of any audits and ensure that they meet the requirements for their application.
- Code dependencies and imports: Developers are responsible for ensuring the quality, reliability, and security of any dependencies or imported packages that they use with Chainlink Data Streams, and review and audit these dependencies and packages.
- Contingency Logic: In extreme circumstances, including situations outside the control of Chainlink node operators, Chainlink Data Streams may experience periods of unavailability or performance degradation. Developers are responsible for implementing contingency plans for such circumstances specific to their application, such as the use of the active-active SDK for Data Streams, a secondary fallback oracle, and/or circuit breakers to stall trading.
Additional Considerations on Data Usage and Verification
-
Combined Data Sources: Mixing data from Data Streams with other pricing sources introduces additional complexity and risk. It may result in unforeseen results, potentially impacting application performance or reliability. Developers are solely responsible for any such outcomes, and it is imperative that thorough risk assessments and comprehensive testing protocols are implemented.
-
Bypassing Data Verification: Verifying against the Chainlink Verifier Contract is essential for ensuring data integrity. Bypassing or improperly implementing it increases the risk of data manipulation and should be avoided.
Developers are responsible for understanding and managing all additional risk factors. Implementing proper risk assessment and mitigation strategies is crucial to maintaining the integrity and reliability of applications that rely on external data sources.