BitShares Forum
Main => General Discussion => Topic started by: btsindex on August 20, 2018, 02:42:22 pm
-
At first glance "smart" assets look like a more secure alternative to regular (user-issued) assets. They are backed by collaterial. An asset owner can't just issue millions of coins. Your only risk is the market fluctuations and Nassim Taleb with his black swans. Right? WRONG! Actually, smart-assets even more risky. Here are some ways asset owners can f*ck everyone who have invested in their smart-coins.
1. Artificial margin-calls.
At any moment an asset owner can push fake settlement price causing a margin-call. When a margin-call happens he/she sells you the asset with a really high price. GOODBYE COLLATERIAL!
2. Artificial devaluation.
You are smart and just want to buy an asset cheaply to sell later. Is it ok? Haha! NO! The asset owner just pushes extra low pricefeed, borrows millions of smartcoins and sells them to you. Don't worry, maybe you will be able to sell those coins in 2058.
3. The "Issuer may transfer asset back to himself" flag.
Really!
4 (new). 99.99% market fee
The main profit an asset owner gets (other than stealing your money with options 1,2 and 3) is a market fee. Each time someone buys the asset, small amount of it goes to the fee pool the owner can use. For example bitCNY fee is 0.1% at the moment. That's ok until the asset owner sets the fee equal to 99.9%. It's just like sending coins you're buying directly to him. Awesome, isn't it?
But what if there are multiple price-feed producers? The settlement price is medianed, so everything should be fine? NO. At any moment, the owner can remove all pricefeed producers from the authorized list and push a fake price. Then 1 & 2
Can you trust a multi-signature account? OMG NO.
Registering new users costs nothing. It's easy to create a new multisig account (http://docs.bitshares.org/bitshares/user/account-permissions.html#flat-multi-signature (http://docs.bitshares.org/bitshares/user/account-permissions.html#flat-multi-signature)), fill it with fake users, maybe add some "reliable" accounts and then 1 & 2 & 3
But smartcoins are awesome!
Yes they are, however the only safe smart-coins at the moment are bitASSETS created by trustworthy committee account named simply "commitee-account" (bitUSD, bitCNY etc) and assets created by people you know/trust. If you invest in other smart assets, be ready to loose your collaterial or get an asset that costs nothing at the end of the day. Like 0.000001 nothing.
I'm not going to say that assets I created (INDEXDJI, INDEXSPX, INDEXNASDAQ, CUBED.CNY, CUBED.USD) are any better. If I decide to cheat at some moment, i'll be able to do 1, 2 and then 3 (wtf guys, why do you buy assets with such permission enabled?).
I'm writing this to warn people, who don't really understand how smartcoins work. Also it would be awesome to hear any thoughts about how to make a really secure smart-asset on Bitshares.
-
The Hz MPA has disabled several of the flags which remain active on the committee owned smartcoins - such as the "Issuer may transfer asset back to himself": http://cryptofresh.com/a/HERTZ (http://cryptofresh.com/a/HERTZ) I wish more MPAs were to follow suit in the future.
I do agree that you need to trust the asset owner to not remove the feed producers and cause global settlement, however I disagree that only the committee should be trusted because you could create a similar multi-party ownership of a private MPA with a group of community trusted entities or more drastically you could transfer ownership of the MPA to null which would finalize all settings permanently & prove full decentralization.
-
you could create a similar multi-party ownership of a private MPA with a group of community trusted entities
Yep. That should work! If you trust all individuals of a group you can probably trust the group. Thanks!
you could transfer ownership of the MPA to null
So null is like noone's account? It looks like a regular bts user.
-
@btsindex
Yes you are correct and the only smartcoins I have ever trusted are bitUSD and BitCNY.
Even these have issues with lack of liquidity and short squeezes.
The price feed accuracy, decentralisation and reliability are so so important.
Even BitBTC has blackswanned.
-
Can you trust a committee account? OMG NO.
Registering new users costs nothing. It's easy to create a new committee account, fill it with fake users, maybe add some "reliable" accounts and then 1 & 2 & 3
While I agree with multisig accounts not adding to security by default,
the committee-account (and witness-account) are different in that the blockchain adds accounts to those accounts
according to governance.
There is no simple way to 'create a new committee' account.
-
the committee-account (and witness-account) are different in that the blockchain adds accounts to those accounts
according to governance.
There is no simple way to 'create a new committee' account.
Thanks! Updated the post. I was talking about multisig accounts and mistakenly called them committee accounts. Now i see the difference.
-
you could transfer ownership of the MPA to null
So null is like noone's account? It looks like a regular bts user.
Sending anything to null is the same as burning/destroying the item - by transfering asset ownership to null you destroy the owner permissions/keys & nobody else is in control of any of the MPA settings from that point onwards.
-
you could transfer ownership of the MPA to null
So null is like noone's account? It looks like a regular bts user.
Sending anything to null is the same as burning/destroying the item - by transfering asset ownership to null you destroy the owner permissions/keys & nobody else is in control of any of the MPA settings from that point onwards.
Almost the same. Sending to null is a one way street for an UIA if it.doesnt have issuer can transfer flag, truly lost forever (not considering during protocol upgrade). If you burn UIAs the issuer can issue them again.
-
you could create a similar multi-party ownership of a private MPA with a group of community trusted entities
Yep. That should work! If you trust all individuals of a group you can probably trust the group. Thanks!
you could transfer ownership of the MPA to null
So null is like noone's account? It looks like a regular bts user.
Please be careful, it's "null-account" (id 1.2.3), not "null".
https://cryptofresh.com/u/null-account
https://cryptofresh.com/u/null
-
btsindex, why you not change rights for your smartassets? Such activities may rise up cost BTS, it popularity. I hope you create this assets not for cheat.
There is smartasset - GRIDCOIN, in which not right of issuer create blacklist, return themselves, but there is right switch give feed of delegate - now sw.on)
-
btsindex, why you not change rights for your smartassets? Such activities may rise up cost BTS, it popularity. I need you create this assets not for cheat
Sure, no problem. Just disabled the Issuer may transfer asset back to himself permission for INDEXDJI, INDEXSPX, INDEXNASDAQ.
Also other permissions:
Require holders to be white-listed
Let's say at some moment an asset owner enables corresponding flag and whitelists only himself and current buyers. So other holders can't sell the asset. I haven't tried that, but it seems that it's also possible to use that flag to cheat. Disabled.
Issuer must approve all transfers
Does it also include buying/selling? Disabled
Keep in mind, that it doesn't make the assets "secure".
I'm thinking about transferring the assets ownership to null-account. It's probably a good idea if witnesses or committee members provide prices so you don't need to manually add price-feed producers. Null-account is probably also a good option for honest ICOs via user-issued assets. Like creating an asset, issuing coins to a specific account, then transfer the ownership to the null. Need to experiment with that...
-
I think, that transfering asset to null-account will lead to the impossibility of withdrawal from fee pool. Main idea for issuer of creating and owning smartasset - income from fee pool.
-
The less access rights the owner has left, the more secure the asset. For a better security of the asset, it is better to include the submission of quotations by the witnesses and disable the right of access to change this option. Another unobvious moment - the right of access to a change in the market commission - you can still establish it at 99%.
-
For a better security of the asset, it is better to include the submission of quotations by the witnesses and disable the right of access to change this option.
Yeah! That would be awesome. The problem is an asset owner can disable corresponding flags later. Flags are not fixed. Permissions are fixed (you can change them only once)
Corresponding permissions are the same as flags:
Allow witnesses to provide feeds
Allow committee members to provide feeds
They are activated by default. You can disable them, but that's not what we actually want, right? It's not like if those permissions are active, the corresponding flags are also active all the time.
Another problem is how to engage witnesses or committee members in publishing prices. What if an asset owner is not a witness and all witnesses stop publishing price. In such case the asset becomes frozen.
Another unobvious moment - the right of access to a change in the market commission - you can still establish it at 99%.
Haha! You mean making the market fee like 100%? What a wonderful idea! I'll add it to the main post.
-
Another problem is how to engage witnesses or committee members in publishing prices. What if an asset owner is not a witness and all witnesses stop publishing price. In such case the asset becomes frozen.
Getting price feeds for private MPA from witnesses is difficult, I've found that even with multi price feed script coverage that some witnesses don't publish price feeds for Hz. I've managed to get approx 12 feeds, but 20+ would be preferable..
Another unobvious moment - the right of access to a change in the market commission - you can still establish it at 99%.
Haha! You mean making the market fee like 100%? What a wonderful idea! I'll add it to the main post.
https://github.com/bitshares/bitshares-ui/issues/1369 There's UI changes coming which will at least notify users if this high a market fee is implemented.
-
https://github.com/bitshares/bitshares-ui/issues/1369 There's UI changes coming which will at least notify users if this high a market fee is implemented.
That's great news!
For testing purposes I've just set a 99.9% fee for an empty asset i own (https://wallet.bitshares.org/#/market/INVERTED_BTS (https://wallet.bitshares.org/#/market/INVERTED_BTS)). Currently, without any indication it's really easy to miss the fee value field, place an order and lose money.
-
Artificial margin-call? What about artificial blackswan?
Today:
#29806202 rz120 debt 5 baiducom
#29806208 rz120 sold 5 baiducom for 220*5 usd
#29806241 nasdaq-fb feed baiducom 2322 bts
#29806247 nasdaq-fb feed baiducom 80 bts
#29806269 nasdaq-fb feed baiducom 20 bts
#29806280 rz120 reduce collateral (-18520 BTS)
#29806541 blackswan baiducom - collateral price (36 bts)
Time=15 min, profit=18520 bts
(For this information and recommendation sold other MPA from derivatives-dex I was banned from Telegram-group bitsharesDEX Now unbanned, was mistake)
-
#29806541 blackswan baiducom - collateral price (36 bts)
I cannot find this operation on cryptofresh nor the web wallet block explorer page.
That said, the nasdaq feed price op did infact drop by like 2000 - that's absurdly volatile..
-
#29806541 blackswan baiducom - collateral price (36 bts)
I cannot find this operation on cryptofresh nor the web wallet block explorer page.
http://cryptofresh.com/tx/d29be55cd88b3a0ae7a1b4f8f15907c868f625ab
nasdaq-fb again give normal feedprice, that was cause blackswan and global settlement
-
We should ask "nasdaq" what happened
(http://imagizer.imageshack.us/a/img856/9090/jca.gif)
(For this information and recommendation sold other MPA from derivatives-dex I was banned from Telegram-group bitsharesDEX)
They probably have some kind of rule not to mention specific assets to prevent spam.
-
We should ask "nasdaq" what happened
I asked him when there were similar events, only with a clearly linked account (oliverstone7).
https://bitsharestalk.org/index.php?topic=26068.msg320939#msg320939
-
I asked him when there were similar events, only with a clearly linked account (oliverstone7).
https://bitsharestalk.org/index.php?topic=26068.msg320939#msg320939
Yep. I have decided to write this warning post after reading your messages there
-
(For this information and recommendation sold other MPA from derivatives-dex I was banned from Telegram-group bitsharesDEX)
They probably have some kind of rule not to mention specific assets to prevent spam.
Akledirs should be unbanned from the main channel now.
-
Akledirs should be unbanned from the main channel now.
I'm not into the telegram thing. Could someone ask to unblock Akledirs there? Maybe provide a link to this thread as a reference. Thanks!
-
Akledirs should be unbanned from the main channel now.
I'm not into the telegram thing. Could someone ask to unblock Akledirs there? Maybe provide a link to this thread as a reference. Thanks!
Sorry, I should have phrased my previous post better - Akledirs has been unbanned from the main Bitshares telegram channel, his post was mistaken for spam by a channel admin (telegram has a horrible spam problem).
-
Now all good, confirm, unbanned :)
-
Currently someone is mass-sending NIKKEIINDEX. The asset was created yesterday. Its issuer was also registered like 1 day ago. Possible scam. Be careful!