Dry Run 10: Viva la Vida Delegada

[toast]

@sfinder  I understand the translation via google translate. I will make sure BM looks at it.

[toast]

This dry run is over, thanks all.

We will switch our attention to getting a release without BitAssets out ASAP. Then we will go back to getting BitAssets figured out.

[sfinder]

Hackfisher， please kindly help to translate following solution to BM for how to avoid attacking 

现在的问题是抵押发行资产时，价格可以随意定，我可以抵押1XTS，发行1亿bitUSD，在精心设计的攻击下，可以让这个挂单成交获取很多bitUSD.
以下是我的修改
1. 首先对每个block，我们可以获取这个block内所有交易中，bitUSD 卖单的最高成交价。可以认为如果按这个价格抵押XTS发行USD，能把USD发行数量限制在安全值内。
2. 为进一步保证安全，可以扫描每个块的bitUSD最高成交价，按最近360个价格取最高值。对初始状态，没有360个块，可以设定一个安全的初始值，比如0.2USD/XTS。到此可以强制规定一个安全的资产发行价。
3. 现在举实例，假设按以上逻辑算出来的发行价为 0.2 USD/XTS
  1) 我要拿出20 XTS，按0.18 USD/XTS价格发行，这个价格小于 0.2，所以强制按 0.2USD/XTS发行，加上双倍抵押，只能创造 20 *(0.2/2) = 2 USD。这2个USD直接就创造出来，属于我了。同时按 0.18USD/XTS 挂 USD 卖单。
  2) 如果我设定按 0.22 USD/XTS 发行，这个价格本身就大于 0.2，是安全的，就直接按这个 0.22 的价格创造 USD，并挂USD卖单。
 
 
 
  这样做连市场深度检查都不需要的
为更加保险，可以把360个块再取大一点，比如按1天24小时算，是24*60*6 个块。
如果想发动攻击，发行大量bitUSD，除非能控制一天之内所有的 USD 卖单价格都严重偏低，这是不可能的。
 
 
  在正式启动之后
第一个block就可以创造出 bitUSD，第一天之内的所有发行价应该都是<=0.2USD/XTS 。
第二天开始，发行价由前一天成交的 bitUSD 买卖单市场价决定。如果XTS开始升值，发行价自然会提高。XTS价值越高，1个XTS能发行的USD越多，但上限总是被市场趋势控制的，无法被个人左右。

still can attack with these rules, if I have about 1% XTS.

1. use about 10^7 XTS  or more, control the price to 500USD/XTS, get about 5*10^9 USD
2. usd about 10^7 XTS or more + maybe 10^5 USD, control the price to 0.0005USD/XTS,get all the backup XTS.

It is just a matter of scale.  Attacking the network in such a manner would destroy the network and make your 1% worthless.  We can set that value as high as 5% or more.  The assumption is anyone with that much steak we not want to harm the network.  No one else would participate in the network and instead could go to a new bit asset.  You and then be trading against yourself and not profit at all. 


Sent from my iPhone using Tapatalk

Arrrg.  I'm not a tester, but I don't think I like this reasoning at all. Assuming that no individual person or group would spend money to harm the network is a bad assumption, especially at the early stages when the total NAV is still low.  There could be great incentives to try and destroy the network.    Please tell me I don't know crap and I'm wrong because that's what I want to hear right now. 

+ 1

Lets look at this very closely because it is very easy to confuse yourself when it comes to thinking about markets (happens to me a lot and I have a good grasp on it).   I write this to "think out loud" so I may have something wrong.

Before any trading can occur there must be at least X% (say 1%) of the XTS sitting in unmatched shorts & asks.  Lets also assume that this 1% does not belong to the attacker because the attacker would have no victims if it all belonged to him. 

Primary goal of the attack:
1) Create a large amount of BitUSD with very little XTS backing it which will be unresolvable and break the peg until someone eats the loss.
2) To be successful the attacker must be on both sides of the trade (collecting a large USD balance, and an equal short position).
3) To achieve this the attacker must eliminate all other asks on the book that are not their own.

To execute the attack:
1) You must sell 1 XTS for 10000 USD (a very high ask if it were real USD)
2) This means you must place bids to match every ask at 1, 10, 100, 1000 USD per XTS
3) To places these bids means you must short USD at lower and lower prices
4) As you short USD at lower and lower prices you are creating more and more USD backed by less and less XTS.
5) At the end of the day you have a lot of people who long USD while you are short USD at a very low value.
*** Critical Point:  Does the rest of the market run out of money before you do ********
6) Eventually you run out of money and can no longer fight off the hoards of people selling XTS for USD
7) The value of USD starts rising absent your manipulation until your short position is blown.
Those who were buying USD while you were shorting knew at the time of purchase that USD wasn't pegged to the dollar and they bought knowing their max return would be 2x on their XTS.   So these buyers of USD gladly sell their USD at a 2x profit even if it is below the dollar peg.
9) The market will continue to correct until all of the attackers USD has been covered and his collateral lost.
10) The peg is restored and all is well.

Some things to note:
1) During the attack many legitimate shorts will start covering to lock in their profits and thus make it more difficult to maintain the attack
2) During the attack many savvy users will start buying USD at the huge discount.  If BitUSD is currently 10% of real USD then you buy it because you know it has collateral worth 20% of real USD backing it.  Sure you don't get to realize a 10x gain when it returns to market peg, but you still get a free 2x gain on the return to market peg.  For this reason, BitUSD is a solid buy any time it is below parity and profit can be made by selling BitUSD for XTS even below market peg if you bought it at an even lower point.

What this means is that only the attacker's short positions get blown out, and everyone else still profits.   In this case I consider an attacker anyone who shorts BitUSD when BitUSD is already below USD value. 

So the attacker has to clear the order book of all orders but their own, create a large short against their own ASK so they end up being LONG and SHORT a significant amount of USD.       To execute this attack requires:

1) Enough XTS to buy out all existing asks while having enough XTS to keep the market open, so lets call that 2% of XTS
2) The ability to execute your attack faster than the rest of the market participants can enter to take your money.
       - shorts entering to cover at a profit
       - asks entering to buy USD cheap

I think that the 2% attack threshold is only viable if the rest of the network is idle, in practice I suspect that the market depth could be 10% and would grow as the attacker attempted to push down USD. 

Lastly I would like to submit one last fail-safe feature:  Delegates
  To execute any attack requires delegates to include your transactions in the first place and for regular users to propagate your transactions.  For this reason an attacker would have to connect directly to a delegate that will include their transaction because it is unlikely to propagate among regular users.   If there are good delegates then the market can function with little opportunity to attack.

[bitcoinerS]

Getting a Segmentation fault on quit.

Code: [Select]



default (unlocked) >>> quit
[Thread 0x7fffeeffd700 (LWP 8931) exited]
[Thread 0x7fffcbde4700 (LWP 8936) exited]

Program received signal SIGSEGV, Segmentation fault.
bts::blockchain::chain_database::get_head_block_id (this=0x17c15a8) at /home/bitcoiner/local/bitshares_toolkit/libraries/blockchain/chain_database.cpp:2230
2230        return my->_head_block_id;
(gdb) bt
#0  bts::blockchain::chain_database::get_head_block_id (this=0x17c15a8) at /home/bitcoiner/local/bitshares_toolkit/libraries/blockchain/chain_database.cpp:2230
#1  0x00000000005f5743 in bts::client::detail::client_impl::handle_message (this=0x1783680, message_to_handle=..., sync_mode=<optimized out>) at /home/bitcoiner/local/bitshares_toolkit/libraries/client/client.cpp:949
#2  0x00000000006e612f in operator() (__closure=<optimized out>) at /home/bitcoiner/local/bitshares_toolkit/libraries/net/node.cpp:3494
#3  fc::detail::functor_run<bts::net::detail::thread_switching_node_delegate_wrapper::handle_message(const bts::net::message&, bool)::__lambda44>::run(void *, void *) (functor=<optimized out>, prom=0x7fffd8126840)
    at /home/bitcoiner/local/bitshares_toolkit/libraries/fc/include/fc/thread/task.hpp:48
#4  0x000000000064e873 in fc::task_base::run_impl (this=this@entry=0x7fffd8126790) at /home/bitcoiner/local/bitshares_toolkit/libraries/fc/src/thread/task.cpp:39
#5  0x000000000064ef25 in fc::task_base::run (this=this@entry=0x7fffd8126790) at /home/bitcoiner/local/bitshares_toolkit/libraries/fc/src/thread/task.cpp:29
#6  0x000000000064d0db in run_next_task (this=0x1784e60) at /home/bitcoiner/local/bitshares_toolkit/libraries/fc/src/thread/thread_d.hpp:372
#7  fc::thread_d::process_tasks (this=this@entry=0x1784e60) at /home/bitcoiner/local/bitshares_toolkit/libraries/fc/src/thread/thread_d.hpp:395
#8  0x000000000064d326 in fc::thread_d::start_process_tasks (my=24661600) at /home/bitcoiner/local/bitshares_toolkit/libraries/fc/src/thread/thread_d.hpp:352
#9  0x0000000000cba46e in make_fcontext ()
#10 0x0000000001784e60 in ?? ()
#11 0x0000000000000000 in ?? ()



[bitcoinerS]

Whats going on with the test now? Im getting stuck on a block again:

Code: [Select]

--- there are now 8 active connections to the p2p network
(wallet closed) >>> getinfo
{
  "blockchain_head_block_num": 3939,
  "blockchain_head_block_age": "5 hours old",
  "blockchain_head_block_timestamp": "20140717T101150",
  "blockchain_average_delegate_participation": 5.6456120737842372,
  "blockchain_delegate_pay_rate": 10,
  "blockchain_blocks_left_in_round": 101,
  "blockchain_confirmation_requirement": 1,
  "blockchain_accumulated_fees": "12.89899 XTS",
  "blockchain_share_supply": 199999998692024,
  "blockchain_random_seed": "b5a0d967911b6a1132a74039fefaa90c4618a60b",
  "blockchain_database_version": 114,
  "blockchain_version": 108,
  "network_num_connections": 8,
  "network_num_connections_max": 200,
  "network_protocol_version": 104,
  "ntp_time": "20140717T145220",
  "ntp_error": -0.025156000000000001,
  "wallet_open": false,
  "wallet_unlocked": null,
  "wallet_unlocked_until": null,
  "wallet_unlocked_until_timestamp": null,
  "wallet_block_production_enabled": null,
  "wallet_next_block_production_time": null,
  "wallet_next_block_production_timestamp": null,
  "wallet_version": 100
}


Me too.

[bytemaster]

If current price is 1xts/usd, current buy order totally 10^7USD
I can attack with these process:

Code: [Select]

ask alt 200000 XTS 500 USD // buy 10^8 USD with 2*10^5 XTS
short  alt 100000000 500 USD // short 10^8 USD with 2*10^5 XTS  backup
I earn 10^8-10^7=9*10^7 USD, WITH 4*40^5 XTS.
these XTS should only worth 4*10^5 XTS with normal price 1XTS/USD.

Yes, you can do that right now, but not with the enhanced restrictions coming.

[alt]

If current price is 1xts/usd, current buy order totally 10^7USD
I can attack with these process:

Code: [Select]

ask alt 200000 XTS 500 USD // buy 10^8 USD with 2*10^5 XTS
short  alt 100000000 500 USD // short 10^8 USD with 2*10^5 XTS  backup
I earn 10^8-10^7=9*10^7 USD, WITH 4*40^5 XTS.
these XTS should only worth 4*10^5 XTS with normal price 1XTS/USD.

[bdnoble]

You are wrong. The point is that even at the current market cap which is approximately 20-30 mil you would have to spend 200k or 300k on acquiring shares before you could attack the network (in the future it will be much more expensive). And if you had that many shares, it would be WAY more profitable to INCREASE the value of the network than to destroy it by having some kind of attack on it.


Sent from my iPhone using Tapatalk

"After the birth of Jesus, "wise men from the East" visited Herod to inquire the whereabouts of "the one having been born king of the Jews"... Herod killed all kids under 2 years old because as King of the Jews, was alarmed at the prospect of a usurper... "

I hope the modern king in crypto currency world will not copy paste Herod's attitude and sacrifice about 300,000 kids sorry I mean $dollars...  But in the event  they did, I would suggest to name that historical crypto event something like... 

"Massacre of the Innocents...bitUSD's"

Indeed. "Some men aren't looking for anything logical, like money. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn." That's why we need a hero. Actually 101 heroes will do nicely.


Sent from my iPhone using Tapatalk

[liondani]

You are wrong. The point is that even at the current market cap which is approximately 20-30 mil you would have to spend 200k or 300k on acquiring shares before you could attack the network (in the future it will be much more expensive). And if you had that many shares, it would be WAY more profitable to INCREASE the value of the network than to destroy it by having some kind of attack on it.


Sent from my iPhone using Tapatalk

"After the birth of Jesus, "wise men from the East" visited Herod to inquire the whereabouts of "the one having been born king of the Jews"... Herod killed all kids under 2 years old because as King of the Jews, was alarmed at the prospect of a usurper... "

I hope the modern king in crypto currency world will not copy paste Herod's attitude and sacrifice about 300,000 kids sorry I mean $dollars...  But in the event  they did, I would suggest to name that historical crypto event something like... 

"Massacre of the Innocents...bitUSD's"

[clout]

Whats going on with the test now? Im getting stuck on a block again:

Code: [Select]

--- there are now 8 active connections to the p2p network
(wallet closed) >>> getinfo
{
  "blockchain_head_block_num": 3939,
  "blockchain_head_block_age": "5 hours old",
  "blockchain_head_block_timestamp": "20140717T101150",
  "blockchain_average_delegate_participation": 5.6456120737842372,
  "blockchain_delegate_pay_rate": 10,
  "blockchain_blocks_left_in_round": 101,
  "blockchain_confirmation_requirement": 1,
  "blockchain_accumulated_fees": "12.89899 XTS",
  "blockchain_share_supply": 199999998692024,
  "blockchain_random_seed": "b5a0d967911b6a1132a74039fefaa90c4618a60b",
  "blockchain_database_version": 114,
  "blockchain_version": 108,
  "network_num_connections": 8,
  "network_num_connections_max": 200,
  "network_protocol_version": 104,
  "ntp_time": "20140717T145220",
  "ntp_error": -0.025156000000000001,
  "wallet_open": false,
  "wallet_unlocked": null,
  "wallet_unlocked_until": null,
  "wallet_unlocked_until_timestamp": null,
  "wallet_block_production_enabled": null,
  "wallet_next_block_production_time": null,
  "wallet_next_block_production_timestamp": null,
  "wallet_version": 100
}


[bytemaster]

still can attack with these rules, if I have about 1% XTS.

1. use about 10^7 XTS  or more, control the price to 500USD/XTS, get about 5*10^9 USD
2. usd about 10^7 XTS or more + maybe 10^5 USD, control the price to 0.0005USD/XTS,get all the backup XTS.

It is just a matter of scale.  Attacking the network in such a manner would destroy the network and make your 1% worthless.  We can set that value as high as 5% or more.  The assumption is anyone with that much steak we not want to harm the network.  No one else would participate in the network and instead could go to a new bit asset.  You and then be trading against yourself and not profit at all. 


Sent from my iPhone using Tapatalk

Arrrg.  I'm not a tester, but I don't think I like this reasoning at all. Assuming that no individual person or group would spend money to harm the network is a bad assumption, especially at the early stages when the total NAV is still low.  There could be great incentives to try and destroy the network.    Please tell me I don't know crap and I'm wrong because that's what I want to hear right now. 

+ 1

Lets look at this very closely because it is very easy to confuse yourself when it comes to thinking about markets (happens to me a lot and I have a good grasp on it).   I write this to "think out loud" so I may have something wrong.

Before any trading can occur there must be at least X% (say 1%) of the XTS sitting in unmatched shorts & asks.  Lets also assume that this 1% does not belong to the attacker because the attacker would have no victims if it all belonged to him. 

Primary goal of the attack:
1) Create a large amount of BitUSD with very little XTS backing it which will be unresolvable and break the peg until someone eats the loss.
2) To be successful the attacker must be on both sides of the trade (collecting a large USD balance, and an equal short position).
3) To achieve this the attacker must eliminate all other asks on the book that are not their own.

To execute the attack:
1) You must sell 1 XTS for 10000 USD (a very high ask if it were real USD)
2) This means you must place bids to match every ask at 1, 10, 100, 1000 USD per XTS
3) To places these bids means you must short USD at lower and lower prices
4) As you short USD at lower and lower prices you are creating more and more USD backed by less and less XTS.
5) At the end of the day you have a lot of people who long USD while you are short USD at a very low value.
*** Critical Point:  Does the rest of the market run out of money before you do ********
6) Eventually you run out of money and can no longer fight off the hoards of people selling XTS for USD
7) The value of USD starts rising absent your manipulation until your short position is blown.
Those who were buying USD while you were shorting knew at the time of purchase that USD wasn't pegged to the dollar and they bought knowing their max return would be 2x on their XTS.   So these buyers of USD gladly sell their USD at a 2x profit even if it is below the dollar peg.
9) The market will continue to correct until all of the attackers USD has been covered and his collateral lost.
10) The peg is restored and all is well.

Some things to note:
1) During the attack many legitimate shorts will start covering to lock in their profits and thus make it more difficult to maintain the attack
2) During the attack many savvy users will start buying USD at the huge discount.  If BitUSD is currently 10% of real USD then you buy it because you know it has collateral worth 20% of real USD backing it.  Sure you don't get to realize a 10x gain when it returns to market peg, but you still get a free 2x gain on the return to market peg.  For this reason, BitUSD is a solid buy any time it is below parity and profit can be made by selling BitUSD for XTS even below market peg if you bought it at an even lower point.

What this means is that only the attacker's short positions get blown out, and everyone else still profits.   In this case I consider an attacker anyone who shorts BitUSD when BitUSD is already below USD value. 

So the attacker has to clear the order book of all orders but their own, create a large short against their own ASK so they end up being LONG and SHORT a significant amount of USD.       To execute this attack requires:

1) Enough XTS to buy out all existing asks while having enough XTS to keep the market open, so lets call that 2% of XTS
2) The ability to execute your attack faster than the rest of the market participants can enter to take your money.
       - shorts entering to cover at a profit
       - asks entering to buy USD cheap

I think that the 2% attack threshold is only viable if the rest of the network is idle, in practice I suspect that the market depth could be 10% and would grow as the attacker attempted to push down USD. 

Lastly I would like to submit one last fail-safe feature:  Delegates
  To execute any attack requires delegates to include your transactions in the first place and for regular users to propagate your transactions.  For this reason an attacker would have to connect directly to a delegate that will include their transaction because it is unlikely to propagate among regular users.   If there are good delegates then the market can function with little opportunity to attack.

[ebit]

We can have a try .

[alt]

for the logic of margin call.
don't buy USD directly from market.
If 200 XTS backup for 100 short position of USD
Just make an ask order,

Code: [Select]

ask NETWORK  200 XTS 100/200 USD  //buy 100 USD with price 0.5 USD/XTS

after match of  this order, destroy both 100 USD and the short position.

[dxtr]

What happened to Trading Open/Halt Conditions as described here: http://v3.bitshares.org/banking/ ?

Are those going to be implemented or what other mechanism is going to be there to enable trading with sufficient market depth?

[alt]

I have an idea to avoid the attack with almost no limit to the market. I will post this evening.

来自我的 HUAWEI P7-L00 上的 Tapatalk

I try to write clearly.

this is the command to short USD

Code: [Select]

short alt  20  0.18 USD      // short USD with 20 XTS , and use these USD to buy XTS  at price 0.18 USD / XTS

when delegate commit this transmit to block, the logic is:
1. scanning recently blocks, find the high price USD have sell in each block. we can use the recently 360 blocks.
    At the beginning, there are not enough blocks, we can define an initial price, like 0.2 USD/XTS.
2. use this price to calculate how much USD can create with 20 XTS, if the price is 0.2, for double backup,  the amount is 20*(0.2/2) = 2 USD.
3. these 2 USD belong to alt directly, and make it as a normal bid order, use 2 USD to buy XTS at price 0.18 USD/XTS.

the order list of alt is:
1. 20 XTS backup for 2 USD short position.
2. an order claim by bid:

Code: [Select]

bid alt 2/0.18 XTS 0.18 USD // buy 2/0.18 XTS at price 0.18 USD/XTS