NEW

CCIP is now live for all developers. See what's new.

Developer Responsibilities: Market Integrity and Application Code Risks

Chainlink Data Streams provide access to high-frequency market data backed by decentralized, fault-tolerant, and transparent infrastructure, where offchain data can be pulled onchain and verified by Chainlink's Verify Contract, as needed by your application. The assets priced by Chainlink Data Streams are subject to market conditions beyond the ability of Chainlink node operators to control. As such, developers are responsible for understanding market conditions and other external risks and how they can impact their products and services.

When integrating Chainlink Data Streams, developers must understand that the performance of individual Streams is subject to risks associated with both market integrity and application code.

  • Market Integrity Risks are those associated with external market conditions impacting price behavior and data quality in unanticipated ways. Developers are solely responsible for monitoring and mitigating any potential market integrity risks.
  • Application Code Risks are those associated with the quality, reliability, and dependencies of the code on which an application operates. Developers are solely responsible for monitoring and mitigating any potential application code risks related to their own products and services.

See the Market Manipulation vs. Oracle Exploits article for information about market integrity risks and how developers can protect their applications.

Developer Responsibilities

Developers are responsible for maintaining the security and user experience of their applications. They must also securely manage all interactions between their applications and third-party services.

In particular, developers implementing Chainlink Data Streams in their code and applications are responsible for their application's market integrity and code risks that may cause unanticipated pricing data behavior. These are described below in more detail:

Market Integrity Risks

Market conditions can impact the pricing behavior of assets in ways beyond the ability of Chainlink node operators to predict or control.

Market integrity risk factors can include, but are not limited to, market manipulation such as Spoofing, Ramping, Bear Raids, Cross-Market Manipulation, Washtrading, and Frontrunning. Developers are solely responsible for accounting for such risk factors when integrating Chainlink Data Streams into their applications. Developers should understand the market risks around the assets they intend their application to support before integrating associated Chainlink Data Streams and inform their end users about applicable market risks.

Traditional Market Assets

Among other assets, Data Streams supports foreign exchange (FX) spot markets for major currencies against USD, gold and silver spot against USD, and WTI oil spot contracts. In traditional finance, these markets are some of the most liquid instruments and are traded across most financial centers including London, New York, Tokyo, and Singapore. Unlike Crypto markets, most traditional markets do not trade 24/7 and therefore liquidity and spreads can vary during the day and trading week. For assets traded within traditional markets, Chainlink Data Streams provides developers with an indication of the market's status (either open or closed), such as via a market status flag in price reports, which can be used by applications as applicable.

The market status provided on Streams serves as an indication of the open and close hours for traditional market assets based on historical practice; it is provided for referential purposes only. Developers are responsible for independently assessing the risks associated with trading at these times, particularly at opening and closing price levels. Developers are solely responsible for determining the actual status of markets for any data feeds they utilize. Protocol developers are advised to proceed with caution and make trading decisions at their own risk.

Under the shared responsibility model, it is essential that developers understand the methodology, trading behavior and risks for the traditional market asset classes and instruments they are supporting and offering to their end users. Data Streams developers are solely responsible for defining and implementing their own risk procedures and systems, including being aware of market open and closing times, and bank holidays, when integrating associated Chainlink Data Streams.

DEX-based Assets

Data Streams also provides pricing data related to assets that trade, primarily, on decentralized exchanges (DEXs). Under the Shared Responsibility model, it is essential that developers understand the methodology and risks associated with such DEX-based assets. The risks include, but are not limited to:

  • Data may be sourced by reading the state of onchain contracts and estimating the price at which trades in a certain asset pool could be executed. The accuracy of prices may be hindered by such factors as:
    • Slippage: The movement of prices between (i) the time of observation, and (ii) the time of execution, caused by other transactions changing the state of the respective smart contract.
    • Price Impact: The movement of price caused by the volume of trades being settled on a respective pool.
  • Certain assets may not trade actively—if data is based on traded prices, it may not reflect the current state of the respective pool, and/or the current realizable price.
  • There is a certain level of latency between (i) the observability of price data on DEXs, and (ii) the price data being reflected in our price feeds. This can increase the risk of frontrunning.

Application Code Risks

Developers implementing Chainlink Data Streams are solely responsible for instituting risk mitigations, including, but not limited to, data quality checks, circuit breakers, and appropriate contingency logic for their use case. Some general guidelines include:

  • Code quality and reliability: Developers must execute code using Chainlink Data Streams only if their code meets the quality and reliability requirements for their use case and application.
  • Code and application audits: Developers are responsible for auditing their code and applications before deploying to production. Developers must determine the quality of any audits and ensure that they meet the requirements for their application.
  • Code dependencies and imports: Developers are responsible for ensuring the quality, reliability, and security of any dependencies or imported packages that they use with Chainlink Data Streams, and review and audit these dependencies and packages.
  • Contingency Logic: In extreme circumstances, including situations outside the control of Chainlink node operators, Chainlink Data Streams may experience periods of unavailability or performance degradation. Developers are responsible for implementing contingency plans for such circumstances specific to their application, such as the use of the active-active SDK for Data Streams, a secondary fallback oracle, and/or circuit breakers to stall trading.

What's next

Stay updated on the latest Chainlink news