Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS  (Read 11688 times)

0 Members and 1 Guest are viewing this topic.

Offline bytemaster


Over the past week many people have identified certain attacks that we must guard against in the initial chain.   The theory behind BitShares XT works very well in a large established network, but early on in the life of a network things break down due to low market depth.    A few simple attacks have come to my attention that must be resolved and I will be posting them each in their own thread.  I would like to use this thread to discuss potential attacks and if an attack warrants in depth discussion I will spawn a new thread to discuss it.

I am not going to place a specific bounty price for finding attacks, lets just say that if you bring something to my attention that makes me realize something new that I will tip very generously up to hundreds of PTS.

This thread is motivated by the discovery of two attacks for which I have found solutions which will impact BitShares XTs rules:

Attack 1)  The SIDS Attack   (Sudden Instant Derivative Sack)

In this attack any user who is around when the blockchain is first launched can issue themselves $1 billion BitUSD as a long position with a short position of $1 billion BitUSD backed by 1 BTS.   It doesn't matter what the future consensus is, the short position will be blown out in a massive way and leave billions of BitUSD laying around with no backing. 

The solution to the SIDS Attack is two fold: 

   a) no market trading will be allowed for the first N days to allow enough people time to enter bids and asks that arrive at market consensus.
   b) no market trading will be allowed anytime either side of the order book has a depth below D% of the share supply.

This rule effectively states that for blockchain based trading to occur in an automated way there must be a quorum of shareholders agreeing on the price.  This does not prevent private parties from transferring BitUSD or BTS to other users or arranging manual trades.  It simply prevents any manipulation of the price that could result in margin calls at unrealistic prices.

The values for N and D are subject to debate, but my gut feeling is that N should be 14 days and D should be 5%

Attack 2)  The SlingShot Attack  (Other names welcome)

   In this attack, the attacker will place a large short order close to 2x above the current ask.  Under normal conditions this order would never be filled.   Then the attacker starts buying to push the price up until he triggers a short squeeze.   The short squeeze starts a chain reaction that pushes the price clear up into the attackers short position.  Then the price falls back to where it should and the attacker covers their position with a 50% gain.  Whether this attack is profitable or not depends upon how big of a short squeeze the attacker can trigger and how little is required to kick off the squeeze.   

I have been thinking long and hard about the SlingShot Attack and have concluded that the only solution is to increase margin requirements.  As it exists today, if someone wants to short 1 BitUSD the most they risk is 1 BitUSD.   On a traditional exchange, if you want to short something your potential losses are infinite because if you run out of margin then they can come after your savings, your house, and your future income.    The SlingShot Attack is much harder if the margin requirements make the probability of a short squeeze much lower.   

Lets assume a very conservative amount of margin, 10x.   To perform the SlingShot attack would require pushing the price up 9x and would reduce the attackers gain from a maximum of 50% to a maximum of 5%.    If you then combine this increase in margin requirements with the automatic market freeze anytime the depth fell below the required threshold and you will be unlikely to walk the book enough to trigger a short squeeze without suspending trading.

   What is the impact of requiring a larger margin for short positions?  People will still go short, but the amount of leverage they can apply will be reduced significantly.  BitUSD will still be created and thus will still trade.  Instead of the marketcap of BTS being 2x the value of the trading BitAssets it would now be at least 10x the value of the BitAssets traded.    Thus increasing margin requirements should only limit the ability to go short and have little influence on the price people are willing to go short.  Shorts will feel much more secure knowing that other shorts are less likely to end up in a squeeze which will balance out with the added risk of losing up to 10x the amount you shorted.   

    Based upon these two attacks and the need for significant market depth before the chain can be 'secure' I am starting to conclude that market depth is more important than transaction volume in limiting the number of BitAssets per chain.   For this reason I am thinking that the BitShares XT network should have only 2 BitAssets (Gold and Bitcoin).   We want to focus the trading efforts and market depth on two assets rather than spreading the network thin.   Once we understand the security implications future chains are likely to start with a larger user base, deeper markets, higher initial valuation, and thus able to support more assets securely.

    Please let me know of any other attack ideas you can come up with and what your thoughts are on these rule refinements?



 






« Last Edit: August 06, 2014, 08:20:31 PM by bytemaster »
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline Markus

  • Sr. Member
  • ****
  • Posts: 366
    • View Profile
Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #1 on: February 23, 2014, 08:22:30 AM »
My thoughts just after reading and without sleeping over it:

Regarding 1)
Question: D% refers to outstanding BitAssets or BTSX?
N=14 days seems far too long to me.

Regarding 2)
Is it that important what the initial margin multiplier is? For a potential short squeeze it is important how many margin positions are on the brink of getting called. So even a 10x margin position might become dangerously depleted after a (slow) 9.9-fold appreciation of BTSX.
What about letting everybody decide themselves what leverage they want? That way some of the whales might put in very conservative, robust short positions.
This still doesn't solve the issue. What we need is some kind of slow-down of the short squeeze to give everybody the opportunity to stop it.

Cutting down to two BitAssets will probably cause an outcry. I'm fairly neutral on that.

Offline bytemaster

Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #2 on: February 23, 2014, 08:32:16 AM »
There are two factors:  initial margin and maintenance margin and both can be increased by a factor of 10x.  This means that even a slow depletion is much more secure. 

I chose 14 days because it will probably take that long for enough people to download the wallet, get oriented, and start making a decision.  The price will probably be very volatile as people observe the bids and asks.

D% refers to the value of the BTS held in the orders of long and short positions. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline yidaidaxia

  • Full Member
  • ***
  • Posts: 179
    • View Profile
Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #3 on: February 23, 2014, 09:48:33 AM »
Appreciated and very glad that you take this very seriously.

I think for 1st issue, D makes more sense than N. Because as you said market depth is the key to thess issues.

For 2nd issue, I agree w/ Markus that more margin could not resolve the issue totally. I still think we may need to set some rules/limitation for issurance price setting.

I agree that consider about the initial market depth is not easy to be deep enough, we need to cut the number of BitAssets from 16. But I think we should still keep BitUSD which is, as a Bitfiat, one of the most important features of Bitshares X system so people do expect it and we could check if the peg function do work or not to compare the BitUSD/XTS price in the system to USD/XTS in the outside market(for example, an exchange) directly. So I will suggest to cut the number from 16 to 3 since BitGold and BitBTC is also critical.
PTS: PmUT7H6e7Hvp9WtKtxphK8AMeRndnow2S8   /   BTC: 1KsJzs8zYppVHBp7CbyvQAYrEAWXEcNvmp   /   BTSX: yidaidaxia (暂用)
新浪微博: yidaidaxia_郝晓曦 QQ:36191175试手补天

Offline mint chocolate chip

Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #4 on: February 23, 2014, 10:23:00 AM »
Can additional BitAssets be added to the chain on the fly?

Offline 天籁

  • Hero Member
  • *****
  • Posts: 544
    • View Profile
Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #5 on: February 23, 2014, 10:43:19 AM »
Agree with keeping BitBTC,BitUSD and BitGold:

1  Gold,USD and BTC are three generations of the main used currency.
2  Represnt three kinds of price variation[Gold,USD:slow and reverse;BTC:dramatic].
« Last Edit: February 23, 2014, 10:45:22 AM by 天籁 »
BTS account: disneyland
PLAY account: playone

Offline Markus

  • Sr. Member
  • ****
  • Posts: 366
    • View Profile
Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #6 on: February 23, 2014, 11:33:07 AM »
What about this:

Currently, when a position gets called, the entire amount of BitAssets short is bought back via an immediate market order.
We can tinker with both these words to prevent short squeezes. Some suggestions below.

Immediate:
  • Don't create the buy order instantly, but only after a certain amount of blocks time lag. People will know it is coming and can catch it.
  • Spread the amount over several blocks. For example create buy orders for 1% of the amount for the next 100 blocks.
Market:
  • Create a limit order instead of a market order (has been suggested before)
  • Increase this limit from block to block in a predefined way until it is totally cleared.
  • First create a limit order, then turn it into a market order if it doesn't go through after a certain time.

… or any combination of above.

I agree with the others that BitUSD is an extremely important BitAsset to have in the first chain. Bitcoins major snag is its volatility and this is BitShare X's killer application. USD definitely has a much lower volatility than Gold.
« Last Edit: February 23, 2014, 11:42:57 AM by Markus »

Offline toast

Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #7 on: February 23, 2014, 03:59:10 PM »
BitUSD has to stay!
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline testz

Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #8 on: February 23, 2014, 05:27:34 PM »
BitUSD has to stay!

+1

And I think should be added main crypto world supporters currencies, for today it's BitUSD, BitCNY, BitEUR and BitRUB because all this 4 currencies has a biggest crypto community.

Offline bytemaster

Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #9 on: February 23, 2014, 05:30:58 PM »
Ok.  Bitusd stays. 


Sent from my iPhone using Tapatalk
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline bytemaster

Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #10 on: February 23, 2014, 05:31:49 PM »
There can be many chains in the future and experiment with more assets this is a test network and by no means the last network


Sent from my iPhone using Tapatalk
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline biophil

  • Hero Member
  • *****
  • Posts: 774
  • Incentives run the world
    • View Profile
  • BTS: zebulon
Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #11 on: February 23, 2014, 07:28:33 PM »
I strongly support limiting the number of assets in the first chain to BitUSD, BitGLD, and BitBTC. Since it's a "test" chain, and we're testing things like "does this idea even work," it makes sense to limit the things that can go wrong - and more assets should lead to a higher chance of chaotic instability.

For the SIDS attack, N=14 makes sense (the exact number probably doesn't matter), but I'm leery about a hard-coded value for D: the problem is that we don't really know how many XTS holders will be participating in the market. D needs to be high enough to prevent attacks, but if it's too high, the market will never function.

It seems like the main issue in market manipulation attacks is simply that someone can come to the market, hit it with a big hammer (i.e., by buying large volumes to incite a short squeeze), and profit from the ensuing chaos. We don't need to (and can't really) make hammers illegal; we just need to soften the hammer blow.

A simple way to implement this in the market could be to limit the total volume of orders that can execute per block by a percentage of the total market depth.

For example, if the percentage is 10%: if there are only 1,000 XTS of orders outstanding in the market, and at a given moment 200 XTS worth of orders are overlapping (I mean they could result in valid trades), only execute 100 XTS of those orders. Then next block, (assuming for simplicity that there are no new orders placed), there will be 900 XTS of orders, and 90 of the remaining 100 overlapping orders will execute, and then on the 3rd block finally they will all execute.

The effect of this is that when the market is new and shallow, it should have similar stability characteristics to a bigger and deeper market, and it will gradually and gently allow the market to grow into its full size. When the market is big (100,000 XTS of orders outstanding), normal order volumes can execute without ever hitting the limit.

My guess is that 10% is way too high; something more like 1% could work.

Offline bytemaster

Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #12 on: February 23, 2014, 07:48:56 PM »
Limiting trading to a fixed % of the market depth would probably achieve the goals for the SlingShot attack and requiring 5% of the shares to participate before the first trade would prevent SIDS.   

Obviously we do not want to 'price fix' the minimal market depth. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1633
    • View Profile
Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #13 on: February 23, 2014, 07:51:51 PM »
Hi,

To be completely honest I haven't understand completely Bitshares X, BitUSD etc...I believe in all I3 projects and in everything you guys are trying to do so I thought I could give below an example from my experience that might be able to solve some market manupulation issues and properly cover margin calls...You can if you wish so apply the below in what you are trying to do.

I will describe  LCH (London Clearing House). LCH is a clearing house that traders use as counterpary (in our case Bitshares X) in order to trade various derivatives. What LCH does as clearing house is to get all the orders and match them. Settlement is done on a daily basis and LCH requires an initial margin (collateral) for all the short trades in order to cover potential volatility risks and counterparties defaults. I believe that the concept of initial margin should be applied in Bitshares X. Depending on the future expiry date,the type of contract, the type of market, market volatility etc. a multiplier factor is applied on amount of contract.

Below is their website for further reading. Have a look if you wish under risk management sections
http://www.lchclearnet.com/risk_management/
http://www.lchclearnet.com/freight/ffas/

As an example let's make the below assumptions.

1 contact = 1 BTC
DAY 1 BTC = $1,000
No expiry date
I am selling 1 contract

How settlement is done:
 
Day 1:

Opening balance: $0
Future value: $0
Initial Margin: -$200
Closed Balance: -$200 (margin call). I have to pay the initial margin

Day 2: (Lets assume 1 BTC = $1,100)

Opening Balance: $200 (I paid the initial margin)
Future value: -$100 (since I am short @ $1,000 and the price is $1,100)
Initial margin: -$200
Closed balance: -$100 (margin call)

Day 3 (Lets's assume 1 BTC = 600)

Opening balance: $300
Future value: $400
Initial margin: -$200
Closed balance: $500

If I decide to close my position I should get back $500 + $200 ( initial margin collateral) = $700. Since I have paid in total $300 in margin calls I made a profit of $400 ($1,000 original contract - $600 contract at expiry)

With this way Bitshares X will be secure from market manupulations (since they can apply high initial margin requirements per short contract. The amount to be charged should not change every day but rather you need to find a model that applies margin requirements for at least a month. When trading "options contracts"  this model gets much more complicated. LCH in order to calculate the initial margin requirements runs 16 different scenarios on the parameters associated with the open contracts of each trader. LCH calculates margin requirements using an application called London Span. You can download it from their website and play around the different markets. (If you do try it, when entering an option contract with strike $10,000 you should enter $100,000) for the collateral calculation to be correct.

Bitshares X must become LCH for cryptocurrencies. At least this is how I understand it, correct me if I am wrong. Before the financial crisis companies used to trade OTC between them. Now they all trade using clearing houses. Bitshares X must apply a fair initial margin requirement depending on the product and market. The calculation should be clear to understand how it is calculated from anyone and should be kept by Bitsares X as collateral if someone defaults. Bitshares X should be our counterpary exposure. At least this is how I have understood and imagined the future of Bitshares X.

I hope I helped. Most probably not as you already know these things but I thought to share just in case...

If you want to know more how LCH calculates collateral requirements and I can help more, please let me know.

If I helped and want to tip I would be greatfull. Unfortunately I have a very small stake in PTS - AGS and I am trying to increase my shareholding.

My PTS address:Pc1Xpa12JgbFPAZS9qLdHMkEsnqzXWpdbQ
Kehotee Key: 6gxDKJFw7MsCuHeQwArCQhfD6MnkHW9D7hfrUUeuFHos6oHSiL

P.S. I hope that my Kehotee is valid (I see it still as unregistered yellow although I have submitted the form on the site long time ago). It would be also nice if someone started a communication with Kehottee with me as I feel I have purchased a software that I am not using...  :(


















   

Offline biophil

  • Hero Member
  • *****
  • Posts: 774
  • Incentives run the world
    • View Profile
  • BTS: zebulon
Re: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS
« Reply #14 on: February 23, 2014, 07:57:54 PM »
Limiting trading to a fixed % of the market depth would probably achieve the goals for the SlingShot attack and requiring 5% of the shares to participate before the first trade would prevent SIDS.   

Obviously we do not want to 'price fix' the minimal market depth.

For the 5% SIDS solution, are you thinking that once there is 5% participation, the 5% requirement goes away? So, the 5% limit only affects the first trade, and if market participation dips below 5% again in the future, trading continues as usual?

 

Google+