Author Topic: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS  (Read 52288 times)

0 Members and 1 Guest are viewing this topic.

Offline bytemaster

For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline testz

BitUSD has to stay!

+1

And I think should be added main crypto world supporters currencies, for today it's BitUSD, BitCNY, BitEUR and BitRUB because all this 4 currencies has a biggest crypto community.

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline Markus

  • Sr. Member
  • ****
  • Posts: 366
    • View Profile
What about this:

Currently, when a position gets called, the entire amount of BitAssets short is bought back via an immediate market order.
We can tinker with both these words to prevent short squeezes. Some suggestions below.

Immediate:
  • Don't create the buy order instantly, but only after a certain amount of blocks time lag. People will know it is coming and can catch it.
  • Spread the amount over several blocks. For example create buy orders for 1% of the amount for the next 100 blocks.
Market:
  • Create a limit order instead of a market order (has been suggested before)
  • Increase this limit from block to block in a predefined way until it is totally cleared.
  • First create a limit order, then turn it into a market order if it doesn't go through after a certain time.

… or any combination of above.

I agree with the others that BitUSD is an extremely important BitAsset to have in the first chain. Bitcoins major snag is its volatility and this is BitShare X's killer application. USD definitely has a much lower volatility than Gold.
« Last Edit: February 23, 2014, 11:42:57 am by Markus »

Offline 天籁

  • Hero Member
  • *****
  • Posts: 744
    • View Profile
Agree with keeping BitBTC,BitUSD and BitGold:

1  Gold,USD and BTC are three generations of the main used currency.
2  Represnt three kinds of price variation[Gold,USD:slow and reverse;BTC:dramatic].
« Last Edit: February 23, 2014, 10:45:22 am by 天籁 »

Offline mint chocolate chip

Can additional BitAssets be added to the chain on the fly?

Offline yidaidaxia

  • Full Member
  • ***
  • Posts: 179
    • View Profile
Appreciated and very glad that you take this very seriously.

I think for 1st issue, D makes more sense than N. Because as you said market depth is the key to thess issues.

For 2nd issue, I agree w/ Markus that more margin could not resolve the issue totally. I still think we may need to set some rules/limitation for issurance price setting.

I agree that consider about the initial market depth is not easy to be deep enough, we need to cut the number of BitAssets from 16. But I think we should still keep BitUSD which is, as a Bitfiat, one of the most important features of Bitshares X system so people do expect it and we could check if the peg function do work or not to compare the BitUSD/XTS price in the system to USD/XTS in the outside market(for example, an exchange) directly. So I will suggest to cut the number from 16 to 3 since BitGold and BitBTC is also critical.
PTS: PmUT7H6e7Hvp9WtKtxphK8AMeRndnow2S8   /   BTC: 1KsJzs8zYppVHBp7CbyvQAYrEAWXEcNvmp   /   BTSX: yidaidaxia (暂用)
新浪微博: yidaidaxia_郝晓曦 QQ:36191175试手补天

Offline bytemaster

There are two factors:  initial margin and maintenance margin and both can be increased by a factor of 10x.  This means that even a slow depletion is much more secure. 

I chose 14 days because it will probably take that long for enough people to download the wallet, get oriented, and start making a decision.  The price will probably be very volatile as people observe the bids and asks.

D% refers to the value of the BTS held in the orders of long and short positions. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline Markus

  • Sr. Member
  • ****
  • Posts: 366
    • View Profile
My thoughts just after reading and without sleeping over it:

Regarding 1)
Question: D% refers to outstanding BitAssets or BTSX?
N=14 days seems far too long to me.

Regarding 2)
Is it that important what the initial margin multiplier is? For a potential short squeeze it is important how many margin positions are on the brink of getting called. So even a 10x margin position might become dangerously depleted after a (slow) 9.9-fold appreciation of BTSX.
What about letting everybody decide themselves what leverage they want? That way some of the whales might put in very conservative, robust short positions.
This still doesn't solve the issue. What we need is some kind of slow-down of the short squeeze to give everybody the opportunity to stop it.

Cutting down to two BitAssets will probably cause an outcry. I'm fairly neutral on that.

Offline bytemaster

Over the past week many people have identified certain attacks that we must guard against in the initial chain.   The theory behind BitShares XT works very well in a large established network, but early on in the life of a network things break down due to low market depth.    A few simple attacks have come to my attention that must be resolved and I will be posting them each in their own thread.  I would like to use this thread to discuss potential attacks and if an attack warrants in depth discussion I will spawn a new thread to discuss it.

I am not going to place a specific bounty price for finding attacks, lets just say that if you bring something to my attention that makes me realize something new that I will tip very generously up to hundreds of PTS.

This thread is motivated by the discovery of two attacks for which I have found solutions which will impact BitShares XTs rules:

Attack 1)  The SIDS Attack   (Sudden Instant Derivative Sack)

In this attack any user who is around when the blockchain is first launched can issue themselves $1 billion BitUSD as a long position with a short position of $1 billion BitUSD backed by 1 BTS.   It doesn't matter what the future consensus is, the short position will be blown out in a massive way and leave billions of BitUSD laying around with no backing. 

The solution to the SIDS Attack is two fold: 

   a) no market trading will be allowed for the first N days to allow enough people time to enter bids and asks that arrive at market consensus.
   b) no market trading will be allowed anytime either side of the order book has a depth below D% of the share supply.

This rule effectively states that for blockchain based trading to occur in an automated way there must be a quorum of shareholders agreeing on the price.  This does not prevent private parties from transferring BitUSD or BTS to other users or arranging manual trades.  It simply prevents any manipulation of the price that could result in margin calls at unrealistic prices.

The values for N and D are subject to debate, but my gut feeling is that N should be 14 days and D should be 5%

Attack 2)  The SlingShot Attack  (Other names welcome)

   In this attack, the attacker will place a large short order close to 2x above the current ask.  Under normal conditions this order would never be filled.   Then the attacker starts buying to push the price up until he triggers a short squeeze.   The short squeeze starts a chain reaction that pushes the price clear up into the attackers short position.  Then the price falls back to where it should and the attacker covers their position with a 50% gain.  Whether this attack is profitable or not depends upon how big of a short squeeze the attacker can trigger and how little is required to kick off the squeeze.   

I have been thinking long and hard about the SlingShot Attack and have concluded that the only solution is to increase margin requirements.  As it exists today, if someone wants to short 1 BitUSD the most they risk is 1 BitUSD.   On a traditional exchange, if you want to short something your potential losses are infinite because if you run out of margin then they can come after your savings, your house, and your future income.    The SlingShot Attack is much harder if the margin requirements make the probability of a short squeeze much lower.   

Lets assume a very conservative amount of margin, 10x.   To perform the SlingShot attack would require pushing the price up 9x and would reduce the attackers gain from a maximum of 50% to a maximum of 5%.    If you then combine this increase in margin requirements with the automatic market freeze anytime the depth fell below the required threshold and you will be unlikely to walk the book enough to trigger a short squeeze without suspending trading.

   What is the impact of requiring a larger margin for short positions?  People will still go short, but the amount of leverage they can apply will be reduced significantly.  BitUSD will still be created and thus will still trade.  Instead of the marketcap of BTS being 2x the value of the trading BitAssets it would now be at least 10x the value of the BitAssets traded.    Thus increasing margin requirements should only limit the ability to go short and have little influence on the price people are willing to go short.  Shorts will feel much more secure knowing that other shorts are less likely to end up in a squeeze which will balance out with the added risk of losing up to 10x the amount you shorted.   

    Based upon these two attacks and the need for significant market depth before the chain can be 'secure' I am starting to conclude that market depth is more important than transaction volume in limiting the number of BitAssets per chain.   For this reason I am thinking that the BitShares XT network should have only 2 BitAssets (Gold and Bitcoin).   We want to focus the trading efforts and market depth on two assets rather than spreading the network thin.   Once we understand the security implications future chains are likely to start with a larger user base, deeper markets, higher initial valuation, and thus able to support more assets securely.

    Please let me know of any other attack ideas you can come up with and what your thoughts are on these rule refinements?



 






« Last Edit: August 06, 2014, 08:20:31 pm by bytemaster »
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.