Additionally, to reduce operational costs, a Sybil attacker can adopt a behavior called mirroring, in which it causes oracles to send individual responses based on data obtained from a single data-source query. In other words, misbehaving oracles may share data o-chain but pretend to source data independently. Mirroring benets an adversary whether or not it chooses to send false data. It poses a much less serious security threat than data falsication, but does slightly degrade security in that it eliminates the error correction resulting from diversied queries against a given source Src. For example, if emits erroneous data due to, say, a sporadically triggered bug, multiple queriers may still obtain a correct majority result. Sybil attacks resulting in false data, mirroring, and collusion in general may be eliminated by the use of trusted hardware in our long-term strategy (see Section 6).

Certication Service design. The ChainLink Certication Service would seek to provide general integrity and availability assurance, detecting and helping prevent mirroring and colluding oracle quorums in the short-to-medium term. The Certication Service would issue endorsements of high-quality oracle providers. We emphasize again, as noted above, that the service will only rate providers for the benet of users. It is not meant to dictate oracle node participation or non-participation in the system. The Certication Service supports endorsements based on several features of orIt would monitor the Validation System statistics

19 on oracles and perform post-hoc spot-checking of on-chain answersparticularly for high-value transactionscomparing them with answers obtained directly from reputable data sources. With sucient demand for an oracle providers data, we expect there to be enough economic incentive to justify o-chain audits of oracle providers, conrming compliance with relevant security standards, such as relevant controls in the Cloud Security Alliance (CSA) Cloud Controls Matrix , as well as providing useful security information that they conduct proper audits of oracles source and bytecode for their smart contracts.

In addition to the reputation metrics, automated on-chain and automated ochain systems for fraud detection, the Certication Service is planned as a means to identify Sybil attacks and other malfeasance that automated on-chain systems cannot. For example, if all nodes agree that the moon is made of green cheese, they can cause USER-SC to ingest this false fact. MOON COMPONENTS = {GREEN CHEESE} will be recorded on the blockchain, however, and visible in a post-hoc review.