BitAsset Market Manipulation Security

[biophil]

Back to the original topic:

Do you mean data price feeds from the exchanges that list BTSX? And then using a median or average of the price? If so, doesn't this put a lot of control in the exchanges hands? Like what if they were to collude and manipulate price together?

I think any time you have price feeds that humans can exert influence on, you'll have the risk of some group out there colluding for profit. Like big banks manipulating LIBOR to make fractions of percentage points on their intraday loans... you probably just can't get away from it. However, gross feed accuracy should be relatively easy to regulate: delegates will be able to tell if someone is misreporting by percentage points and simply exclude the manipulated data.

Sent from my SCH-S720C using Tapatalk 2

[GaltReport]

There are different qualities that make up a good delegate in my opinion and they are not all required.  For example I, like many in this field, am tech savvy but have limited knowledge of advance finance.  Therefore as a delegate I am comfortable being a good player and making sure my server is secure, reliable, and cost effective.  As far as picking feeds I could probably make an educated guess.


However what would work for me, and those like me, would be a reasonably extensive list of feed sources that the users could vote on much like they vote for delegates.  Or perhaps the delegates could vote on (weighted by approval?).  This would take the task of me, and my limited economic acumen, from having to source out a feed from whole cloth.

 
I am pretty much in the same boat as you.  More of a techie and didn't know delegates had anything to do with data feeds so the simpler  it is to choose and use a feed, the better.

[bytemaster]

There are different qualities that make up a good delegate in my opinion and they are not all required.  For example I, like many in this field, am tech savvy but have limited knowledge of advance finance.  Therefore as a delegate I am comfortable being a good player and making sure my server is secure, reliable, and cost effective.  As far as picking feeds I could probably make an educated guess.


However what would work for me, and those like me, would be a reasonably extensive list of feed sources that the users could vote on much like they vote for delegates.  Or perhaps the delegates could vote on (weighted by approval?).  This would take the task of me, and my limited economic acumen, from having to source out a feed from whole cloth.

I think you will find that many people will provide you with feeds and that all a delegate has to do is identify which feeds are solid and point their client at them.  So your job as delegate is only to evaluate trustworthiness of feeds and not the value of the feed or economic analysis.    Eventually we will make it easy for delegates to simply use the moving average as their feed.

[clout]

so when do we start...?

[Riverhead]

There are different qualities that make up a good delegate in my opinion and they are not all required.  For example I, like many in this field, am tech savvy but have limited knowledge of advance finance.  Therefore as a delegate I am comfortable being a good player and making sure my server is secure, reliable, and cost effective.  As far as picking feeds I could probably make an educated guess.


However what would work for me, and those like me, would be a reasonably extensive list of feed sources that the users could vote on much like they vote for delegates.  Or perhaps the delegates could vote on (weighted by approval?).  This would take the task of me, and my limited economic acumen, from having to source out a feed from whole cloth.

[Ggozzo]

Perhaps an ATR could be used. Average True Range. Put caps on ATR at; ATR*200% and ATR*-200%

Of course the percentage could be changed. A cap based off ATR would be defined and less volatile over time.

[Ggozzo]

What other sources? I was assuming that bitUSD would be pegged to BTSX since the path to liquidity is through BTSX in one form or another.  In this system the only way in and out is through BTSX.

Are the bitAssets going to be able to be sold on external exchanges?

I believe what BM is referring to, is the fact that there will be some arbitrage between the exchanges, as always. And prices on BTSX are likely to follow, not lead, however if BTSX becomes too big, then following is no longer relevant.

I just don't see any other sources for data feeds in pricing besides the exchanges. Otherwise Delegate XYZ could choose an arbitrary number on what they think the price should be, which would not go over well and result in firing. So I was trying to figure out what other feed than that of the exchanges. I don't think exchanges would collude and act shady, but you never know. This industry is full of surprises.

[bitmeat]

What other sources? I was assuming that bitUSD would be pegged to BTSX since the path to liquidity is through BTSX in one form or another.  In this system the only way in and out is through BTSX.

Are the bitAssets going to be able to be sold on external exchanges?

I believe what BM is referring to, is the fact that there will be some arbitrage between the exchanges, as always. And prices on BTSX are likely to follow, not lead, however if BTSX becomes too big, then following is no longer relevant.

[Ggozzo]

Back to the original topic:

Do you mean data price feeds from the exchanges that list BTSX? And then using a median or average of the price? If so, doesn't this put a lot of control in the exchanges hands? Like what if they were to collude and manipulate price together?

Then it would be up to the delegates to post feeds from other sources or to simply ignore the exchanges and rely entirely on maximum price changes in the BitAsset.   If the exchanges are able to manipulate the prices by 50% then regular market participants will be deceived.  Until BitAssets are big enough to DRIVE the price they are always subject to the price feeds traders use on a day-to-day basis to decide when to buy or sell.

What other sources? I was assuming that bitUSD would be pegged to BTSX since the path to liquidity is through BTSX in one form or another.  In this system the only way in and out is through BTSX.

Are the bitAssets going to be able to be sold on external exchanges?

[santaclause102]

merockstar has it right.

To be more specific...

I do not know of any laws that a delegate could be accused of violating.

...that is crazy. What about AML / SAPs (terrorist financing/tax-evasion)/ KYC, before we even touch the entire world of SEC / Treasury / FED regulations?

Put simply: If US senators start complaining, what then? Of course the NSA will know the physical location of the delegates' computers.

Dpos certainly has a powerful regenerative force, in that delegates 101 through 200 can just just step up and keep the system moving, but (I argue) the entire value-proposition of Bitcoin was that there would be nothing for an attacker (government / moral or otherwise) to shut off. It was LibertyReserve without a target. 100 people is smaller than most organizations...if a few executives from a-Canadian-bank-that-allowed-individuals-to-withdraw-money-from-InTrade can be arrested while vacationing in the USA and face 5 years in prison, so can essentially anyone.

Ok.. you can be accused of anything.   But so far we have seen it ruled that Bitcoin is not a security so neither is BTSX.   Bitcoin is not a legal entity and neither is BTSX.  Delegates are merely timestamp servers.  They have no executive authority.   

101 people may be small, but these are 101 people spread all over the world with different jurisdictions. 

All of that said, if it becomes a legal issue then we can adapt.  Let people do it from countries where it is OK.  Run it from behind TOR.  Increase delegate compensation to cover risk.

Wouldn't it make sense to have that checked by a lawyer at least for the US?I guess the US would be the first state to take action here and others would follow. AGS showed that it makes sense to check the legal stuff before and that it is much cheaper in terms of potential harm. 

Apart from that is there any of the below that is not due to holding funds of customers? Delegates dont hold funds....

What about AML / SAPs (terrorist financing/tax-evasion)/ KYC, before we even touch the entire world of SEC / Treasury / FED regulations?

[bitmeat]

Then it would be up to the delegates to post feeds from other sources or to simply ignore the exchanges and rely entirely on maximum price changes in the BitAsset.   If the exchanges are able to manipulate the prices by 50% then regular market participants will be deceived.  Until BitAssets are big enough to DRIVE the price they are always subject to the price feeds traders use on a day-to-day basis to decide when to buy or sell.

Bytemaster, I would like to propose a self-adapting solution which I only wish to discuss over phone/skype, going back and forth on the forums will take too long. Set aside 15 minutes of your time. I'd PM but I'm sure you don't have time to read those.

[bytemaster]

Back to the original topic:

Do you mean data price feeds from the exchanges that list BTSX? And then using a median or average of the price? If so, doesn't this put a lot of control in the exchanges hands? Like what if they were to collude and manipulate price together?

Then it would be up to the delegates to post feeds from other sources or to simply ignore the exchanges and rely entirely on maximum price changes in the BitAsset.   If the exchanges are able to manipulate the prices by 50% then regular market participants will be deceived.  Until BitAssets are big enough to DRIVE the price they are always subject to the price feeds traders use on a day-to-day basis to decide when to buy or sell.

[Ggozzo]

Back to the original topic:

Do you mean data price feeds from the exchanges that list BTSX? And then using a median or average of the price? If so, doesn't this put a lot of control in the exchanges hands? Like what if they were to collude and manipulate price together?

[Xeldal]

keep max 101 ACTIVE delegates (not more) but rotate them with the top X stand-by delegates (x variable,depended on market cap,x higher when market cap is higher).

How is this different from X ACTIVE delegates?  currently we rotate between 101 delegates, if after those 101 take a turn, we're rotating in some number, say 101 standby delegates.  That's the same thing as just saying there are 202 Active delegates.

What am I missing?

[luckybit]

merockstar has it right.

To be more specific...

I do not know of any laws that a delegate could be accused of violating.

...that is crazy. What about AML / SAPs (terrorist financing/tax-evasion)/ KYC, before we even touch the entire world of SEC / Treasury / FED regulations?

Put simply: If US senators start complaining, what then? Of course the NSA will know the physical location of the delegates' computers.

Dpos certainly has a powerful regenerative force, in that delegates 101 through 200 can just just step up and keep the system moving, but (I argue) the entire value-proposition of Bitcoin was that there would be nothing for an attacker (government / moral or otherwise) to shut off. It was LibertyReserve without a target. 100 people is smaller than most organizations...if a few executives from a-Canadian-bank-that-allowed-individuals-to-withdraw-money-from-InTrade can be arrested while vacationing in the USA and face 5 years in prison, so can essentially anyone.

Ok.. you can be accused of anything.   But so far we have seen it ruled that Bitcoin is not a security so neither is BTSX.   Bitcoin is not a legal entity and neither is BTSX.  Delegates are merely timestamp servers.  They have no executive authority.   

101 people may be small, but these are 101 people spread all over the world with different jurisdictions. 

All of that said, if it becomes a legal issue then we can adapt.  Let people do it from countries where it is OK.  Run it from behind TOR.  Increase delegate compensation to cover risk.

So we have already admit that is better that we have more individuals (separated in different country's) that take the delegate role to reduce risk ... As it is right now it is max 101 individuals, and if we want to be honest it will be only a percentage of the 101 active delegates because some individuals will manage to control more than 1 delegate at a time... So I bring back again the idea to: keep max 101 ACTIVE delegates (not more) but rotate them with the top X stand-by delegates (x variable,depended on market cap,x higher when market cap is higher). You can even use less delegates when transactions volume get higher than y% of average volume (for the last hours)  to ensure that very high volume transactions get signed from high end servers that are more trustworthy...

These are some intriguing ideas.

[liondani]

merockstar has it right.

To be more specific...

I do not know of any laws that a delegate could be accused of violating.

...that is crazy. What about AML / SAPs (terrorist financing/tax-evasion)/ KYC, before we even touch the entire world of SEC / Treasury / FED regulations?

Put simply: If US senators start complaining, what then? Of course the NSA will know the physical location of the delegates' computers.

Dpos certainly has a powerful regenerative force, in that delegates 101 through 200 can just just step up and keep the system moving, but (I argue) the entire value-proposition of Bitcoin was that there would be nothing for an attacker (government / moral or otherwise) to shut off. It was LibertyReserve without a target. 100 people is smaller than most organizations...if a few executives from a-Canadian-bank-that-allowed-individuals-to-withdraw-money-from-InTrade can be arrested while vacationing in the USA and face 5 years in prison, so can essentially anyone.

Ok.. you can be accused of anything.   But so far we have seen it ruled that Bitcoin is not a security so neither is BTSX.   Bitcoin is not a legal entity and neither is BTSX.  Delegates are merely timestamp servers.  They have no executive authority.   

101 people may be small, but these are 101 people spread all over the world with different jurisdictions. 

All of that said, if it becomes a legal issue then we can adapt.  Let people do it from countries where it is OK.  Run it from behind TOR.  Increase delegate compensation to cover risk.

So we have already admit that is better that we have more individuals (separated in different country's) that take the delegate role to reduce risk ... As it is right now it is max 101 individuals, and if we want to be honest it will be only a percentage of the 101 active delegates because some individuals will manage to control more than 1 delegate at a time... So I bring back again the idea to: keep max 101 ACTIVE delegates (not more) but rotate them with the top X stand-by delegates (x variable,depended on market cap,x higher when market cap is higher). You can even use less delegates when transactions volume get higher than y% of average volume (for the last hours)  to ensure that very high volume transactions get signed from high end servers that are more trustworthy...

[bytemaster]

merockstar has it right.

To be more specific...

I do not know of any laws that a delegate could be accused of violating.

...that is crazy. What about AML / SAPs (terrorist financing/tax-evasion)/ KYC, before we even touch the entire world of SEC / Treasury / FED regulations?

Put simply: If US senators start complaining, what then? Of course the NSA will know the physical location of the delegates' computers.

Dpos certainly has a powerful regenerative force, in that delegates 101 through 200 can just just step up and keep the system moving, but (I argue) the entire value-proposition of Bitcoin was that there would be nothing for an attacker (government / moral or otherwise) to shut off. It was LibertyReserve without a target. 100 people is smaller than most organizations...if a few executives from a-Canadian-bank-that-allowed-individuals-to-withdraw-money-from-InTrade can be arrested while vacationing in the USA and face 5 years in prison, so can essentially anyone.

Ok.. you can be accused of anything.   But so far we have seen it ruled that Bitcoin is not a security so neither is BTSX.   Bitcoin is not a legal entity and neither is BTSX.  Delegates are merely timestamp servers.  They have no executive authority.   

101 people may be small, but these are 101 people spread all over the world with different jurisdictions. 

All of that said, if it becomes a legal issue then we can adapt.  Let people do it from countries where it is OK.  Run it from behind TOR.  Increase delegate compensation to cover risk.

[GaltReport]

After reading about Liberty Reserve, I don't see much similarity here. Bitshares isn't acting as a depository or a "real" currency exchange. People are going to have to buy BTSX from elsewhere and then use it to trade.

Bank-Coinbase-BTer-BitsharesX
Similarly,
Bank-paypal-Ebay. If someone is laundering money through paypal and then buying things on Ebay, the ebay sellers aren't charged with AML crimes. Neither does Ebay.

I am no lawyer though. It be nice to know for sure.

[luckybit]

After reading about Liberty Reserve, I don't see much similarity here. Bitshares isn't acting as a depository or a "real" currency exchange. People are going to have to buy BTSX from elsewhere and then use it to trade.

Bank-Coinbase-BTer-BitsharesX
Similarly,
Bank-paypal-Ebay. If someone is laundering money through paypal and then buying things on Ebay, the ebay sellers aren't charged with AML crimes. Neither does Ebay.

I am no lawyer though. It be nice to know for sure.

 

Now can someone tell this to Benjamin Lawsky? It is a good point and BItshares is no different from Bitcoin in a lot of ways. Replace miners with delegates and because delegates are mostly known trusted entities there is a level of honesty about it.

[merockstar]

can we set a total of bitusd,then increase or reduce the total of bitusd according to the market demand regularly.

people shorting and closing short positions accomplish that naturally.

[当年很厉害]

can we set a total of bitusd,then increase or reduce the total of bitusd according to the market demand regularly.

[Ggozzo]

After reading about Liberty Reserve, I don't see much similarity here. Bitshares isn't acting as a depository or a "real" currency exchange. People are going to have to buy BTSX from elsewhere and then use it to trade.

Bank-Coinbase-BTer-BitsharesX
Similarly,
Bank-paypal-Ebay. If someone is laundering money through paypal and then buying things on Ebay, the ebay sellers aren't charged with AML crimes. Neither does Ebay.

I am no lawyer though. It be nice to know for sure.

[AsymmetricInformation]

merockstar has it right.

To be more specific...

I do not know of any laws that a delegate could be accused of violating.

...that is crazy. What about AML / SAPs (terrorist financing/tax-evasion)/ KYC, before we even touch the entire world of SEC / Treasury / FED regulations?

Put simply: If US senators start complaining, what then? Of course the NSA will know the physical location of the delegates' computers.

Dpos certainly has a powerful regenerative force, in that delegates 101 through 200 can just just step up and keep the system moving, but (I argue) the entire value-proposition of Bitcoin was that there would be nothing for an attacker (government / moral or otherwise) to shut off. It was LibertyReserve without a target. 100 people is smaller than most organizations...if a few executives from a-Canadian-bank-that-allowed-individuals-to-withdraw-money-from-InTrade can be arrested while vacationing in the USA and face 5 years in prison, so can essentially anyone.

[luckybit]

Let's be honest here and admit there is some risk in being a delegate (which is why delegates collect fees). I will also say in my opinion the risk of being a delegate is slightly greater than being a miner.

But at a 16 million dollar market cap it's not really significantly greater. It's when the market cap gets into the billions that it will be significantly greater because the amount of income delegates could get might make it very competitive.

The risk comes from the fact that the community has to trust the delegates but because delegates are easily replaced if they become corrupted it's a risk which can be minimized. I'm not yet a delegate myself so I do recognize the risk (and responsibility).

Perhaps it's also because of the recent "BitLicense" and the tone of it that has some people looking over their shoulders.

[merockstar]

Sounds like being a delegate is a lot of (crucial) work, and you might be arrested (LibertyReserve had way more than 100 employees). Maybe all of the delegates can be from Switzerland, or something.

This is going to be pretty complicated to analyse now...I suspect that with 12 delegates comes instant victory. Getting 12 might even be easy, if 88 are going to be left in the dust, you wouldn't want to be one of those 88. 1 for free if you are a delegate yourself... I don't know when I'll have time to try and figure this out.

Wait a second. What do you mean we could be arrested? I've put my name on this delegate and was about to start pushing out advertisements as soon as this becomes profitable. At ~6 cents per hour right now, this may not be worth it.  I need to know what liabilities are involved before we get too deep. Can you describe what you mean and how we "could" be arrested?

you're part of a fair, viable alternative to the legacy banking system.

any government could potentially bullshit something up.

[GaltReport]

Sounds like being a delegate is a lot of (crucial) work, and you might be arrested (LibertyReserve had way more than 100 employees). Maybe all of the delegates can be from Switzerland, or something.

This is going to be pretty complicated to analyse now...I suspect that with 12 delegates comes instant victory. Getting 12 might even be easy, if 88 are going to be left in the dust, you wouldn't want to be one of those 88. 1 for free if you are a delegate yourself... I don't know when I'll have time to try and figure this out.

Wait a second. What do you mean we could be arrested? I've put my name on this delegate and was about to start pushing out advertisements as soon as this becomes profitable. At ~6 cents per hour right now, this may not be worth it.  I need to know what liabilities are involved before we get too deep. Can you describe what you mean and how we "could" be arrested?

Too late.  Just consider yourself drafted private!! 

(8 hours of hot lights, no bathroom breaks or water and I'll be blaming Bytemaster, Stan and the Chinese for everything!!)

Just kidding.  I haven't a clue.  I would guess DacsUnlimited is taking the lead on this.

[bytemaster]

Sounds like being a delegate is a lot of (crucial) work, and you might be arrested (LibertyReserve had way more than 100 employees). Maybe all of the delegates can be from Switzerland, or something.

This is going to be pretty complicated to analyse now...I suspect that with 12 delegates comes instant victory. Getting 12 might even be easy, if 88 are going to be left in the dust, you wouldn't want to be one of those 88. 1 for free if you are a delegate yourself... I don't know when I'll have time to try and figure this out.

Wait a second. What do you mean we could be arrested? I've put my name on this delegate and was about to start pushing out advertisements as soon as this becomes profitable. At ~6 cents per hour right now, this may not be worth it.  I need to know what liabilities are involved before we get too deep. Can you describe what you mean and how we "could" be arrested?

Delegates do not exercise arbitrary authority and if publishing a data feed without any contractual obligations is a crime then the delegate can abstain from publishing a feed.   I do not know of any laws that a delegate could be accused of violating.

[bitmeat]

That said - I have an idea. And this needs to evolve into something more solid.

What if transactions are posted in encrypted format. Something along the lines of TITAN for the orderbook.

Let's say we have the following time line

At Block T, A has a confirmed order to buy listed in the order book. B wants to sell at the confirmed price A has listed in the order book.

B submits an encrypted pending order, which gets confirmed in Block T+1

B then submits the code to decrypt the pending order at Block T+2, which confirms and executes it, unless A managed to confirm order cancellation in Block T + 1.

Downside is that it now takes 2 confirmations instead of 1 for transaction to occur.

Also make orders extremely cheap, however extremely expensive to cancel. (i.e. they should be allowed, but this will reduce the bloat in the chain, as well as drive away those buying/selling non-stop)

UPDATE: mixed up A & B. Should be good now.

[Ggozzo]

Sounds like being a delegate is a lot of (crucial) work, and you might be arrested (LibertyReserve had way more than 100 employees). Maybe all of the delegates can be from Switzerland, or something.

This is going to be pretty complicated to analyse now...I suspect that with 12 delegates comes instant victory. Getting 12 might even be easy, if 88 are going to be left in the dust, you wouldn't want to be one of those 88. 1 for free if you are a delegate yourself... I don't know when I'll have time to try and figure this out.

Wait a second. What do you mean we could be arrested? I've put my name on this delegate and was about to start pushing out advertisements as soon as this becomes profitable. At ~6 cents per hour right now, this may not be worth it.  I need to know what liabilities are involved before we get too deep. Can you describe what you mean and how we "could" be arrested?

[bitmeat]

Sounds like being a delegate is a lot of (crucial) work, and you might be arrested (LibertyReserve had way more than 100 employees). Maybe all of the delegates can be from Switzerland, or something.

This is going to be pretty complicated to analyse now...I suspect that with 12 delegates comes instant victory. Getting 12 might even be easy, if 88 are going to be left in the dust, you wouldn't want to be one of those 88. 1 for free if you are a delegate yourself... I don't know when I'll have time to try and figure this out.

AI, The guys you are talking about have done some really shady things though. I remember seeing a discussion with a strong attorney in the space from New York, who said that as long as you are not dealing with gateways, you should generally be OK. i.e. FIAT <-> BTC <-- serious regulation. BTC <-> other crypto, it's all virtual, no harm done.

In other words if someone does something shady, they will eventually need to cash out of crypto, and that's when they can be examined. Delegates are serving the same role as miners, are they not? It's like saying that if someone moved a lot of BTC used for bad things we should arrest all the miners who mined the blocks containing those transactions.

I'm not a lawyer, so go consult one, just repeating something I've seen in a Bitcoin conference video somewhere. (honestly don't remember the source)

[GaltReport]

...
4) At least 25% of the delegates must be producing a feed
...

How is this done?  Are the feeds going to be build into the software and delegates just need to enable them?

[AsymmetricInformation]

The feeds are not even critical...  if an attacker can get 51% of the feeds and and have enough stake to manipulate the market then they can destroy one BitAsset... the chain would fork and people would continue.

You shouldn't really worry about what I have to say, I haven't had the opportunity to think through this at all. But forking the chain can be profitable via double spends, can't it? I just attack a small or medium sized BitAsset, while selling BTS on an external exchange. After the fork I get my BTS back.

I would really just prefer you to turn it on, I think, than keep theorizing about it.

[Empirical1]

+ 5% I don't pretend to understand these things, but sounds good, much more comfortable having those limits in the beginning.

why not include marketdephs as a parameter?

for example

we could bind the max contract size to the marketdephs at that moment starting with a minimum contract size.

like only 1000 BitUSD are sold and bought in the past, the max order size per account could only be X BitUSD. So for one account here is not a problem anymore.
I am aware that this idea could not prefent fraud from more than 1 account but this kind of problem you will have all the time.

Any attacker with significant capital could harm the network with anything other than price feeds or a large player acting as market maker.    Price feeds give us "low-cost" protection against attacks that likely prevents the attacks from happening in the first place and leaving us with a market-pegged asset.

Don't know about this, but what about volume of trade limits set by 51% of the delegates? Like only $X per hour. It's set at a level that would almost never be breached unless it was being done as an attack and is constantly raised as the trading pair becomes more popular. 

[bytemaster]

Sounds like being a delegate is a lot of (crucial) work, and you might be arrested (LibertyReserve had way more than 100 employees). Maybe all of the delegates can be from Switzerland, or something.

This is going to be pretty complicated to analyse now...I suspect that with 12 delegates comes instant victory. Getting 12 might even be easy, if 88 are going to be left in the dust, you wouldn't want to be one of those 88. 1 for free if you are a delegate yourself... I don't know when I'll have time to try and figure this out.

12 delegates is not "instant victory" if every delegate is publishing a feed.   
The feeds are not even critical...  if an attacker can get 51% of the feeds and and have enough stake to manipulate the market then they can destroy one BitAsset... the chain would fork and people would continue. 

Blockchains are like the lock on your front door, they keep honest people honest but do nothing to protect against governments or wealthy adversaries wanting to take you out.  These attacks are not profitable to perform.   Honest people can still use the system with great effect and just fork out any attacker.   

Bottom line:  providing security against attackers that don't care about profit is not something that any crypto-system provides.   

[AsymmetricInformation]

Sounds like being a delegate is a lot of (crucial) work, and you might be arrested (LibertyReserve had way more than 100 employees). Maybe all of the delegates can be from Switzerland, or something.

This is going to be pretty complicated to analyse now...I suspect that with 12 delegates comes instant victory. Getting 12 might even be easy, if 88 are going to be left in the dust, you wouldn't want to be one of those 88. 1 for free if you are a delegate yourself... I don't know when I'll have time to try and figure this out.

[bytemaster]

why not include marketdephs as a parameter?

for example

we could bind the max contract size to the marketdephs at that moment starting with a minimum contract size.

like only 1000 BitUSD are sold and bought in the past, the max order size per account could only be X BitUSD. So for one account here is not a problem anymore.
I am aware that this idea could not prefent fraud from more than 1 account but this kind of problem you will have all the time.

Any attacker with significant capital could harm the network with anything other than price feeds or a large player acting as market maker.    Price feeds give us "low-cost" protection against attacks that likely prevents the attacks from happening in the first place and leaving us with a market-pegged asset. 

[Shentist]

why not include marketdephs as a parameter?

for example

we could bind the max contract size to the marketdephs at that moment starting with a minimum contract size.

like only 1000 BitUSD are sold and bought in the past, the max order size per account could only be X BitUSD. So for one account here is not a problem anymore.
I am aware that this idea could not prefent fraud from more than 1 account but this kind of problem you will have all the time.

[luckybit]

BitAssets are a challenge to bootstrap because it only takes a single bogus trade for someone to print up a billion BitUSD backed by no collateral.   To execute this trade all that is necessary is for someone to gain control of both sides of the order book long enough to execute a trade against themselves at a price they pick.   This attack depends upon two factors:

1) The attacker having financial interest in destroying the network
2) The attacker having a large pot of cash that they can burn to bring it down.
3) The attacker being able to execute his attack in a timely manner.

Most of these problems go away once the network is as big as Bitcoin, but when we are young it is much harder to "secure" the market peg.  I have just finished implementing everything I think is necessary to launch BitAssets and having the system be secure:

1) There is a minimum market depth required before any shorts or covers are executed (1% XTS)
2) There is a maximum short price that is 50% higher than the current median price feed..  maximum_bid = median_price * 3 / 2
3) Only active delegates may publish a price feed and they must update it every 24 hours.
4) At least 25% of the delegates must be producing a feed

What these limits mean is that once trading begins the only time there can be a margin call is when delegates raise the median price feed.  It also means the delegates are circuit breakers in the system.  They can limit the price movements during rapid change giving players time to adjust their positions. 

Someone speculating in this market now knows that the value of BTSX in terms of BitUSD cannot fall by more than 33% without the delegates updating the price feed.

So what does this give us?   
1) A system where the there are up to 101 price feeds for USD / BTSX price, with at least 25
2) By using the median feeds that are way out of line are ignored.
3) Delegates don't set the price and thus the feed does not need to be very accurate and can get by with just one update per day.
4) The price feed is just used as a guardrail that makes attacks "impossible" while not actually being used to execute orders
5) Users only need to trust that delegates can produce a feed that is "close enough" and don't have to trust any individual delegate. 
6) Even if the delegates posted BOGUS feeds all they could do is stop new shorts from being executed.
       a) delegates have this power anyway by controlling what transactions get included.
       b) if the attacker controls over 50% of the price feeds they must control at least 12% of the delegates and that is already bad.
       c) everyone knows who the attacker is based upon their price feeds.

In the long-run, we can remove the need for the price feeds once the depth of the market is measured in billions of dollars... or perhaps loosen the price range a bit.   With this in place I believe we can launch a test network for BitUSD tomorrow.   All trading will occur just like it does with user issued assets with the addition that shorts can add bids (selling USD for BTSX) and margin positions can result in asks.

I thought if we have automated or algorithmic trading then the network could self bootstrap in a coordinated fashion. Bots would make the trades automatically in a coordinated symphony. But I see this is not something which everyone would do.

Manual trading would be harder to bootstrap but I need to take some time to think about this problem as it's not easy.

I think the solution Bytemaster presents above is worth a trial. I hope it works but I also hope we can find a more elegant solution which can be more autonomous.

[bytemaster]

BitAssets are a challenge to bootstrap because it only takes a single bogus trade for someone to print up a billion BitUSD backed by no collateral.   To execute this trade all that is necessary is for someone to gain control of both sides of the order book long enough to execute a trade against themselves at a price they pick.   This attack depends upon two factors:

1) The attacker having financial interest in destroying the network
2) The attacker having a large pot of cash that they can burn to bring it down.
3) The attacker being able to execute his attack in a timely manner.

Most of these problems go away once the network is as big as Bitcoin, but when we are young it is much harder to "secure" the market peg.  I have just finished implementing everything I think is necessary to launch BitAssets and having the system be secure:

1) There is a minimum market depth required before any shorts or covers are executed (1% XTS)
2) There is a maximum short price that is 50% higher than the current median price feed..  maximum_bid = median_price * 3 / 2
3) Only active delegates may publish a price feed and they must update it every 24 hours.
4) At least 25% of the delegates must be producing a feed

What these limits mean is that once trading begins the only time there can be a margin call is when delegates raise the median price feed.  It also means the delegates are circuit breakers in the system.  They can limit the price movements during rapid change giving players time to adjust their positions. 

Someone speculating in this market now knows that the value of BTSX in terms of BitUSD cannot fall by more than 33% without the delegates updating the price feed.

So what does this give us?   
1) A system where the there are up to 101 price feeds for USD / BTSX price, with at least 25
2) By using the median feeds that are way out of line are ignored.
3) Delegates don't set the price and thus the feed does not need to be very accurate and can get by with just one update per day.
4) The price feed is just used as a guardrail that makes attacks "impossible" while not actually being used to execute orders
5) Users only need to trust that delegates can produce a feed that is "close enough" and don't have to trust any individual delegate. 
6) Even if the delegates posted BOGUS feeds all they could do is stop new shorts from being executed.
       a) delegates have this power anyway by controlling what transactions get included.
       b) if the attacker controls over 50% of the price feeds they must control at least 12% of the delegates and that is already bad.
       c) everyone knows who the attacker is based upon their price feeds.

In the long-run, we can remove the need for the price feeds once the depth of the market is measured in billions of dollars... or perhaps loosen the price range a bit.   With this in place I believe we can launch a test network for BitUSD tomorrow.   All trading will occur just like it does with user issued assets with the addition that shorts can add bids (selling USD for BTSX) and margin positions can result in asks.