BitAssets are a challenge to bootstrap because it only takes a single bogus trade for someone to print up a billion BitUSD backed by no collateral. To execute this trade all that is necessary is for someone to gain control of both sides of the order book long enough to execute a trade against themselves at a price they pick. This attack depends upon two factors:
1) The attacker having financial interest in destroying the network
2) The attacker having a large pot of cash that they can burn to bring it down.
3) The attacker being able to execute his attack in a timely manner.
Most of these problems go away once the network is as big as Bitcoin, but when we are young it is much harder to "secure" the market peg. I have just finished implementing everything I think is necessary to launch BitAssets and having the system be secure:
1) There is a minimum market depth required before any shorts or covers are executed (1% XTS)
2) There is a maximum short price that is 50% higher than the current median price feed.. maximum_bid = median_price * 3 / 2
3) Only active delegates may publish a price feed and they must update it every 24 hours.
4) At least 25% of the delegates must be producing a feed
What these limits mean is that once trading begins the only time there can be a margin call is when delegates raise the median price feed. It also means the delegates are circuit breakers in the system. They can limit the price movements during rapid change giving players time to adjust their positions.
Someone speculating in this market now knows that the value of BTSX in terms of BitUSD cannot fall by more than 33% without the delegates updating the price feed.
So what does this give us?
1) A system where the there are up to 101 price feeds for USD / BTSX price, with at least 25
2) By using the median feeds that are way out of line are ignored.
3) Delegates don't set the price and thus the feed does not need to be very accurate and can get by with just one update per day.
4) The price feed is just used as a guardrail that makes attacks "impossible" while not actually being used to execute orders
5) Users only need to trust that delegates can produce a feed that is "close enough" and don't have to trust any individual delegate.
6) Even if the delegates posted BOGUS feeds all they could do is stop new shorts from being executed.
a) delegates have this power anyway by controlling what transactions get included.
b) if the attacker controls over 50% of the price feeds they must control at least 12% of the delegates and that is already bad.
c) everyone knows who the attacker is based upon their price feeds.
In the long-run, we can remove the need for the price feeds once the depth of the market is measured in billions of dollars... or perhaps loosen the price range a bit. With this in place I believe we can launch a test network for BitUSD tomorrow. All trading will occur just like it does with user issued assets with the addition that shorts can add bids (selling USD for BTSX) and margin positions can result in asks.