Chainlink VRF v1 Deprecated for On-Chain Randomness

- The initial version of Chainlink VRF was launched on the Ethereum mainnet on October 22, 2020, with early adopters like PoolTogether using it to randomly select prize winners. - A significant architectural shift from v1 to v2.5 is the introduction of a subscription management model. This allows up to 100 smart contract addresses to pre-fund their randomness requests from a single balance, reducing gas fees by eliminating the need to transfer LINK tokens for each individual request. - For developers in the prediction market and gaming sectors, VRF v2.5's direct funding option simplifies passing on transaction costs to the end-user. This is because the cost is calculated at the time of the request, rather than during the fulfillment callback. - In November 2023, Chainlink awarded a $300,000 bounty to white-hat hackers who discovered a critical vulnerability. A malicious subscription owner could have blocked and rerolled randomness requests until they achieved a desired outcome; Chainlink has since implemented a fix to prevent this. - The deprecation of both v1 and v2 is scheduled for November 29, 2024, by which time all users are expected to have migrated to v2.5. - A key security consideration with any on-chain randomness solution, including all versions of Chainlink VRF, is the risk of blockchain reorganizations ("reorgs"). A miner or validator could theoretically rewrite a chain's history to place a randomness request in a different block, resulting in a different random output. - VRF v2.5 introduces a more predictable pricing model where the premium is a percentage of the gas costs for the VRF callback, rather than a flat LINK fee. This model helps ensure dApps receive timely responses even during periods of high network congestion.