At first glance "smart" assets look like a more secure alternative to regular (user-issued) assets. They are backed by collaterial. An asset owner can't just issue millions of coins. Your only risk is the market fluctuations and Nassim Taleb with his black swans. Right?
WRONG! Actually, smart-assets even more risky. Here are some ways asset owners can f*ck everyone who have invested in their smart-coins.
1. Artificial margin-calls. At any moment an asset owner can push fake settlement price causing a margin-call. When a margin-call happens he/she sells you the asset with a really high price. GOODBYE COLLATERIAL!
2. Artificial devaluation.You are smart and just want to buy an asset cheaply to sell later. Is it ok? Haha! NO! The asset owner just pushes extra low pricefeed, borrows millions of smartcoins and sells them to you. Don't worry, maybe you will be able to sell those coins in 2058.
3. The "Issuer may transfer asset back to himself" flag.
Really!
4 (new). 99.99% market fee The main profit an asset owner gets (other than stealing your money with options 1,2 and 3) is a market fee. Each time someone buys the asset, small amount of it goes to the fee pool the owner can use. For example bitCNY fee is 0.1% at the moment. That's ok until the asset owner sets the fee equal to 99.9%. It's just like sending coins you're buying directly to him. Awesome, isn't it?
But what if there are multiple price-feed producers? The settlement price is medianed, so everything should be fine?
NO. At any moment, the owner can remove all pricefeed producers from the authorized list and push a fake price. Then 1 & 2
Can you trust a multi-signature account?
OMG NO.Registering new users costs nothing. It's easy to create a new multisig account (
http://docs.bitshares.org/bitshares/user/account-permissions.html#flat-multi-signature), fill it with fake users, maybe add some "reliable" accounts and then 1 & 2 & 3
But smartcoins are awesome!
Yes they are, however the only safe smart-coins at the moment are bitASSETS created by trustworthy committee account named simply "commitee-account" (bitUSD, bitCNY etc) and assets created by people you know/trust. If you invest in other smart assets, be ready to loose your collaterial or get an asset that costs nothing at the end of the day. Like 0.000001 nothing.
I'm not going to say that assets I created (INDEXDJI, INDEXSPX, INDEXNASDAQ, CUBED.CNY, CUBED.USD) are any better. If I decide to cheat at some moment, i'll be able to do 1, 2 and then 3 (wtf guys, why do you buy assets with such permission enabled?).
I'm writing this to warn people, who don't really understand how smartcoins work. Also it would be awesome to hear any thoughts about how to make a really secure smart-asset on Bitshares.