BitShares Forum
Main => General Discussion => Topic started by: bytemaster on February 23, 2014, 07:44:52 am
-
Over the past week many people have identified certain attacks that we must guard against in the initial chain. The theory behind BitShares XT works very well in a large established network, but early on in the life of a network things break down due to low market depth. A few simple attacks have come to my attention that must be resolved and I will be posting them each in their own thread. I would like to use this thread to discuss potential attacks and if an attack warrants in depth discussion I will spawn a new thread to discuss it.
I am not going to place a specific bounty price for finding attacks, lets just say that if you bring something to my attention that makes me realize something new that I will tip very generously up to hundreds of PTS.
This thread is motivated by the discovery of two attacks for which I have found solutions which will impact BitShares XTs rules:
Attack 1) The SIDS Attack (Sudden Instant Derivative Sack)
In this attack any user who is around when the blockchain is first launched can issue themselves $1 billion BitUSD as a long position with a short position of $1 billion BitUSD backed by 1 BTS. It doesn't matter what the future consensus is, the short position will be blown out in a massive way and leave billions of BitUSD laying around with no backing.
The solution to the SIDS Attack is two fold:
a) no market trading will be allowed for the first N days to allow enough people time to enter bids and asks that arrive at market consensus.
b) no market trading will be allowed anytime either side of the order book has a depth below D% of the share supply.
This rule effectively states that for blockchain based trading to occur in an automated way there must be a quorum of shareholders agreeing on the price. This does not prevent private parties from transferring BitUSD or BTS to other users or arranging manual trades. It simply prevents any manipulation of the price that could result in margin calls at unrealistic prices.
The values for N and D are subject to debate, but my gut feeling is that N should be 14 days and D should be 5%
Attack 2) The SlingShot Attack (Other names welcome)
In this attack, the attacker will place a large short order close to 2x above the current ask. Under normal conditions this order would never be filled. Then the attacker starts buying to push the price up until he triggers a short squeeze. The short squeeze starts a chain reaction that pushes the price clear up into the attackers short position. Then the price falls back to where it should and the attacker covers their position with a 50% gain. Whether this attack is profitable or not depends upon how big of a short squeeze the attacker can trigger and how little is required to kick off the squeeze.
I have been thinking long and hard about the SlingShot Attack and have concluded that the only solution is to increase margin requirements. As it exists today, if someone wants to short 1 BitUSD the most they risk is 1 BitUSD. On a traditional exchange, if you want to short something your potential losses are infinite because if you run out of margin then they can come after your savings, your house, and your future income. The SlingShot Attack is much harder if the margin requirements make the probability of a short squeeze much lower.
Lets assume a very conservative amount of margin, 10x. To perform the SlingShot attack would require pushing the price up 9x and would reduce the attackers gain from a maximum of 50% to a maximum of 5%. If you then combine this increase in margin requirements with the automatic market freeze anytime the depth fell below the required threshold and you will be unlikely to walk the book enough to trigger a short squeeze without suspending trading.
What is the impact of requiring a larger margin for short positions? People will still go short, but the amount of leverage they can apply will be reduced significantly. BitUSD will still be created and thus will still trade. Instead of the marketcap of BTS being 2x the value of the trading BitAssets it would now be at least 10x the value of the BitAssets traded. Thus increasing margin requirements should only limit the ability to go short and have little influence on the price people are willing to go short. Shorts will feel much more secure knowing that other shorts are less likely to end up in a squeeze which will balance out with the added risk of losing up to 10x the amount you shorted.
Based upon these two attacks and the need for significant market depth before the chain can be 'secure' I am starting to conclude that market depth is more important than transaction volume in limiting the number of BitAssets per chain. For this reason I am thinking that the BitShares XT network should have only 2 BitAssets (Gold and Bitcoin). We want to focus the trading efforts and market depth on two assets rather than spreading the network thin. Once we understand the security implications future chains are likely to start with a larger user base, deeper markets, higher initial valuation, and thus able to support more assets securely.
Please let me know of any other attack ideas you can come up with and what your thoughts are on these rule refinements?
-
My thoughts just after reading and without sleeping over it:
Regarding 1)
Question: D% refers to outstanding BitAssets or BTSX?
N=14 days seems far too long to me.
Regarding 2)
Is it that important what the initial margin multiplier is? For a potential short squeeze it is important how many margin positions are on the brink of getting called. So even a 10x margin position might become dangerously depleted after a (slow) 9.9-fold appreciation of BTSX.
What about letting everybody decide themselves what leverage they want? That way some of the whales might put in very conservative, robust short positions.
This still doesn't solve the issue. What we need is some kind of slow-down of the short squeeze to give everybody the opportunity to stop it.
Cutting down to two BitAssets will probably cause an outcry. I'm fairly neutral on that.
-
There are two factors: initial margin and maintenance margin and both can be increased by a factor of 10x. This means that even a slow depletion is much more secure.
I chose 14 days because it will probably take that long for enough people to download the wallet, get oriented, and start making a decision. The price will probably be very volatile as people observe the bids and asks.
D% refers to the value of the BTS held in the orders of long and short positions.
-
Appreciated and very glad that you take this very seriously.
I think for 1st issue, D makes more sense than N. Because as you said market depth is the key to thess issues.
For 2nd issue, I agree w/ Markus that more margin could not resolve the issue totally. I still think we may need to set some rules/limitation for issurance price setting.
I agree that consider about the initial market depth is not easy to be deep enough, we need to cut the number of BitAssets from 16. But I think we should still keep BitUSD which is, as a Bitfiat, one of the most important features of Bitshares X system so people do expect it and we could check if the peg function do work or not to compare the BitUSD/XTS price in the system to USD/XTS in the outside market(for example, an exchange) directly. So I will suggest to cut the number from 16 to 3 since BitGold and BitBTC is also critical.
-
Can additional BitAssets be added to the chain on the fly?
-
Agree with keeping BitBTC,BitUSD and BitGold:
1 Gold,USD and BTC are three generations of the main used currency.
2 Represnt three kinds of price variation[Gold,USD:slow and reverse;BTC:dramatic].
-
What about this:
Currently, when a position gets called, the entire amount of BitAssets short is bought back via an immediate market order.
We can tinker with both these words to prevent short squeezes. Some suggestions below.
Immediate:
- Don't create the buy order instantly, but only after a certain amount of blocks time lag. People will know it is coming and can catch it.
- Spread the amount over several blocks. For example create buy orders for 1% of the amount for the next 100 blocks.
Market:
- Create a limit order instead of a market order (has been suggested before)
- Increase this limit from block to block in a predefined way until it is totally cleared.
- First create a limit order, then turn it into a market order if it doesn't go through after a certain time.
… or any combination of above.
I agree with the others that BitUSD is an extremely important BitAsset to have in the first chain. Bitcoins major snag is its volatility and this is BitShare X's killer application. USD definitely has a much lower volatility than Gold.
-
BitUSD has to stay!
-
BitUSD has to stay!
+1
And I think should be added main crypto world supporters currencies, for today it's BitUSD, BitCNY, BitEUR and BitRUB because all this 4 currencies has a biggest crypto community.
-
Ok. Bitusd stays.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
-
There can be many chains in the future and experiment with more assets this is a test network and by no means the last network
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
-
I strongly support limiting the number of assets in the first chain to BitUSD, BitGLD, and BitBTC. Since it's a "test" chain, and we're testing things like "does this idea even work," it makes sense to limit the things that can go wrong - and more assets should lead to a higher chance of chaotic instability.
For the SIDS attack, N=14 makes sense (the exact number probably doesn't matter), but I'm leery about a hard-coded value for D: the problem is that we don't really know how many XTS holders will be participating in the market. D needs to be high enough to prevent attacks, but if it's too high, the market will never function.
It seems like the main issue in market manipulation attacks is simply that someone can come to the market, hit it with a big hammer (i.e., by buying large volumes to incite a short squeeze), and profit from the ensuing chaos. We don't need to (and can't really) make hammers illegal; we just need to soften the hammer blow.
A simple way to implement this in the market could be to limit the total volume of orders that can execute per block by a percentage of the total market depth.
For example, if the percentage is 10%: if there are only 1,000 XTS of orders outstanding in the market, and at a given moment 200 XTS worth of orders are overlapping (I mean they could result in valid trades), only execute 100 XTS of those orders. Then next block, (assuming for simplicity that there are no new orders placed), there will be 900 XTS of orders, and 90 of the remaining 100 overlapping orders will execute, and then on the 3rd block finally they will all execute.
The effect of this is that when the market is new and shallow, it should have similar stability characteristics to a bigger and deeper market, and it will gradually and gently allow the market to grow into its full size. When the market is big (100,000 XTS of orders outstanding), normal order volumes can execute without ever hitting the limit.
My guess is that 10% is way too high; something more like 1% could work.
-
Limiting trading to a fixed % of the market depth would probably achieve the goals for the SlingShot attack and requiring 5% of the shares to participate before the first trade would prevent SIDS.
Obviously we do not want to 'price fix' the minimal market depth.
-
Hi,
To be completely honest I haven't understand completely Bitshares X, BitUSD etc...I believe in all I3 projects and in everything you guys are trying to do so I thought I could give below an example from my experience that might be able to solve some market manupulation issues and properly cover margin calls...You can if you wish so apply the below in what you are trying to do.
I will describe LCH (London Clearing House). LCH is a clearing house that traders use as counterpary (in our case Bitshares X) in order to trade various derivatives. What LCH does as clearing house is to get all the orders and match them. Settlement is done on a daily basis and LCH requires an initial margin (collateral) for all the short trades in order to cover potential volatility risks and counterparties defaults. I believe that the concept of initial margin should be applied in Bitshares X. Depending on the future expiry date,the type of contract, the type of market, market volatility etc. a multiplier factor is applied on amount of contract.
Below is their website for further reading. Have a look if you wish under risk management sections
http://www.lchclearnet.com/risk_management/
http://www.lchclearnet.com/freight/ffas/
As an example let's make the below assumptions.
1 contact = 1 BTC
DAY 1 BTC = $1,000
No expiry date
I am selling 1 contract
How settlement is done:
Day 1:
Opening balance: $0
Future value: $0
Initial Margin: -$200
Closed Balance: -$200 (margin call). I have to pay the initial margin
Day 2: (Lets assume 1 BTC = $1,100)
Opening Balance: $200 (I paid the initial margin)
Future value: -$100 (since I am short @ $1,000 and the price is $1,100)
Initial margin: -$200
Closed balance: -$100 (margin call)
Day 3 (Lets's assume 1 BTC = 600)
Opening balance: $300
Future value: $400
Initial margin: -$200
Closed balance: $500
If I decide to close my position I should get back $500 + $200 ( initial margin collateral) = $700. Since I have paid in total $300 in margin calls I made a profit of $400 ($1,000 original contract - $600 contract at expiry)
With this way Bitshares X will be secure from market manupulations (since they can apply high initial margin requirements per short contract. The amount to be charged should not change every day but rather you need to find a model that applies margin requirements for at least a month. When trading "options contracts" this model gets much more complicated. LCH in order to calculate the initial margin requirements runs 16 different scenarios on the parameters associated with the open contracts of each trader. LCH calculates margin requirements using an application called London Span. You can download it from their website and play around the different markets. (If you do try it, when entering an option contract with strike $10,000 you should enter $100,000) for the collateral calculation to be correct.
Bitshares X must become LCH for cryptocurrencies. At least this is how I understand it, correct me if I am wrong. Before the financial crisis companies used to trade OTC between them. Now they all trade using clearing houses. Bitshares X must apply a fair initial margin requirement depending on the product and market. The calculation should be clear to understand how it is calculated from anyone and should be kept by Bitsares X as collateral if someone defaults. Bitshares X should be our counterpary exposure. At least this is how I have understood and imagined the future of Bitshares X.
I hope I helped. Most probably not as you already know these things but I thought to share just in case...
If you want to know more how LCH calculates collateral requirements and I can help more, please let me know.
If I helped and want to tip I would be greatfull. Unfortunately I have a very small stake in PTS - AGS and I am trying to increase my shareholding.
My PTS address:Pc1Xpa12JgbFPAZS9qLdHMkEsnqzXWpdbQ
Kehotee Key: 6gxDKJFw7MsCuHeQwArCQhfD6MnkHW9D7hfrUUeuFHos6oHSiL
P.S. I hope that my Kehotee is valid (I see it still as unregistered yellow although I have submitted the form on the site long time ago). It would be also nice if someone started a communication with Kehottee with me as I feel I have purchased a software that I am not using... :(
-
Limiting trading to a fixed % of the market depth would probably achieve the goals for the SlingShot attack and requiring 5% of the shares to participate before the first trade would prevent SIDS.
Obviously we do not want to 'price fix' the minimal market depth.
For the 5% SIDS solution, are you thinking that once there is 5% participation, the 5% requirement goes away? So, the 5% limit only affects the first trade, and if market participation dips below 5% again in the future, trading continues as usual?
-
Limiting trading to a fixed % of the market depth would probably achieve the goals for the SlingShot attack and requiring 5% of the shares to participate before the first trade would prevent SIDS.
Obviously we do not want to 'price fix' the minimal market depth.
For the 5% SIDS solution, are you thinking that once there is 5% participation, the 5% requirement goes away? So, the 5% limit only affects the first trade, and if market participation dips below 5% again in the future, trading continues as usual?
I am thinking that we may want an 'initial' 5% to start and then at least 1% to continue and then apply a maximum % of order book consumed per block... say 5% of the order book can be consumed in any one block. This would significantly slow down attacks.
-
Would it help linking/referencing Bit assets to an external price feed for the first few weeks, with a limited allowed deviation, so that it can't get too out of whack with reality or manipulated until market depth gets to a certain level.
-
that would ruin the whole experiment
-
Yeah that would be pretty sacrilegious.
I just thought it might be useful at the very beginning, some big players might want to ruin the experiment but if you can keep it within some realistic parameters it should help any crazy wild swings.
What about the idea of a market maker fund? Some of the AGS funds are used to help make the market in the beginning?
-
large BTS holders who want it to succeed can play central bank in a non-coordinated manner at a loss until it's stable
-
Cool. Well I respect the decentralised purity of the approach! Will be so impressive if it works without any of the stuff I mentioned! World changing :)
-
cool
-
Zeus, do I understand that correctly: Once your position at LCH runs out of margin, you have time until the next morning to fill up the margin and only if you don't by then, your position is liquidated?
This would be similar to the time lag I was lobbying for further up in this thread.
-
I thought of an argument against having too few different BitAssets in one BTSX chain. What do you think?
Having many markets (for example many different fiat currencies) helps establishing a price for BTSX if only one of these markets experiences short squeezes/attacks. Many traders will take advantage of for example BitUSD/BitAUD ratio deviating from USD/AUD ratio if BitUSD is under attack. This will help catch the rogue market as many of these traders will be (quick acting) robots. Also having the arbitrage opportunity within the chain is good for reaction speed.
In this scenario the sum of the size of all markets within a chain is the important parameter, not so much the size of an individual market.
If you have few (in the extreme just one) markets you don't know if what is happening is an attack on a BitAsset or a general downturn in BTSX value. Traders might sit back and watch at first. Arbitrage here is only possible using cross-chain-boundary markets (USD/BTSX, BitUSD/USD, …) slowing down reaction time.
-
I thought of an argument against having too few different BitAssets in one BTSX chain. What do you think?
Having many markets (for example many different fiat currencies) helps establishing a price for BTSX if only one of these markets experiences short squeezes/attacks. Many traders will take advantage of for example BitUSD/BitAUD ratio deviating from USD/AUD ratio if BitUSD is under attack. This will help catch the rogue market as many of these traders will be (quick acting) robots. Also having the arbitrage opportunity within the chain is good for reaction speed.
In this scenario the sum of the size of all markets within a chain is the important parameter, not so much the size of an individual market.
If you have few (in the extreme just one) markets you don't know if what is happening is an attack on a BitAsset or a general downturn in BTSX value. Traders might sit back and watch at first. Arbitrage here is only possible using cross-chain-boundary markets (USD/BTSX, BitUSD/USD, …) slowing down reaction time.
I think this is an excellent argument for having exactly 3 BitAssets. I'm still of the opinion that having too many assets could lead to unforeseen stability problems, but having exactly 3 BitAssets means we can always know a reliable market-attack-resistant value for XTS. Under normal operation, all 3 markets will agree on the value of XTS (relative to the prices of the real-world assets the BitAssets are mirroring). But if one market is attacked, the 2 remaining markets will still agree on the value of XTS. So it will be obvious which market is undergoing malicious transients. All assuming that simultaneously attacking 2 markets is expensive and/or difficult, thus very unusual.
I'm not sure what practical value there is in this, because the protocol itself wouldn't be able to determine what "2 markets agree on the value of XTS" means; the protocol isn't looking at external price feeds. But it would at least be nice for us looking on from the outside to be able to say "hey! what's going on over there in BitBTC!" without wondering if XTS just collapsed.
-
That is why it is critical to keep BitUSD, because both BitUSD and BitBTC will have volume that interacts with real BTC and USD. Trading gold for BitGold without converting to one of the two other assets IRL will probably not happen for a while.
I support XTS/USD/BTC/GLD
-
I am a bit sceptical about BitCryptos (BitBTC, BitLTC etc.) catching on.
What is the incentive of being long in such an asset? It is already virtual with all associated benefits (speedy transfer, pseudonymity, easy storage, ...). It is not like with BitUSD or BitGold that you have any advantages over the original.
This is why I suggest more fiat. At least CNY and EUR.
-
I am a bit sceptical about BitCryptos (BitBTC, BitLTC etc.) catching on.
What is the incentive of being long in such an asset? It is already virtual with all associated benefits (speedy transfer, pseudonymity, easy storage, ...). It is not like with BitUSD or BitGold that you have any advantages over the original.
This is why I suggest more fiat. At least CNY and EUR.
There's already a large infrastructure supporting the BitCoin ecosystem, same as with the US Dollar.
BTS-X is a pilot run and it might have some kinks to iron out - Better to fix them while there's a limited set of assets rather than complicate things with a whole slew of them.
-
I am a bit sceptical about BitCryptos (BitBTC, BitLTC etc.) catching on.
What is the incentive of being long in such an asset? It is already virtual with all associated benefits (speedy transfer, pseudonymity, easy storage, ...). It is not like with BitUSD or BitGold that you have any advantages over the original.
This is why I suggest more fiat. At least CNY and EUR.
Why would you not want to be able to short your competitors while maintaining and accumulating more stake in your superior company. If bitshares is successful those that short BitCryptos win the most.
-
I am a bit sceptical about BitCryptos (BitBTC, BitLTC etc.) catching on.
What is the incentive of being long in such an asset? It is already virtual with all associated benefits (speedy transfer, pseudonymity, easy storage, ...). It is not like with BitUSD or BitGold that you have any advantages over the original.
This is why I suggest more fiat. At least CNY and EUR.
Why would you not want to be able to short your competitors while maintaining and accumulating more stake in your superior company. If bitshares is successful those that short BitCryptos win the most.
I know shorting is new and useful, but to be short you need a counter-party being long. What are the advantages of holding BitBTC vs. holding BTC?
-
DOS attacks / knocking nodes off the network
I am still concerned with DOS attacks on nodes. We will have some number of nodes making automated trades all the time and acting as market-makers. Their IP's will presumably be visible. Those IP's can be DOS attacked with a high probability of success. Professionally hosted servers with fast Ethernet speeds and robust firewalls can resist DOS, but most consumer-level nodes will not have this degree of protection. I would feel wary of placing many orders knowing that I could be knocked off the network indefinitely and without notice. Even if there are several hundred nodes acting as market makers, if a good chunk of them can be blocked from the network, then the depth of the market will drop dramatically.
IMO this is the greatest threat to the exchanges. Wall Street exchanges have hardened, direct connections between nodes -- no connection to the outside Internet, or to any untrusted/unbonded entities. Every node on those networks has a name, a face, and a federal EIN. They can screw up and place wrong orders, but those orders can be tracked and cancelled if necessary by a central authority.
BTS XT has no limits to the number of connected nodes. No node can ever be banned, because it can just change addresses and show up again anonymously. Hundreds, thousands, even millions of nodes (botnets) can all connect and appear to be acting independently when they are actually under unified control.
I am unsure what can be done of this. TOR-like obfuscation of IP's might be a good start. This essentially consists of a routing table. Each node can be connected to a maximum number of other nodes. Base it on a logarithmic function of the total number of nodes in the network. So if there are 20 nodes, each node can be connected to 5 other nodes. If there are 20,000 nodes, each node can be connected to 50 other nodes. Each node maintains a list of all other nodes, which are denoted by random addresses. Node A knows that it can access Node B through IP address 9.9.9.9, but Node A has no idea whether Node B actually resides at 9.9.9.9, or if it is actually 20 levels of indirection behind 9.9.9.9.
This way, all IP addresses are obscured; there may be a market maker on the network named BiaJ8asfl9, but it would take a lot of work to figure out its actual IP address. It would not be impossible, since I could simply create 1 million new nodes, and have them all connect to the maximum number of nodes, and through a process of elimination and network mapping, figure out the direct IP address for node BiaJ8asfl9. But this would be a very difficult undertaking.
Proposed mechanism for rollbacks
On a semi-related note, I also wonder about rollbacks, and the possibility for consensus-based rollbacks. If a major attack on a fatal vulnerability starts in Block 21839, then a consensus of stakeholders ought to be able to agree to roll back to Block 21838 after the vulnerability has been fixed. I propose that a consensus could be created without a central authority having anything to do with it. If such an event were to happen, surely a large proportion of the network would be aware of it. They would independently create rollback requests to Block 21838. After some fixed proportion of stakeholders (25%? 50%?) have created these requests (which are put into the blockchain) then the rollback requests start showing up in people's wallets/GUI/whatchamacallits: "Do you support rolling back to Block 21838?" with a Yes or No vote (voting "Yes" adds a new rollback request for this stakeholder). This way, consensus can be created, but it requires a large number of stakeholders independently creating the initial requests, without a central authority having to initiate or approve of anything. Each stakeholder can only have one rollback request active at a time; they can be withdrawn at any point, at which point a "cancel" appears in the blockchain. Once a supermajority is reached (75%? 90%? 90% of all stake active within the past week?) then the rollback occurs immediately and irrevocably. The blockchain is simply truncated at the chosen block.
-
Not sure about part 1 but built-in rollback mechanics are bad. Either a chain fails or it doesn't. If it does, there will quickly become a new consensus chain that people will be forced to deal with. A DAC isn't just the blockchain, it's the network that looks after it. Look at bitcoin fork post-mortem for an example of how it can work.
-
Not sure about part 1 but built-in rollback mechanics are bad. Either a chain fails or it doesn't. If it does, there will quickly become a new consensus chain that people will be forced to deal with. A DAC isn't just the blockchain, it's the network that looks after it. Look at bitcoin fork post-mortem for an example of how it can work.
Yes, but that gets away from the decentralization aspect if people have to go to some forum to figure out what they want to do in order to reach consensus. Because then that forum becomes a centralized part, a power player. If it is hacked or compromised or simply unavailable, what are people going to do? What if this webserver is rooted and some nefarious person starts posting as bytemaster, telling people to download a new client that fixes X problem? It all comes down to putting trust into some central authority, and that is what we are explicitly trying to move away from here, right?
And then how is consensus measured? I guess you could say people downloading the new client that fixes the problem, and picking a certain fork or whatever, is consensus... but then how does the Proof of Stake work? What if my Stake is on the wrong fork? I was trying to think of a way to use Stake as a decentralized voting/consensus mechanism, within the system itself, not relying on sidebands.
-
Rolling back a block does more than just unwind the market, it unwinds all transfers. Having to unwind the network is reacting too late...
-
Markus, you understand correctly about LCH. You have to cover your margin call the next morning for cob the previous day otherwise you get liquidated your position (of course you can have a credit line to avoid liquidation). The reason for this is because the index (and I am talking i.e specifically for the Dry Bulk indexes in Baltic exchange) is settled every day late in the afternoon where banks are closed in Europe. I guess that this doesn't apply here.
I guess in the future you might do the same with the BPI index (coindesk) which gives you the settlement price of Bitcoin. However this should be acceptable for all the bitcoin users and I don't think this is the case now. Until the bitcoin market matures and becomes more liquid this might cause problems. If settlement was based on Coindesk's BPI I expect a lot of arbitrage would take place among the different exchanges. And when there is arbitrage and the law of one price doesn't apply there is no efficient market.
-
Rolling back a block does more than just unwind the market, it unwinds all transfers. Having to unwind the network is reacting too late...
I agree, but reacting late is what we all do when we find out that we're fallible. We simply don't believe it until proven to be so.
It is kind of like the US Constitution containing provisions for it to be amended. The Founders realized that the system would have unforeseen problems, and that the system therefore needed to have an internal process for changing itself. Not a good idea to rely on revolutions acting outside the system; better for the system to allow change within itself.
--------
As a side note: any comments on the network security problem? The network is only as secure as the least secure critical node (and there will be critical nodes). Since we have no way of privileging critical nodes, the network is only as secure as the least secure node. Yes, presumably people will add hardened networks, diversify their network locations, etc. over time. But it will take a while before it reaches that point.
Until that time, maybe there won't be any attacks like I'm outlining, because there won't be enough value in the system to make it worthwhile. And once the system does reach that valuable level, all critical nodes will pay to provide their own security. Still, the threat exists, and the threat is not just to individual nodes, but to the network as a whole; especially for pegged assets such as BitUSD. The thought that liquidity could be forced off the network is a scary one. I think that some level of IP obfuscation would be a good idea. Maybe not initially, and maybe not in every DAC; but eventually, and in at least some DACs.
--------
As another thought, what if somebody seeded the network with bad nodes? Create a million node botnet, and have these nodes simply drop all transactions instead of propagating them correctly. Or, perhaps worse, propagate certain transactions while dropping others entirely. If these bad nodes constituted a majority of the network (not the stake, but the network) then they could manipulate things fairly easily. Of course these nodes would have a latent period of acting normally, until the owner flips the switch and starts dropping transactions in order to manipulate the market.
Perhaps an explicit network connection mapping mechanism could be tied to stake? Sort of a matchmaking service for nodes to decide who gets to peer to whom. Presumably a botnet attack with millions of nodes would have very little, or no, stake per node. So make it so that those nodes can't connect directly to nodes with a large amount of stake; or only a limited number of them can.... for example purposes, say nodes can have stake of value from 0 to 10. Say that a node with stake 10 has 10 allowed connections: 3 allotted to stakes in the range 6-10, 3 allotted to 3-5, and 4 allotted to 0-2. So a node with stake 10 can never be "surrounded" with only nodes of stake 0, where all transactions initiated by the stake-10 node must be propagated through stake-0 nodes in order to reach the rest of the network. So if someone created a million node botnet, all of those nodes would be able to join the network, but they would all be on the periphery of the network, and they could never penetrate deeply into the interstices where they could interrupt the communication from one critical node to another.
Of course, a node with high stake could still attempt something like this, but the good thing about this plan is that stake must be concentrated in order to reach the inner parts of the network, while large numbers of nodes are needed to carry out a dropped-transaction attack. So the larger your number of nodes, the lower the stake per node, and the less ability to carry out an attack.
TL;DR: A proposal for the network to allow peers based on trust, where trust is based on stake, in order to prevent attacks by numerous nodes not propagating transactions.
-
If every node you connected to was able to prove its stake in the network then you could make sure you connected to enough nodes that were not giant botnets.
-
If every node you connected to was able to prove its stake in the network then you could make sure you connected to enough nodes that were not giant botnets.
This is true... which I guess brings up the question, is stake broadcast? Or rather, are ID's broadcast, since stake is known from the blockchain? Or rather.... I guess all that would need to happen would be for IP's to be printed on transactions, and your client could preferentially connect to the nodes with the highest stake, since you know stake already, and you can look for recent transactions involving large-stake ID's, and connect to those IP's. Of course, then we have a problem where high-stake nodes could get overloaded with connections.
Eh. I guess too many of my questions involve implementation details of which I am not aware. Guess I need to dig into the code.
But I guess I would ask: are you not concerned about what botnets could do to the network? Is the problem already solved, or do you just think it unlikely? Also, while I think the testing phase for BitShares X is a wise idea, the problem is that if somebody has a real exploit, they have no incentive to use it during the testing phase when they know that a rollback is possible.
-
If every node you connected to was able to prove its stake in the network then you could make sure you connected to enough nodes that were not giant botnets.
This is true... which I guess brings up the question, is stake broadcast? Or rather, are ID's broadcast, since stake is known from the blockchain? Or rather.... I guess all that would need to happen would be for IP's to be printed on transactions, and your client could preferentially connect to the nodes with the highest stake, since you know stake already, and you can look for recent transactions involving large-stake ID's, and connect to those IP's. Of course, then we have a problem where high-stake nodes could get overloaded with connections.
Eh. I guess too many of my questions involve implementation details of which I am not aware. Guess I need to dig into the code.
But I guess I would ask: are you not concerned about what botnets could do to the network? Is the problem already solved, or do you just think it unlikely? Also, while I think the testing phase for BitShares X is a wise idea, the problem is that if somebody has a real exploit, they have no incentive to use it during the testing phase when they know that a rollback is possible.
The initial network will not be fully peer to peer the network operator (not us) will be able to halt all trading if necessary and wait for a fix. This also means that all clients will be connecting to trusted nodes spread across the world and know for certain their transactions will make it through.
In a fully peer to peer network it is easy to detect nodes that do not relay transactions when you send them. These non-relaying nodes can be independently detected and disconnected in a decentralized manner. I am not terribly concerned about such an attack because the solution is very simple... add just one or two trusted peers to the majority of nodes and you can be sure you are not isolated and missing transactions.
Furthermore, if you are fully isolated and missing transactions then that means your blockchain would fall behind unless the attacker owned enough stake to mine an alternative chain with fewer transactions. Note that including transactions is critical to growing the blockchain.
-
In a fully peer to peer network it is easy to detect nodes that do not relay transactions when you send them. These non-relaying nodes can be independently detected and disconnected in a decentralized manner.
How so? Could they not just spoof that they are passing on transactions? From the above, am I to understand that the standard behavior is to mirror all transactions back to the sender, as well as relaying them on to other nodes? What if they just send it back to you so you think they're relaying, but they do not forward it on to other nodes? And again, what if they selectively relay? How could that be detected? Especially if they do so in a somewhat balanced but stochastic manner, e.g. they relay 100% of downward bids but only 25% of upward bids, in an effort to drive the price down? While at the same time a whale starts blowing holes through the floor, and ALL of those bids are passed on?
Furthermore, you say "easy to detect", "independently detected and disconnected"... so is this code already implemented?
I am not terribly concerned about such an attack because the solution is very simple... add just one or two trusted peers to the majority of nodes and you can be sure you are not isolated and missing transactions.
And what happens when those "one or two trusted peers" are knocked off the network due to DOS attacks on all of the publicized/biggest nodes? All of a sudden, all of your information is coming from who knows what source.
Furthermore, if you are fully isolated and missing transactions then that means your blockchain would fall behind unless the attacker owned enough stake to mine an alternative chain with fewer transactions. Note that including transactions is critical to growing the blockchain.
Could they not pass on all blocks that are mined, but drop transactions?
I know I keep bringing up DOS attacks. This is because I really think that they will be at the heart of any attack on the network. They can't do anything bad on their own, but they can create the conditions where bad things can be done more easily.
Plain bandwidth DOS (even if the connections are all blocked by your router/firewall, if you have a consumer-level connection then your upstream line can be saturated VERY easily) as well as targeted DOS, selectively connecting to the open ports for the BTS network, spoofing new peer requests (from unknown IP's), spoofing transactions (from already connected peers), spoofing blocks (same)...
If your node is passed 100 false blocks all of a sudden from a peer, as if they were all mined in quick succession, how long will it take the client to process and discard them as false? What about 1000 blocks? Is there a rate limiter, a sanity check on this?
Same with transactions.... what if you're used to getting 5-10 orders propagated per second, then all of a sudden you're getting 1000 per second? Will the daemon be able to keep up? How are the orders checked? Presumably each one is verified against the known public key for the address that generated it, right? Is the account balance also checked versus the blockchain? How many milliseconds does it take to check each one? Are they propagated immediately, or only after being checked? (I.e., are you also now DOS'ing your peers?) How many will it take to bog down the CPU or fill up the RAM of a standard PC?
If you're connected to 12 peers, and all of a sudden 6 of them start slamming you with false orders, how long does it take before you stop taking more in?
Hell, they don't even have to be false. They just have to be spammy. Valid orders for tiny amounts. Even if there is a minimum transaction size or a fee implemented and those orders are rejected, they still look valid on their face, and will have to be inspected before they are discarded. This will take some time.
-
Only valid transactions are propagated.
Peers that propagate an invalid transaction are disconnected.
Invalid transactions include those that do not pay the required fee which would be more expensive than any proof of work.
Any peer that does not report the block headers up to about the present time is either withholding or not connected himself and thus the search for a node that is connected to the present time will continue.
I think there are plenty of ways to prevent network wide DOS attacks. There could still be targeted attacks against specific nodes, but anyone who is in the business of making money on active trading would always act through proxies and keep their true server location hidden.
DOS attacks are readily addressed.
-
Peers that propagate an invalid transaction are disconnected.
Immediately after the first invalid transaction? What if they are disconnected but then immediately attempt to re-connect? How long of a memory does it have? Does it block based on IP or some other identifier?
I think there are plenty of ways to prevent network wide DOS attacks. There could still be targeted attacks against specific nodes, but anyone who is in the business of making money on active trading would always act through proxies and keep their true server location hidden.
Of course, but if their proxies are knocked off somehow, then it could take a block or two before they establish new proxies and re-connect to the network. I am suggesting a quick, targeted attack: DOS selected nodes, immediately slam the market, and have everything over within a couple of blocks. (Block times are what, 1 or 2 minutes, IIRC?) The attack ends, but the blockchain is a couple blocks larger and filled with undesirable transactions.
DOS attacks are readily addressed.
So have they already been addressed, or is it on the to-do list? Or on the "to think about later" list?
Is there a peer limit? Is there a peer request rate limiter? Does the peering mechanism have a counter to the old SYN flood attack? (whether actually based on actual TCP SYN, or the higher-level peering equivalents; I imagine there is a typical handshake "Hey I wanna peer!" "Ok let's do it" .... wait for acknowledgement.... wait some more.... wait how long? Wait for how many new peers at one time?)
-
A quick attack that is over within a few blocks is not even a viable attack with the current market structure. Presumably no one would even know which nodes are publishing the market making transactions and of course there is no such thing as an 'undesirable transaction'.
-
A quick attack that is over within a few blocks is not even a viable attack with the current market structure. Presumably no one would even know which nodes are publishing the market making transactions and of course there is no such thing as an 'undesirable transaction'.
Once again, I am positing an attacker with a large number of nodes at his disposal. Say half the nodes on the network. And they all function normally until the attack occurs. Such an attacker would be able to figure out who is generating large numbers of transactions. They would have plenty of time to study the market and figure it out before attacking.
What I am calling "Undesirable transactions" are transactions that are forced through the market by bad actors at a time when liquidity has been artificially limited by those same bad actors, and which create values out of the desired norm, such as 1 BitUSD losing its peg to the USD.
-
BTW, thank you for taking the time to answer my questions. I am trying not to be annoying, but I believe that any attacker will be very sophisticated and use multiple attack vectors in concert. The cryptocoin ecosystem on the whole is obviously vulnerable to attacks; from malleable transactions stealing 740k BTC from MtGox (not sure if I really believe that, but that's the story anyway) to Dogehouse.org being DDOS'd every other week, attacks happen frequently. And an exchange adds a large level of complexity on top of a simple cryptocurrency whose only purpose is to transfer value from one address to another. Attacks that make no sense for Bitcoin could be exploitable for BitShares.
-
BTW, thank you for taking the time to answer my questions. I am trying not to be annoying, but I believe that any attacker will be very sophisticated and use multiple attack vectors in concert. The cryptocoin ecosystem on the whole is obviously vulnerable to attacks; from malleable transactions stealing 740k BTC from MtGox (not sure if I really believe that, but that's the story anyway) to Dogehouse.org being DDOS'd every other week, attacks happen frequently. And an exchange adds a large level of complexity on top of a simple cryptocurrency whose only purpose is to transfer value from one address to another. Attacks that make no sense for Bitcoin could be exploitable for BitShares.
The market limits the volume per block so this would have to be a sustained attack. It also requires significant coindays destroyed per block. We shall see how it goes.
-
Over the past week many people have identified certain attacks that we must guard against in the initial chain. The theory behind BitShares XT works very well in a large established network, but early on in the life of a network things break down due to low market depth. A few simple attacks have come to my attention that must be resolved and I will be posting them each in their own thread. I would like to use this thread to discuss potential attacks and if an attack warrants in depth discussion I will spawn a new thread to discuss it.
I am not going to place a specific bounty price for finding attacks, lets just say that if you bring something to my attention that makes me realize something new that I will tip very generously up to hundreds of PTS.
This thread is motivated by the discovery of two attacks for which I have found solutions which will impact BitShares XTs rules:
Can I get bounty? :D
do this:
buy 100,000,000 usd with 1bts
short 100,000,000 usd with 1bts
then I get 100,000,000 usd, 2bts will be margin call
-
Over the past week many people have identified certain attacks that we must guard against in the initial chain. The theory behind BitShares XT works very well in a large established network, but early on in the life of a network things break down due to low market depth. A few simple attacks have come to my attention that must be resolved and I will be posting them each in their own thread. I would like to use this thread to discuss potential attacks and if an attack warrants in depth discussion I will spawn a new thread to discuss it.
I am not going to place a specific bounty price for finding attacks, lets just say that if you bring something to my attention that makes me realize something new that I will tip very generously up to hundreds of PTS.
This thread is motivated by the discovery of two attacks for which I have found solutions which will impact BitShares XTs rules:
Can I get bounty? :D
do this:
buy 100,000,000 usd with 1bts
short 100,000,000 usd with 1bts
then I get 100,000,000 usd, 2bts will be margin call
Yes.... good work (how may PTS did I say I would award you? my memory tells me 25 but I haven't searched the posts for confirmation).
-
yes,25pts. address below.
And I figured out a bug for the order_match in the same post, maybe you still not test it.
-
yes,25pts. address below.
And I figured out a bug for the order_match in the same post, maybe you still not test it.
Unfortunately I have been very busy with other things.. need to get back to code ASAP :)
-
yes,25pts. address below.
And I figured out a bug for the order_match in the same post, maybe you still not test it.
Unfortunately I have been very busy with other things.. need to get back to code ASAP :)
+1
Sent from my SCH-I535 using Tapatalk
-
yes,25pts. address below.
And I figured out a bug for the order_match in the same post, maybe you still not test it.
Unfortunately I have been very busy with other things.. need to get back to code ASAP :)
+5%
Wish to get bounty before 2.28 ;D
-
Unfortunately I have been very busy with other things.. need to get back to code ASAP :)
+5%
Wish to get bounty before 2.28 ;D
Cheers, I have got 25 pts :)
-
I have a different solution to the SlingShot attack, which does not involve increasing margins. I will summarize it in one sentence:
Put a speed limit on the change of the price seen by the logic which forces short positions to liquidate.
Then a temporary rise in price which lasts for a few blocks will only liquidate positions that were nearly out of capital anyway, no matter how high the price is pushed. A great increase in price can still wipe out all existing shorts, but it happens gradually over hundreds of blocks, and in the beginning only poorly capitalized positions are liquidated. The speed limit should make it much harder to cause a chain reaction. People trading manually will have hours to notice what's going on and place profitable Ask orders (either selling BitUSD holdings or entering new, fully capitalized short positions at the higher price). These new Ask orders will interrupt the positive feedback loop of price increase -> short liquidation -> bid orders -> upward price pressure -> price increase.
I wrote in great detail about this in a separate thread: https://bitsharestalk.org/index.php?topic=3277.0
-
Ok. Bitusd stays.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
1. veryaddress can back N times BTS to creat Bitusd with same ratio in one bolck
2.ratio is average of exchangle prcie between BTS and Bitusd of recent M confire bolcks
3.creat bitusd and exchange bitusd are two independent process, create bitusd not mean sell bitusd. bitusd can been created with one ratio , and can been selled with different ratio
-
Unfortunately I have been very busy with other things.. need to get back to code ASAP :)
+5%
Wish to get bounty before 2.28 ;D
Cheers, I have got 25 pts :)
It might be strange for some people.. but it's important.. to say.. Thank you!... Glad bounties exist! this is a great incentive to make all investors care for the product.
-
A new solution for The SIDS Attack, I think this solution is perfect.
Don't need time limit or deep limit or price limit for the whole BTS net.
We just need to lock the transaction with create bitusd for 24 hours.
If margin call executed during the lock period, the only thing we need to do is change the output of this tranaction, give all backup xst to the bitusd buyer, destroy the bitusd and short positions.
If someone issue themselves $1 billion BitUSD as a long position with a short position of $1 billion BitUSD backed by 1 BTS. When margin call execute, the short positions should be coverd with these locked BitUSD, no BitUSD can be created.
This solution is from ssjpts.
如果锁定买卖双方的XTS-BITUSD这个单子1小时,出现爆仓的情况就需要买卖双方共同承担,也就是问题里说的万亿BITUSD也要爆仓。使得恶意购买BITUSD被市场共识瓦解。按5分钟一个块,1小时内有12个块。肯定会有相对合理的市场交易买卖,一但出现这样的买卖,都要对之前的买卖进行核对爆仓处理。这样不知道是否可行?
-
A new solution for The SIDS Attack, I think this solution is perfect.
Don't need time limit or deep limit or price limit for the whole BTS net.
We just need to lock the transaction with create bitusd for 24 hours.
If margin call executed during the lock period, the only thing we need to do is change the output of this tranaction, give all backup xst to the bitusd buyer, destroy the bitusd and short positions.
If someone issue themselves $1 billion BitUSD as a long position with a short position of $1 billion BitUSD backed by 1 BTS. When margin call execute, the short positions should be coverd with these locked BitUSD, no BitUSD can be created.
This solution is from ssjpts.
如果锁定买卖双方的XTS-BITUSD这个单子1小时,出现爆仓的情况就需要买卖双方共同承担,也就是问题里说的万亿BITUSD也要爆仓。使得恶意购买BITUSD被市场共识瓦解。按5分钟一个块,1小时内有12个块。肯定会有相对合理的市场交易买卖,一但出现这样的买卖,都要对之前的买卖进行核对爆仓处理。这样不知道是否可行?
+5% +5% +5% +5% +5%
It is a good idea. :)
-
A new solution for The SIDS Attack, I think this solution is perfect.
Don't need time limit or deep limit or price limit for the whole BTS net.
We just need to lock the transaction with create bitusd for 24 hours.
If margin call executed during the lock period, the only thing we need to do is change the output of this tranaction, give all backup xst to the bitusd buyer, destroy the bitusd and short positions.
If someone issue themselves $1 billion BitUSD as a long position with a short position of $1 billion BitUSD backed by 1 BTS. When margin call execute, the short positions should be coverd with these locked BitUSD, no BitUSD can be created.
This solution is from ssjpts.
如果锁定买卖双方的XTS-BITUSD这个单子1小时,出现爆仓的情况就需要买卖双方共同承担,也就是问题里说的万亿BITUSD也要爆仓。使得恶意购买BITUSD被市场共识瓦解。按5分钟一个块,1小时内有12个块。肯定会有相对合理的市场交易买卖,一但出现这样的买卖,都要对之前的买卖进行核对爆仓处理。这样不知道是否可行?
This would also mean that the newly created BitUSD could neither be spent (transferred to another address) nor the position closed within the first 24h. Not a very good idea in my opinion.
-
Probably irrelevant and I am again missing something here but...
If I go long in x amount and then I go short in y amount this should lock a profit or loss for my self not affecting others...
If I am long 100 BitUSD and then I go short 50BitUSD effectively I am only long 50BitUSD. Since I am long there shouldn't be a need for collateral and vice versa if I was oveall short and it goes oposite I should cover with Bitshares collateral.
When a user takes oposite positions the system must recognise that these trades relate to the same user and match them in his account. Isn't that the case?
-
The system has no way to identify a user with multiple positions because the concept of a user is outside the scope.
A user who has a wallet with short and long positions will probably want to cover and combine his positions.
-
The system has no way to identify a user with multiple positions because the concept of a user is outside the scope.
A user who has a wallet with short and long positions will probably want to cover and combine his positions.
you know we usually say a function is convergence or divergence in area of mathematics
maybe we should consider if the system is convergence or divergence
different person created BTA with different ratio , but they exchange these in same market
it like , one person use 1kg gold cast 100 coins another person use 1kg gold cast 1000 coins ,but all coins have same figure, and flow in same market, everyone tend to use equal gold to cast most coins.
maybe make creating process and selling process to be two independent process. everybody create BTA with same ratio, also they can choice sell it or store it .
looking foreword to your comments about this reply
-
The system has no way to identify a user with multiple positions because the concept of a user is outside the scope.
A user who has a wallet with short and long positions will probably want to cover and combine his positions.
you know we usually say a function is convergence or divergence in area of mathematics
maybe we should consider if the system is convergence or divergence
different person created BTA with different ratio , but they exchange these in same market
it like , one person use 1kg gold cast 100 coins another person use 1kg gold cast 1000 coins ,but all coins have same figure, and flow in same market, everyone tend to use equal gold to cast most coins.
maybe make creating process and selling process to be two independent process. everybody create BTA with same ratio, also they can choice sell it or store it .
looking foreword to your comments about this reply
Convergence/divergence in mathematics is a limit of a single function. In economics, convergence is used colloquially to refer to the action of many rational actors acting in concert to reach a market equilibrium. It's not really the same thing since you're talking about human psychology.
If you put something out there at a much higher price - nobody would buy it because there are a lot of sell orders at a lower asking price. The person who is selling 1kg for 1000coins is not setting the price - he/she is ASKING for a price.
If the person were to make a completely different chain for their gold, then that's a different story: If person A decides to sell 1kg gold and create 100 BTS-X:goldA and person B decides to sell 1kg gold and create 1000 BTS-X:goldB, then they would be DIFFERENT COINS. One unit of BTS-X:goldA would not trade equally with one unit of BTS-X:goldB.
-
If the person were to make a completely different chain for their gold, then that's a different story: If person A decides to sell 1kg gold and create 100 BTS-X:goldA and person B decides to sell 1kg gold and create 1000 BTS-X:goldB, then they would be DIFFERENT COINS. One unit of BTS-X:goldA would not trade equally with one unit of BTS-X:goldB.
I'm not sure what you're saying here:
Person A makes BTS-XA with an asset GLD and person B makes BTS-XB with an asset GLD. You're saying XA:GLD and XB:GLD will trade at different prices? If you mean the XA to XA:GLD ratio will be different from the XB to XB:GLD ratio, then I think you are right, since XA and XB will unlikely be exactly the same price in terms of USD. If you mean that XA:GLD will not trade 1:1 to XB:GLD (different USD price), then I disagree - unless the chains have different properties (like one pays interest or something) they should trade at about the same. If the market peg works, it should work on both chains.
-
I'm not sure what you're saying here:
Person A makes BTS-XA with an asset GLD and person B makes BTS-XB with an asset GLD. You're saying XA:GLD and XB:GLD will trade at different prices? If you mean the XA to XA:GLD ratio will be different from the XB to XB:GLD ratio, then I think you are right, since XA and XB will unlikely be exactly the same price in terms of USD. If you mean that XA:GLD will not trade 1:1 to XB:GLD (different USD price), then I disagree - unless the chains have different properties (like one pays interest or something) they should trade at about the same. If the market peg works, it should work on both chains.
Well, both really... I was trying to illustrate the concept of how there can be different chains for the same class of asset (Gold). I thought that BTSdac was confused regarding whether the same class of assets would have one price per share in terms of BTS (or USD, or any other asset really). If each share of XA:GLD could be redeemed for 1/100kg of gold and each share of XB:GLD could be redeemed for 1/1000kg of gold (due to them being different chains), then 1 share of XA:GLD would PROBABLY not trade for 1 share of XB:GLD, unless XB:GLD had some obscenely great features like 10% interest rate, free beer, and puppies.
-
If each share of XA:GLD could be redeemed for 1/100kg of gold and each share of XB:GLD could be redeemed for 1/1000kg of gold (due to them being different chains)
This is where I'm confused - this should never happen, unless the people who launched the chain clearly defined "GLD means 1/100kg of gold" vs "GLD means 1/1000kg of gold". I would assume people would think "GLD" means "1 oz 99.9%" which is standard for gold ETFs (I think?). Why would you expect the market peg to be so different on the different chains if they had the same properties?
-
To put it another way: Do you expect XA:USD and XB:USD to trade at 10x difference?
-
This is where I'm confused - this should never happen, unless the people who launched the chain clearly defined "GLD means 1/100kg of gold" vs "GLD means 1/1000kg of gold". I would assume people would think "GLD" means "1 oz 99.9%" which is standard for gold ETFs (I think?). Why would you expect the market peg to be so different on the different chains if they had the same properties?
This is getting a bit off topic, but my understanding was that the denominations of the share were going to be set by the chain creator. If XA:USD an XB:USD were using denominations that varied by a factor of 10, I would expect the price to differ by a factor of 10 (all other things being equal).
I think the crux of the argument is whether or not denominations are going to vary between different chains of the same asset. If the denomination is unchangeable at 1share=1oz, then everything I said is wrong.
-
Ah ok, so we're on the same page.
Yeah I suggest people find a canonical denomination for each asset type and stick with it across all chains. It'd be hilarious if someone says "on this chain, GLD is 1kg" and then the market doesn't read his launch thread and pegs it to 1 oz.
-
I have an attack idea.
1] Select a market,
1a] for example lets choose BitBTC,
1b] for consistency let's refer to the market price as units of "Bitshares per Bitcoin" ie (BS/BTC) ,
1c] lets assume the Last traded market price was 500 Bitshares for each Bitcoin, or '500',
2] Place a huge Bid of the amount equal to all current Ask orders,
2a] let's imagine this costs a total of "Z bitshares",
2b] I am now betting that the value (BS/BTC) will go up, ie that a Bitcoin will be worth more than 500 Bitshares,
3] Place a new Ask order at a much higher price,
4] Place a new Bid order at this exact price, (this tricks BitSharesX into believing that the price has gone way, way up, say from 500 to 1000),
5] Force shorts to close out your position (as BitSharesX forces them to cover), by selling to you (at twice what you just paid).
Can even rinse-and-repeat this strategy with higher and higher prices.
Market depth makes this attack costlier, but simultaneously, more profitable, so a different type of solution may be required.
-
I have an attack idea.
1] Select a market,
1a] for example lets choose BitBTC,
1b] for consistency let's refer to the market price as units of "Bitshares per Bitcoin" ie (BS/BTC) ,
1c] lets assume the Last traded market price was 500 Bitshares for each Bitcoin, or '500',
2] Place a huge Bid of the amount equal to all current Ask orders,
2a] let's imagine this costs a total of "Z bitshares",
2b] I am now betting that the value (BS/BTC) will go up, ie that a Bitcoin will be worth more than 500 Bitshares,
3] Place a new Ask order at a much higher price,
4] Place a new Bid order at this exact price, (this tricks BitSharesX into believing that the price has gone way, way up, say from 500 to 1000),
5] Force shorts to close out your position (as BitSharesX forces them to cover), by selling to you (at twice what you just paid).
Can even rinse-and-repeat this strategy with higher and higher prices.
Market depth makes this attack costlier, but simultaneously, more profitable, so a different type of solution may be required.
Not sure I understand this, if you're able to match your bid/ask at a much higher price doesn't that mean you would have cleared out the entire ask side of the market? So then it's not "tricking bitshares X" but actually pushing the price up. Step 5 actually happens during step 2 and if you succeeded, that just means you moved the price up and you don't profit from matching your bid/ask at 1000
-
I have an attack idea.
1] Select a market,
1a] for example lets choose BitBTC,
1b] for consistency let's refer to the market price as units of "Bitshares per Bitcoin" ie (BS/BTC) ,
1c] lets assume the Last traded market price was 500 Bitshares for each Bitcoin, or '500',
2] Place a huge Bid of the amount equal to all current Ask orders,
2a] let's imagine this costs a total of "Z bitshares",
2b] I am now betting that the value (BS/BTC) will go up, ie that a Bitcoin will be worth more than 500 Bitshares,
3] Place a new Ask order at a much higher price,
4] Place a new Bid order at this exact price, (this tricks BitSharesX into believing that the price has gone way, way up, say from 500 to 1000),
5] Force shorts to close out your position (as BitSharesX forces them to cover), by selling to you (at twice what you just paid).
Can even rinse-and-repeat this strategy with higher and higher prices.
Market depth makes this attack costlier, but simultaneously, more profitable, so a different type of solution may be required.
That's essentially a smaller version of a "slingshot" attack as outlined in the first post. There's already a mechanism to limit the effect of a short squeeze by increasing margin requirements.
Another way you could prevent it is to make the definition of a BID order to "the MAXIMUM price you are willing to pay to obtain an asset". That way, the strike price will be dictated by the ASK prices. I may be a bit naive here, but I can't think of a reason why anybody would want to pay more for an asset than the ask prices unless they are trying to manipulate the market in some way.
-
I have an attack idea.
1] Select a market,
1a] for example lets choose BitBTC,
1b] for consistency let's refer to the market price as units of "Bitshares per Bitcoin" ie (BS/BTC) ,
1c] lets assume the Last traded market price was 500 Bitshares for each Bitcoin, or '500',
2] Place a huge Bid of the amount equal to all current Ask orders,
2a] let's imagine this costs a total of "Z bitshares",
2b] I am now betting that the value (BS/BTC) will go up, ie that a Bitcoin will be worth more than 500 Bitshares,
3] Place a new Ask order at a much higher price,
4] Place a new Bid order at this exact price, (this tricks BitSharesX into believing that the price has gone way, way up, say from 500 to 1000),
5] Force shorts to close out your position (as BitSharesX forces them to cover), by selling to you (at twice what you just paid).
Can even rinse-and-repeat this strategy with higher and higher prices.
Market depth makes this attack costlier, but simultaneously, more profitable, so a different type of solution may be required.
Not sure I understand this, if you're able to match your bid/ask at a much higher price doesn't that mean you would have cleared out the entire ask side of the market? So then it's not "tricking bitshares X" but actually pushing the price up. Step 5 actually happens during step 2 and if you succeeded, that just means you moved the price up and you don't profit from matching your bid/ask at 1000
Yes, you understand, I am pushing the price up but I used the word 'trick' to reflect the fact that the "real" price probably did not change, let alone double.
I don't intend to profit or otherwise do anything with the small trades in 3-4. I'm "Alice" in this clip from the video. http://www.youtube.com/watch?v=5BV55IrZi7g&t=5m50s
-
That's essentially a smaller version of a "slingshot" attack as outlined in the first post. There's already a mechanism to limit the effect of a short squeeze by increasing margin requirements.
I don't see why that would work. Can you explain it? This attack produces a risk free return, not a finite payoff, so if anything the ability to put more money into the attack should make it easier to find someone to lend me the money required to pull it off.
Another way you could prevent it is to make the definition of a BID order to "the MAXIMUM price you are willing to pay to obtain an asset". That way, the strike price will be dictated by the ASK prices. I may be a bit naive here, but I can't think of a reason why anybody would want to pay more for an asset than the ask prices unless they are trying to manipulate the market in some way.
I bought all the ASKs in 2 for this reason. Also, if ASKs realize what is happening they will panic (and disappear) as they are sitting ducks to instantly lose money.
-
The part I still don't get is how you cleared the entire ask side (all the shorts) but then still somehow you can cause a margin call when your bid/ask is matched at the higher price. Shorts put down collateral at the price they're taking the short position on, no?
-
The part I still don't get is how you cleared the entire ask side (all the shorts) but then still somehow you can cause a margin call when your bid/ask is matched at the higher price. Shorts put down collateral at the price they're taking the short position on, no?
Do you see in the video where Sam shorted something, paying =1 bitshare / BitUSD for something but then HAD to repurchase it for 1.5 bitshares / BitUSD?
(notice the units are flipped in the video).
-
Ok walk me through this...
Market starts like:
ASK 100 usd/bts
ASK 90 usd/bts
ASK 80 usd/bts
ASK 70 usd/bts
BID 60 usd/bts
BID 50 usd/bts
BID 40 usd/bts
The ASKS are all short positions. Suppose you buy the first two and that is enough to cause a margin call on the 3rd or even the 4th ASK (EDIT nvm you couldn't cause a short squeeze since the price would have to go above what he took the short position at... so let's say you just buy them and trigger other short positions, market just buys the USD from the ask side), so you don't even have to buy the whole ask side (this is how the slingshot attack works, you would take advantage of the short squeeze then short at the top when market corrects). Anyway, now the market looks like this:
BID 60
BID 50
BID 40
So you match your new bid and ask at the higher prices
ASK 300
BID 300
BID 60
BID 50
BID 40
Your orders are matched so now it looks like this
BID 60
BID 50
BID 40
Where did you make money?
If you do a walkthrough similar to this it might help me understand
-
Sure. I don't even know if it works, but this is what I was thinking:
(I am thinking about it in bts/usd, I dont see why that should make a difference as it is only a question of units [but I guess it might]).
BID 1 usd @ .01 bts/usd (100 usd/bts)
BID 1 usd @ .01111 bts/usd (90 usd/bts)
BID 1 usd @ .0125 bts/usd (80 usd/bts)
BID 1 usd @ (1/70) bts/usd
ASK 1 usd @ (1/60) bts/usd
ASK 1 usd @ (1/50) bts/usd
ASK 1 usd @ (1/40) bts/usd
Buy all Asks:
I have spent .0559523809 bts on +3 usd, lets call them: [ -.0559523809, +3] total.
Counterparties are:
[ + .0166666 = (1/60), -1 ] (first short)
[ + .02, -1 ]
[ + .025, -1 ]
BID 1 usd @ .01 bts/usd (100 usd/bts)
BID 1 usd @ .01111 bts/usd (90 usd/bts)
BID 1 usd @ .0125 bts/usd (80 usd/bts)
BID 1 usd @ (1/70) bts/usd
+
BID 1 usd @ (1/20) bts/usd
ASK 1 usd @ (1/20) bts/usd
These cancel, but they also 'set' the price at 1/20 = .05
The video claims that the 3 shorts must repurchase "at the new price".
[ + .0166666 = (1/60), -1 ] + (cover) [ - .05, + 1] = [-.03333333, 0] (this individual lost .03333 bts to close out their position at net=0)
[ + .02, -1 ] + (cover) [ - .05, + 1] = [-.03, 0]
[ + .025, -1 ] + (cover) [ - .05, + 1] = [-.025, 0]
For myself:
[ -.0559523809, +3] + [ +.15 , -3] (my proceeds from the sale to close out my position) = [ .0940476191 , 0 ] profit, for a + 168.0851% return.
-
One minor point is that the shorts only had 2x collateral at the price they shorted at so you'd only get 2*(.01666 + .02 + .025)
Otherwise I think this attack is basically a variant of the SIDS attack described in the OP. I think the defense against this is just to have sufficient market depth: "b) no market trading will be allowed anytime either side of the order book has a depth below D% of the share supply."
Also, if ASKs realize what is happening they will panic (and disappear) as they are sitting ducks to instantly lose money.
I don't think they'd panic and disappear, I think they'd just move their asks to some price which they think you couldn't possibly buy out.
If you legitimately moved the price to a "hole" in the ask side and set the price yourself it's not much different from the price just moving up to that point and so you can enjoy your profits.
-
One minor point is that the shorts only had 2x collateral at the price they shorted at so you'd only get 2*(.01666 + .02 + .025)
Otherwise I think this attack is basically a variant of the SIDS attack described in the OP. I think the defense against this is just to have sufficient market depth: "b) no market trading will be allowed anytime either side of the order book has a depth below D% of the share supply."
I don't see how that changes the fundamental idea of buying Asks and then sucking out their money with a fake high price.
For example, I can repeat what I did several times: build a full order book on both sides and walk it up slowly, I just place Bid, Ask, Bid, Ask, Bid, Ask, at higher and higher prices (Bitshares per Bitasset), and I'm always buying my own Bitasset (leaving me unexposed), or placing BIDs that go permanently unfilled.
Then the price just rolls up and up and up. I have to tie up more capital, but I get all of it back when I later combine my own long and short positions (both of which I already own) to cover. I still steal everyone's money that had an ASK and double up almost instantly.
To prevent this, you'd need a way of telling a scenario like this from a different scenario where the underlying asset DID actually slowly increase to 2x 4x its initial value (because BitSharesX needs to be able to handle that to qualify as an exchange).
I'm going to sleep but I'll check this sometime tomorrow, I was just watching the video and was curious about how this worked. I have a background in mechanism design but I still found this question puzzling. I assumed that I misunderstood the mechanism but now the case may be that I uncovered a defect, which is far more interesting. Perhaps on the train tomorrow I will try to block my own attack in a convenient way.
-
Oh I think I see the mixup: the shorts don't have to buy from you, the network just buys whichever usd are cheapest. So in addition to your matched bid/ask you'd have to place an unmatched ask at the higher price. Would that make it unprofitable?
This stuff is hard to think about without drawing pictures =[
Sent from my SCH-I535 using Tapatalk
-
Oh I think I see the mixup: the shorts don't have to buy from you, the network just buys whichever usd are cheapest. So in addition to your matched bid/ask you'd have to place an unmatched ask at the higher price. Would that make it unprofitable?
This stuff is hard to think about without drawing pictures =[
Sent from my SCH-I535 using Tapatalk
Maybe. I can't figure out exactly how you are measuring market depth, specifically the units. Can you provide an example? My guess is that it may lower the attack from 100% hitrate to possibly <50% hitrate but not remove the core idea. This order depth rule wasn't in the video...from the paper it seems that you can't cancel orders instantly? That might help prevent the attack, as with 'cancellable orders' anyone can fake an infinite order book at finite cost (with infinite bid and infinite ask, either of which you just cancel if someone starts actually trading with you). Do you know precisely how an 'order' is defined? (In addition to the market depth measurement question).
I'm hammering the ASKs, though, so my intuition is that I temporarily control that whole side. Anyone who makes an Ask might lose money if the price continues upward.
I didn't think about this on the train (where I get all of my best ideas) but reconsidering it now I'm wondering what would happen if multiple people used the "place simultaneous Bid Ask to set a price" idea at once (with different prices). Anyone shorting with an Ask is taking a big risk though, assuming the attack's logic is still sound.
A picture is worth a thousand words...I have a whole 'whiteboard room' in my house.
-
I don't see how that changes the fundamental idea of buying Asks and then sucking out their money with a fake high price.
This is actually a great concern I have as well.
I propose putting a speed limit on the percentage change of the current price, as seen from the short liquidation logic. So a short-term action that wipes out the entire Ask side of the book doesn't result in immediate liquidation of every single existing short position.
Consider the scenario I call the "fat-fingered whale": Someone with a huge wallet accidentally enters a market order to buy $100000000 BitUSD instead of $1.00000000 BitUSD. With a speed limit, people will have plenty of time (hours or days depending on the speed limit) to notice the unusual chart activity, manually inspect the blockchain if necessary, and determine the price has doubled or more due to the rogue activity of a single deep-pocketed market participant and react accordingly (probably by rebuilding the Ask book, offering new shorts at high prices which, if they somehow get filled in the chaos, will result in a handsome profit when the market regains its sanity).
I think a market depth limitation has been discussed as well, i.e. only a few percent of the BTS value of orders on the books can be filled per block. While I think this is a good idea, and will protect against the fat-fingered whale (even giving the whale himself some time to cancel the rest of his order if he quickly realizes his mistake). But I'm worried a deep-pocketed attacker who's not concerned about transaction fees could artificially inflate the depth of the market by placing a bunch of orders far away from the current price.
I believe the total amount of capital that's willing to participate in the exchange market is probably a lot higher than the orders on the books at any given time, but you may need to give a human time to react to get some of that money into the market. You can think of it like a "hidden" or "dark" book of trades people are willing to make, but don't publish orders. So short-term price fluctuations should be suppressed; the dark pool should be given time to reinforce the book before the network invokes an extreme behavior like liquidating a large number of short positions.
-
I don't see how that changes the fundamental idea of buying Asks and then sucking out their money with a fake high price.
I propose putting a speed limit on the percentage change of the current price, as seen from the short liquidation logic. So a short-term action that wipes out the entire Ask side of the book doesn't result in immediate liquidation of every single existing short position.
I agree that this would help, but one interesting property of a virtual market like this one (where I can't redeem my Gold for Gold) is that if ANY possibility of attack remains it can become completely self-fulfilling.
The speed limit assumes that there is a counterbalancing force (sort of like a car sliding down a hill...a speed limit would help ensure that the care never makes it up and over the hill), but if there's no counterbalancing force the speed of attack doesn't matter (ie the car will eventually go over the hill if it is not sliding down, as long as it has positive speed). So if any attack is possible, people may abandon the effort to return the market price to its 'true value' and instead view the market as an opportunity to use the mechanism to steal BTS.
For example, imagine that every market, priced in BTS, just permanently rises at the speed limit. This is the last iteration of rationalizable behavior before the following undesirable Nash Equilibrium: people decide to NEVER sell (including short sales) and the market vanishes. Traders could even coordinate with people they don't trust to pull this off, as it is a win for every long. People could even go long on the off chance that someone else does it.
So all attacks must be completely removed, not just discouraged.
-
The 10x margin is all well and good in preventing attacks discussed but it leads (in my opinion) to exposing system problems already existing in the proposed market – in particular small (and known/pre-determined) money supply. Adding to this small money supply a strongly unbalanced voting/price determination power is dangerous (and that is what the 10x margin does). What I mean is in order for the shorts to cast a vote (to say generally that the BitUSD is overvalued they need 9-10 times the resources/money the counter party needs to say the BitUSD is undervalued). This misbalance will in itself stay in the way of the market determining the fair price of the Bitassets but in the context of this discussion here is an example of market manipulation/attack that this misbalance facilitates.
One (the attacker) will need no more than 10% of the all BTXs to have full control over the demand for all BitAssets. That is to say he can match all asks in all assets even if everybody else is 1. Participating/actually placing orders in the market 2. everybody else is of the opinion that the BitUSD is overvalued (i.e. is placing a sell/short sale orders). In practice the attack will be possible with probably 1-3% of all BTXs to attack just one particular BitAsset.
Here is a very rough form of the attack (refining it is not that hard)
Having 10.01% of the all BTXs
1. Buy some arbitrary amount of all offered BitUSD (Let say 5%-10%) at the very beginning of the market at say price p1.
2.Place an ask order for the Bitasset bought in step#1 at let’s say 130.01% the purchase price p1.
3.Place big enough ask bid/s (as of quantity BTX offered up to 10% of all BTXs, but in practice you will need most of the time much smaller amount) @ price sliding from 101% to 130% the p1 price. Effectively matching/swallowing all asks coming to the market.
The important thing here is that your demand for BitUSD is so big that you can ‘swallow’/match any possible ask coming to the market so you will inevitable drive the price to the desired level.
4. Keep a ‘hard bottom’ (placing a bid order/s @ 130% p1, for amount of BitUSD unsurpassable by any and all potential ask orders) until you have sold sufficient percent of the initial BitUSD (bought @100% p1and sold for 130.01% p1)
5. At your leisure push the price slowly from 130% p1 to let say 160% p1, as in step 3.
And cash in some more BitUSD @160.01% p the same way as in step 4.
If you asked me name the attack -‘Unbalanced Forces Attack” (‘Unbalanced forces are forces that produce a non-zero net force, which changes an object's motion’)
-
Sure. I don't even know if it works, but this is what I was thinking:
(I am thinking about it in bts/usd, I dont see why that should make a difference as it is only a question of units [but I guess it might]).
BID 1 usd @ .01 bts/usd (100 usd/bts)
BID 1 usd @ .01111 bts/usd (90 usd/bts)
BID 1 usd @ .0125 bts/usd (80 usd/bts)
BID 1 usd @ (1/70) bts/usd
ASK 1 usd @ (1/60) bts/usd
ASK 1 usd @ (1/50) bts/usd
ASK 1 usd @ (1/40) bts/usd
Buy all Asks:
I have spent .0559523809 bts on +3 usd, lets call them: [ -.0559523809, +3] total.
Counterparties are:
[ + .0166666 = (1/60), -1 ] (first short)
[ + .02, -1 ]
[ + .025, -1 ]
BID 1 usd @ .01 bts/usd (100 usd/bts)
BID 1 usd @ .01111 bts/usd (90 usd/bts)
BID 1 usd @ .0125 bts/usd (80 usd/bts)
BID 1 usd @ (1/70) bts/usd
+
BID 1 usd @ (1/20) bts/usd
ASK 1 usd @ (1/20) bts/usd
These cancel, but they also 'set' the price at 1/20 = .05
The video claims that the 3 shorts must repurchase "at the new price".
[ + .0166666 = (1/60), -1 ] + (cover) [ - .05, + 1] = [-.03333333, 0] (this individual lost .03333 bts to close out their position at net=0)
[ + .02, -1 ] + (cover) [ - .05, + 1] = [-.03, 0]
[ + .025, -1 ] + (cover) [ - .05, + 1] = [-.025, 0]
For myself:
[ -.0559523809, +3] + [ +.15 , -3] (my proceeds from the sale to close out my position) = [ .0940476191 , 0 ] profit, for a + 168.0851% return.
All of these types of attacks depend upon a thin order book. We recently added changes to require a minimum market depth before trading can occur. Also, shorts are only forced to accept a high price *when* there is a margin call. Otherwise they are unaffected. By increasing the margin to 10x you would have to manipulate the price up by 5x before you could trigger such a call.
The fees would be very high to manipulate it up all at once, and if you attempt to do it slowly new shorts will enter the game.
-
4. Keep a ‘hard bottom’ (placing a bid order/s @ 130% p1, for amount of BitUSD unsurpassable by any and all potential ask orders) until you have sold sufficient percent of the initial BitUSD (bought @100% p1and sold for 130.01% p1)
How can you sell enough bitUSD to make a profit without pushing the price back down to before you started the attack (assuming the market doesn't re-value the asset at your new price, which is legit, since you just went long at the right time)? Wouldn't you hit your own bid wall?
-
The 10x margin is all well and good in preventing attacks discussed but it leads (in my opinion) to exposing system problems already existing in the proposed market – in particular small (and known/pre-determined) money supply. Adding to this small money supply a strongly unbalanced voting/price determination power is dangerous (and that is what the 10x margin does). What I mean is in order for the shorts to cast a vote (to say generally that the BitUSD is overvalued they need 9-10 times the resources/money the counter party needs to say the BitUSD is undervalued). This misbalance will in itself stay in the way of the market determining the fair price of the Bitassets but in the context of this discussion here is an example of market manipulation/attack that this misbalance facilitates.
One (the attacker) will need no more than 10% of the all BTXs to have full control over the demand for all BitAssets. That is to say he can match all asks in all assets even if everybody else is 1. Participating/actually placing orders in the market 2. everybody else is of the opinion that the BitUSD is overvalued (i.e. is placing a sell/short sale orders). In practice the attack will be possible with probably 1-3% of all BTXs to attack just one particular BitAsset.
Here is a very rough form of the attack (refining it is not that hard)
Having 10.01% of the all BTXs
1. Buy some arbitrary amount of all offered BitUSD (Let say 5%-10%) at the very beginning of the market at say price p1.
2.Place an ask order for the Bitasset bought in step#1 at let’s say 130.01% the purchase price p1.
3.Place big enough ask bid/s (as of quantity BTX offered up to 10% of all BTXs, but in practice you will need most of the time much smaller amount) @ price sliding from 101% to 130% the p1 price. Effectively matching/swallowing all asks coming to the market.
The important thing here is that your demand for BitUSD is so big that you can ‘swallow’/match any possible ask coming to the market so you will inevitable drive the price to the desired level.
4. Keep a ‘hard bottom’ (placing a bid order/s @ 130% p1, for amount of BitUSD unsurpassable by any and all potential ask orders) until you have sold sufficient percent of the initial BitUSD (bought @100% p1and sold for 130.01% p1)
5. At your leisure push the price slowly from 130% p1 to let say 160% p1, as in step 3.
And cash in some more BitUSD @160.01% p the same way as in step 4.
If you asked me name the attack -‘Unbalanced Forces Attack” (‘Unbalanced forces are forces that produce a non-zero net force, which changes an object's motion’)
This is a very solid consideration and worthy a tip for simply suggesting it. I am going to think through this one a bit more.
I am going to call this attack the BitUSD Monopoly Attack rather than Unbalanced Forces Attack because the premise is that once you monopolize a BitAsset you can set any price for it you want and thus trigger a margin call on the shorts and steal their money. This attack is made possible by reducing the percentage of BTS required to buy all short positions.
In the initial design it would require 50% of the BTS to pull of this attack. Going to 10000x margin would allow almost anyone to pull of this attack. And like you said, a 10x margin allows anyone with 5% to pull off this attack. If I reduce it to 4x margin then the amount required to pull of this attack is 10-20%. Now the assumption here is that someone who owns 10-20% couldn't actually profit by this move because it would entirely undermine his huge investment and while he may end up doubling his percentage ownership he would cause it to be worth 10% of the original value.
Perfectly balanced (original design) is actually not quite perfectly balanced because the shorts can be squeezed. I suspect there is a balance between various attacks. We must assume intent to profit by the attack and I don't see how someone can profit in real terms with this attack.
-
All of these types of attacks depend upon a thin order book. We recently added changes to require a minimum market depth before trading can occur. Also, shorts are only forced to accept a high price *when* there is a margin call. Otherwise they are unaffected. By increasing the margin to 10x you would have to manipulate the price up by 5x before you could trigger such a call.
How are you calculating market depth (there are many ways)? Can you give examples of market's and their measured depths? What prevents me from faking the market depth with orders that are never filled?
More importantly, you overlooked my previous explanation for why this rule does not prevent the attack:
...There's already a mechanism to limit the effect of a short squeeze by increasing margin requirements.
... This attack produces a risk free return, not a finite payoff, so if anything the ability to put more money into the attack should make it easier to find someone to lend me the money required to pull it off.
In other words, it costs 5x more perhaps, but I can make 5x more money so it doesn't matter.
The fees would be very high to manipulate it up all at once, and if you attempt to do it slowly new shorts will enter the game.
How are fees calculated?
Why on earth would shorts enter the game? There remains a nonzero risk of them losing their entire position, correct? If I sensed the attack beginning I wouldn't go anywhere near the game, in fact I would go long regardless of my belief about the price.
-
Fees are calculated based upon how much of the order book you walk.
Given bids of 99, 98, 97, and 95.... to buy it all up in one go you enter an ask for 4@95. You will receive 4*95=380 rather than 99+98+97 = 389 for a fee of '9'. Obviously, if you attempted walk the book all the way down to 50, your fees are going to average 25%.
You would have to enter 4 asks in 4 different blocks to minimize your fees to just the 'fee per byte'.
With respect to the 'risk free' return.... I think you are discounting a risk: such an attack will devalue all of the BTS you 'won'. So I wouldn't lend someone ANYTHING to perform this attack. This particular attack would be for malicious take-down.
This attack assumes you can get a monopoly on all of a BitAsset or at the very least that all holders of that BitAsset are willing to collude to push up the price and that there is no one left who is willing to go short. You state that knowing this attack is possible (or underway) would prevent people from going short. If you hold BitUSD then you are counting on being able to sell your BitUSD for more than $1 worth of BTS.... but if you collude to push the price up you could end up getting nothing and losing.
So the strategy here is to buy BitUSD, place a sell order at a much higher price and wait. Everyone in the market does this and essentially ties the hands of the shorts because they run out of capital to counter the longs. Then... once the BitUSD holders 'win' they collect all of the BTS... but of course it is worthless.
I think that between the sling shot (short squeeze) and this attack... this one is much worse. This is the best argument to return to the 2x margin. Anyone who can purchase 50% of BTS owns the network anyway.
-
Given bids of 99, 98, 97, and 95.... to buy it all up in one go you enter an ask for 4@95. You will receive 4*95=380 rather than 99+98+97 = 389 for a fee of '9'. Obviously, if you attempted walk the book all the way down to 50, your fees are going to average 25%.
You would have to enter 4 asks in 4 different blocks to minimize your fees to just the 'fee per byte'.
I'm a bit confused. Why does this need four blocks?
What trades would be executed if four new asks (1@95, 1@97, 1@98 and 1@99) meet these existing bids at the same time? Only the first two??
-
Given bids of 99, 98, 97, and 95.... to buy it all up in one go you enter an ask for 4@95. You will receive 4*95=380 rather than 99+98+97 = 389 for a fee of '9'. Obviously, if you attempted walk the book all the way down to 50, your fees are going to average 25%.
You would have to enter 4 asks in 4 different blocks to minimize your fees to just the 'fee per byte'.
I'm a bit confused. Why does this need four blocks?
What trades would be executed if four new asks (1@95, 1@97, 1@98 and 1@99) meet these existing bids at the same time? Only the first two??
Lowest ask (95) would be paired with the highest bid (99) and a fee of 4 would be charged...
ask 97 would be paired with bid 98 and a fee of 1 would be charged.
Remaining lowest ask would be 98, and highest bid would be 97 so trading would stop.
-
The 10x margin is all well and good in preventing attacks discussed but it leads (in my opinion) to exposing system problems already existing in the proposed market – in particular small (and known/pre-determined) money supply. Adding to this small money supply a strongly unbalanced voting/price determination power is dangerous (and that is what the 10x margin does). What I mean is in order for the shorts to cast a vote (to say generally that the BitUSD is overvalued they need 9-10 times the resources/money the counter party needs to say the BitUSD is undervalued). This misbalance will in itself stay in the way of the market determining the fair price of the Bitassets but in the context of this discussion here is an example of market manipulation/attack that this misbalance facilitates.
One (the attacker) will need no more than 10% of the all BTXs to have full control over the demand for all BitAssets. That is to say he can match all asks in all assets even if everybody else is 1. Participating/actually placing orders in the market 2. everybody else is of the opinion that the BitUSD is overvalued (i.e. is placing a sell/short sale orders). In practice the attack will be possible with probably 1-3% of all BTXs to attack just one particular BitAsset.
Here is a very rough form of the attack (refining it is not that hard)
Having 10.01% of the all BTXs
1. Buy some arbitrary amount of all offered BitUSD (Let say 5%-10%) at the very beginning of the market at say price p1.
2.Place an ask order for the Bitasset bought in step#1 at let’s say 130.01% the purchase price p1.
3.Place big enough ask bid/s (as of quantity BTX offered up to 10% of all BTXs, but in practice you will need most of the time much smaller amount) @ price sliding from 101% to 130% the p1 price. Effectively matching/swallowing all asks coming to the market.
The important thing here is that your demand for BitUSD is so big that you can ‘swallow’/match any possible ask coming to the market so you will inevitable drive the price to the desired level.
4. Keep a ‘hard bottom’ (placing a bid order/s @ 130% p1, for amount of BitUSD unsurpassable by any and all potential ask orders) until you have sold sufficient percent of the initial BitUSD (bought @100% p1and sold for 130.01% p1)
5. At your leisure push the price slowly from 130% p1 to let say 160% p1, as in step 3.
And cash in some more BitUSD @160.01% p the same way as in step 4.
If you asked me name the attack -‘Unbalanced Forces Attack” (‘Unbalanced forces are forces that produce a non-zero net force, which changes an object's motion’)
This is a very solid consideration and worthy a tip for simply suggesting it. I am going to think through this one a bit more.
I am going to call this attack the BitUSD Monopoly Attack rather than Unbalanced Forces Attack because the premise is that once you monopolize a BitAsset you can set any price for it you want and thus trigger a margin call on the shorts and steal their money. This attack is made possible by reducing the percentage of BTS required to buy all short positions.
In the initial design it would require 50% of the BTS to pull of this attack. Going to 10000x margin would allow almost anyone to pull of this attack. And like you said, a 10x margin allows anyone with 5% to pull off this attack. If I reduce it to 4x margin then the amount required to pull of this attack is 10-20%. Now the assumption here is that someone who owns 10-20% couldn't actually profit by this move because it would entirely undermine his huge investment and while he may end up doubling his percentage ownership he would cause it to be worth 10% of the original value.
Perfectly balanced (original design) is actually not quite perfectly balanced because the shorts can be squeezed. I suspect there is a balance between various attacks. We must assume intent to profit by the attack and I don't see how someone can profit in real terms with this attack.
I don't think tonyk’s attack is possible. As one continually asks more Bitasset which pushes the price from 100 to 130, he must buy much much more than he could have sold in 130. So,he lost more BTS than he may get, the amount of his BTS will reduce,the attack fails.
-
Fees are calculated based upon how much of the order book you walk.
Given bids of 99, 98, 97, and 95.... to buy it all up in one go you enter an ask for 4@95. You will receive 4*95=380 rather than 99+98+97 = 389 for a fee of '9'. Obviously, if you attempted walk the book all the way down to 50, your fees are going to average 25%.
That's clever. Everyone gets exactly what they asked for, and the service is compensated for mediating the transaction. However, I'm paying no fees when I Bid on my own Asks as the price drifts upward, so for a large return even the fast version may be worth it (and the slow version is still always worth it).
With respect to the 'risk free' return.... I think you are discounting a risk: such an attack will devalue all of the BTS you 'won'. So I wouldn't lend someone ANYTHING to perform this attack.
This seems correct. I was thinking about it this morning, and had an insight: the attack is deadlier with heterogeneous markets...if some are large and some are small, the attack is worth it on only the smaller markets. However, if all markets are similar size, the attack is difficult to coordinate.
I was trying to think of a way of coordinating market depths/volumes but could not think of one. This implies that if a market becomes relatively (not absolutely) unpopular it may suddenly undergo this phenomena.
Since people apparently are expected to name their attacks, I'm going to suggest the "Up and Away" (UA) Attack (because the price [in BTS] goes up and takes money away from the shorts).
Do you have a comment on the market depth calculation? This attack relies on not tripping this rule. My intuition is that, unless it is costly to place or cancel an order, the rule will be easy to evade.
-
HI, bytemaster
First, I am happy to see that you are seriously considering going back to 2x margin, no matter if it is because of the attack suggested by my or any of the other attacks.
Second, Thanks You for offering a tip for me suggesting the Unbalanced Forces Attack/BitUSD Monopoly Attack. I would prefer it in BTX (as opposed to PTS) and am ok waiting for the wallet release if you do not mind, as the next DAC is too far in the future for my liking plus all Bank/Exchanges will be based on BTX not PTS, as I understand.
In your post you showed some doubt for how exactly one will profit from BitUSD Monopoly Attack. While my idea was to point how easy it is to distort the market (just for the heck of it, no money gains in mind) and to show that somebody with 10% of BTX (and most likely with far less than that) can choose/control the price of all BitAssets (or at least choose to set their price at arbitrary upward point). In my mind this is dangerous enough. I think that the people will come with more and ‘better’ ways to use it for their advantage but if you insist here are my 3 ways on how one can profit from it:
1. Introducing market/solution that lacks the above deficiencies… (if losing all/most/some money invested in 10% of all BTX is worth it)
2.The inflated BitUSD can be sold/exchanged on an outside market for USD or other ‘meat space’ currency before the price support is withdrawn and the price of BItUSD potentially/likely goes down
3. One can come up with a ‘fund’ that offers an investment in asset/s (BitUSD and other BitAssets) that guaranty (7%, 10%, 14% return/year).
And what is more troubling, he/she can actually secure such return for year after year, after year; by simply controlling the price (or at least the upward movement of the price) of said asset. And while mass withdrawal of money from such fund may expose the scheme such fund is, so are pretty much every bank/fund (meaning none of them can sustain mass withdrawal of funds without outside help or going bankrupt)
On totally different note (without too much thought, this is just how I feel in general about it):
1.‘short squeeze’ is nothing to worry about - it is a natural market development and if they/ the shorts feel pressure they better have ‘easy way to add additional margin/cover and sale at the new price ’ if they do not want to be forced to liquidate.
2.Caps on price movement/per block is the way to remove/soften the blow to the system, in my opinion. Also the margin call buy orders (as market orders –i.e. no upper limit on the buy price), should be filled up first before other buy orders.
3. I have a suggestion that I will put in the next post….
-
Suggestion for the problem with liquidating short positions that potentially lead to BitAssets/BitUSD flying in the system with no backing.
There are (possibly) situation where the liquidated short position’s margin is not enough to buy all the required BitUSD (example are rapid price appreciation of BitUSD due to natural factors and SIDS Attack)
The suggestion assumes that the market do have ‘caps on price movement/per block’ (I in vision such cap at no more than 1%, probably less)
Generally the idea is – instead of covering the low margin short position by placing a buy order on the market on behalf of such short position holder, covering with existing long position (or portion of such position) @ price=last transaction price on the market (alternatively @ average price in the last block) and automatically placing buy order for the same amount at the same price on behalf of the long position holder.(Note: Such order should be modifiable/cancelable buy the long position holder at his earliest convenience)
I have 2 variants how the long position holder is selected for such transaction –
(a) the counter party in the initial short sale – this of course if the block chain contains the info (I am not sure if it does)
(b) randomly selected long positions – here effort should be made to find best balance between taking as little as possible from such long position (let say try if possible not to sell more than 5% of each of such selected long) and the stress on the system if too many such long are selected to facilitate minuscule transactions. (Note: such longs should probably receive portion of the 5% liquidation fee, so they do not have to pay the transaction fee on this and the subsequent buy order from their own pockets)
P.S. I see the disadvantages of the above proposal, believe me. I just think it just better than uncovered assets flying around in the system and/or having to have 10x margin requirement.
-
With respect to the 'risk free' return.... I think you are discounting a risk: such an attack will devalue all of the BTS you 'won'. So I wouldn't lend someone ANYTHING to perform this attack. This particular attack would be for malicious take-down.
This attack assumes you can get a monopoly on all of a BitAsset or at the very least that all holders of that BitAsset are willing to collude to push up the price and that there is no one left who is willing to go short. You state that knowing this attack is possible (or underway) would prevent people from going short. If you hold BitUSD then you are counting on being able to sell your BitUSD for more than $1 worth of BTS.... but if you collude to push the price up you could end up getting nothing and losing.
So the strategy here is to buy BitUSD, place a sell order at a much higher price and wait. Everyone in the market does this and essentially ties the hands of the shorts because they run out of capital to counter the longs. Then... once the BitUSD holders 'win' they collect all of the BTS... but of course it is worthless.
I'm updating my answer somewhat. I no longer believe that an outsider would profit from this attack, for the reason you give. Instead I think that this attack will just emerge. I assume that, post-attack, BTS loses 99% of its economic value. As shorts lose 100% of their risked economic value, and mutual attacking is possible (and increases the likelihood of attack success), we have:
| Conform | Attack |
| Conform | (0,0) | (-100%,-99%) |
| Attack | (-99%,-100%) | (-99%,-99%) |
With the best-response of Attack if there is belief that others will attack (which itself could result from paranoia/panic/manipulation).
However, say that the price of BitUSD is currently too high (for whatever reason). There is a small benefit to going short and correcting the price, but also a small possibility that there is an attack underway which will reduce reduce your BTS by 100% if you short, and BTS value by 99% if you do nothing.
So I think the true attack is that this spooks everyone into selling their BTS....for USD to wait out any potential attack. In other words, outside the BitSharesX system. This can easily become self-fulfilling (selling BTS for 'real USD' is exactly like going long BitUSD) and the "devalued BTS" counterargument actually exacerbates the attack!
To be clear, the new attack is:
1] Start the "Up and Away" attack (either directly, or through rumor/panic/misinformation) on a tradable BitAsset (such as BitBTC or BitUSD).
2] Sell BTS for the real-life version of that BitAsset.
The gains are both from doubling BTS in 1, but also by avoiding huge losses in 2 (if you are not part of the attack, you lose 99%, whereas attackers do not).
-
It has been over a month, and no response to my critical manipulation. I myself have not thought of a way to prevent it.
Neither "limiting trading based on market depth" nor "maximum price movement per block" will prevent a sudden decrease in the market price of USD/BTS on external exchanges (which are absolutely required if one is using PoS). This price decrease will de-collateralize everything, resulting in cascading margin calls that cause BTS to fail to track every asset (as they will all be doubling in value toward the same infinity, as shorts sell to avoid Mcalls and longs sell to cash out their BTS [both at rates "faster" than the collapse in external USD/BTS thanks to the new 'maximum price movement' requirement (which is artificially slowing the internal USD/BTS)]).
Moreover, I feel that the fee structure...
Fees are calculated based upon how much of the order book you walk.
Given bids of 99, 98, 97, and 95.... to buy it all up in one go you enter an ask for 4@95. You will receive 4*95=380 rather than 99+98+97 = 389 for a fee of '9'. Obviously, if you attempted walk the book all the way down to 50, your fees are going to average 25%.
...encourages low volume (more trades = higher fees, as is obvious in the above example, 1 bid=0 fees), and large spreads (as you literally pay for every dollar the market-price moves past your existing bids/asks). As volume collapses, the market may lose all of its liquidity completely. Strategically, people will be hesitant to enter a soon-to-be-illiquid market.
All phenomena create an equilibrium of non-tracking and no trade.
( This thread promises tips in exchange for "finding attacks", but I have not yet received any tips. My Bitcoin address is 1DSrFGXJdsFw2MsrgwHeQxWq1djQk4jcyD )
-
| Conform | Attack |
| Conform | (0,0) | (-100%,-99%) |
| Attack | (-99%,-100%) | (-99%,-99%) |
With the best-response of Attack if there is belief that others will attack (which itself could result from paranoia/panic/manipulation).
However, say that the price of BitUSD is currently too high (for whatever reason). There is a small benefit to going short and correcting the price, but also a small possibility that there is an attack underway which will reduce reduce your BTS by 100% if you short, and BTS value by 99% if you do nothing.
You're saying there's a "small benefit" to correcting the price, so shouldn't it be this?
| Conform | Attack |
| Conform | ( +5%, +5%) | (-100%,-99%) |
| Attack | (-99%,-100%) | (-99%,-99%) |
-
It has been over a month, and no response to my critical manipulation. I myself have not thought of a way to prevent it.
Neither "limiting trading based on market depth" nor "maximum price movement per block" will prevent a sudden decrease in the market price of USD/BTS on external exchanges (which are absolutely required if one is using PoS). This price decrease will de-collateralize everything, resulting in cascading margin calls that cause BTS to fail to track every asset (as they will all be doubling in value toward the same infinity, as shorts sell to avoid Mcalls and longs sell to cash out their BTS [both at rates "faster" than the collapse in external USD/BTS thanks to the new 'maximum price movement' requirement (which is artificially slowing the internal USD/BTS)]).
Moreover, I feel that the fee structure...
Fees are calculated based upon how much of the order book you walk.
Given bids of 99, 98, 97, and 95.... to buy it all up in one go you enter an ask for 4@95. You will receive 4*95=380 rather than 99+98+97 = 389 for a fee of '9'. Obviously, if you attempted walk the book all the way down to 50, your fees are going to average 25%.
...encourages low volume (more trades = higher fees, as is obvious in the above example, 1 bid=0 fees), and large spreads (as you literally pay for every dollar the market-price moves past your existing bids/asks). As volume collapses, the market may lose all of its liquidity completely. Strategically, people will be hesitant to enter a soon-to-be-illiquid market.
All phenomena create an equilibrium of non-tracking and no trade.
( This thread promises tips in exchange for "finding attacks", but I have not yet received any tips. My Bitcoin address is 1DSrFGXJdsFw2MsrgwHeQxWq1djQk4jcyD )
MolonLabe, my apologies for not following up on this thread in a while and of course some tips are due for some of the attacks presented.
Attempting to summarize your claimed attack:
1) Sudden decrease on external exchanges in excess of a 50% fall in value would immediately leave some BitUSD un-collateralized... assuming this was a real devaluation and not a 'flash crash' due to technical glitch on external exchanges. In this particular case the shorts deserve to lose everything and the longs get their maximum return. This isn't so much an attack as a real market movement where real value should change hands.
2) In markets most trades / volume is considered noise and is not based upon new information entering the system. There will be lower volume and wider spreads with this system, but think of it is nothing more than a filter that eliminates noise. The result is that market participants actually have a clearer picture of the value and risk.
3) After thinking through it some I think we can conclude that a short position's maximum cover bid is 2x their initial open price. If the market moves by more than that amount before the shorts can cover then the holders of BitUSD can choose between keeping their BitUSD or selling for 2x the shares they purchased at. This would cause BitUSD to momentarily be valued less than real USD as it would become pegged to the value of the collateral backing it. The holders of BitUSD have a limited insurance policy agains volatility equal to the collateral. They are not promised 100% peg like an IOU reserve system would.
4) So lets assume there is a 75% fall in the value of BTS and that initially 1 BTS = $100... now 1 BTS = $25 USD. This means that there are 2 BTS backing every 100 BitUSD and thus we now have $50 of value backing 100 BitUSD. The BitUSD holders have only one way to exit their position, they must sell their BitUSD and the shorts are only offering $0.50 on the BitUSD. The short has no incentive to cover so they can hold their offer for ever. The long has two choices, take $0.50 on the BitUSD or hold the BitUSD and wait for BTS to recover. Whether they hold or sell they are effectively invested in BTS because the value of their BitUSD is now pegged to BTS until the value of the collateral rises above $1 per BitUSD.
So lets study this limit condition a tad closer: does the market stop, clear, and automatically reset or does it fail for ever?
a) Assume BTS price in real USD is still out there and trading at $25 USD and thus whatever caused the 75% instant devaluation is not causing further decline.
b) Assume you hold BitUSD... what price would you sell it at? You will not sell below $0.50 on the BitUSD because there are open bids at that price.
c) What price would you buy it at? You will buy BitUSD at any price less than the value of its collateral.
d) What price would you short it at? You will still short it at a rate of 25 BitUSD to BTS because you can make money when it goes up to 50 BitUSD per BTS.
In other words in a rapid downward movement BitUSD will become decoupled from USD proportional to the percentage of shorts that run out of collateral. The market will recognize this fractional insolvency. If 100% of all shorts run out of collateral, the value of BitUSD becomes pegged to BTS until enough new shorts enter the picture to reduce the overall insolvency. The longs can either eat their losses or hold and wait for the value of the collateral to recover. Once the value of the collateral recovers then the peg to USD resumes.
Now an attacker could attempt to manipulate the price and cause a short squeeze that will wipe out all shorts. But they will not be able to cause BitUSD to be unbacked all together... the most they could do is drive it to the value of the collateral.
How can an attacker profit?
1) the attack must be fast (high fees)
2) the attacker must short BitUSD into the short squeeze caused by their own buying of BitUSD
- the attacker's behavior is actually the same behavior of honest market participants in response to excessive buying of BitUSD
3) the attacker covers their short positions with the BitUSD they bought to send the price up.
The assumption of Molon is that if the market recognizes any attack it could become fulfilling as everyone joins the attack. The basis of these markets is all in predicting what others will do as that is the foundation of the peg. If consensus suddenly changes then the peg will follow that consensus all the way to its logical conclusion. So you could attack the peg by attempting to persuade the market that an attack is happening and inevitable and if you are successful then it will be self-fulfilling.
So if an attack starts and people believe that someone is attempting an attack then they have three choices:
a) wait it out and be long BitUSD... no profit/no loss in the long run
b) knowing that the price eventually will revert, you can short with 10x the collateral so you don't face a margin call and can profit as the price falls... this will hinder the attack and make you money no matter what.
c) Join the attack.... buy BitUSD while shorting at a higher price and cover with the difference.
The people being attacked in this instance are the shorts who face a margin call (and fee) based on something other than fundamentals. As a short observing market behavior you know that you can be attacked at any time. Your choices are:
a) cover early, this will help accelerate the attack by causing buying pressure on BitUSD
b) add collateral and ride it out.
c) join the attack by covering early and re-entering a short position later.
So it is clear that if enough wealth joins the attack everyone will join it.... but what are the risks of joining the attack?
a) If you join the attack at the top of the 'bubble' or the attack fails to hit critical mass, then you just bought BitUSD high and will lose money.
What does this mean for trading strategies? It means that shorts who are worried about such an attack will only enter the market toward the peak of the attack (ie: when they think there is a major bubble) and otherwise will not go short without ample collateral at prices they think are reasonable.
The more I think about it this entire 'attack' is no different than any regular bubble, pump & dump psyop. These are features of all markets and from the perspective of market participants this would be no different than a bubble in Bitcoin.... buy a bunch of BTC slowly over time... then trigger a buying rush with rumors... sell at the top. If you can get leverage so much the better.
People who trade on leverage are always vulnerable to bubbles. Trading on leverage in a thin market with high volatility is RISKY by definition... it is also profitable for the same reason. Therefore, any losses are part of the 'game' and ultimately the price will track as depth and volatility decrease.
-
Hey these responses seem very interesting and to take the attack seriously but I'm on vacation so I'll get back to everyone on Thursday probably.
I think I did mean a positive up left cell, perhaps my previous formatting experience trained me to avoid the + 1 . Of course as you must know it really makes no difference. I can't remember what I was thinking but I do remember that the post-matrix post replaces that one.
-
Ok I feel at least that you essentially understand what I am concerned about.
You are right when you say that it is all largely arbitrary, and traders will be able to influence the price through their shared opinion of what it should be.
However, although the price is largely arbitrary, it is not completely arbitrary, and this tiny constraint (the margin call) is what I want to emphasize.
To be clear, the new attack is:
1] Start the "Up and Away" attack (either directly, or through rumor/panic/misinformation) on a tradable BitAsset (such as BitBTC or BitUSD).
2] Sell BTS for the real-life version of that BitAsset.
Let me try a metaphor. Marbles are rolling down a halfpipe in a hill, randomly coasting to the left and right of the halfpipe nadir. If they somehow make it up and over the left side, they land in a new, lower, halfpipe (margin call), yet if they make it up the right side nothing happens (the other halfpipe is too high).
I would expect that, eventually, the marbles will land in the lower/lowest halfpipes. For this reason, individuals should always be long BitAssets and short BTS, both within BitsharesX and on external exchanges, and always sell the BTS they receive as soon as possible. The only logic available to traders points in the direction of this attack, everything else is just an arbitrary "I hope".
If they do this, they have a free option to double their money. If everyone does this, the first people who tried it will succeed the most, so people are rewarded for trying it immediately, and following the first movers. If no one did this, purely random market volatility would eventually cause a margin call somewhere, so users are still incentivized to "lean long", ie be more long than short (than they otherwise would be), foreseeing this, traders would themselves go long purely to capture this bias. Assuming reasonable time value of money and convenience yield, there is no profitable deviation from the boldface strategy (that I can see), and anyone who does not follow it would do better if he/she followed it, so I therefore assert that it is the unique Nash Equilibrium to this payoff scheme.
When you say that "traders will restore the price to the real price", aren't you invoking circular reasoning? BTS does not know what the "real price" is, it gets it from the traders. I realize that we can talk about it here but the software wouldn't understand us (the way it would understand a margin call). 2x, 3x, 10x, any amount of margin would not be enough.
It isn't just a bubble, where you hope to sell to a greater fool, the margin call guarantees that you can force other people to buy your stuff. The bubble doesn't become unsustainable and pop, it continues indefinitely. Why shouldn't BitBTC cost 40 trillion BTS? Why not 80 Trillion? Why not 9999 trillion or more?
-
Does the fact that bts earns income from bitusd and bts transactions change the argument? It seems like if I had no guess about their relative directions I would go long bts over bitusd to capture income. I'd much rather x% of current tx fees as income than not.
Sent from my SCH-I535 using Tapatalk
-
As in, I don't completely understand how the +1 to 0 payoff difference in the two versiona of the game looks like in terms of actors. Like they think the income is already priced in in the +0 version?
Sent from my SCH-I535 using Tapatalk
-
Why not?? Because the market values bts at non 0 value.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
-
It has been over a month, and no response to my critical manipulation. I myself have not thought of a way to prevent it.
Neither "limiting trading based on market depth" nor "maximum price movement per block" will prevent a sudden decrease in the market price of USD/BTS on external exchanges (which are absolutely required if one is using PoS). This price decrease will de-collateralize everything, resulting in cascading margin calls that cause BTS to fail to track every asset (as they will all be doubling in value toward the same infinity, as shorts sell to avoid Mcalls and longs sell to cash out their BTS [both at rates "faster" than the collapse in external USD/BTS thanks to the new 'maximum price movement' requirement (which is artificially slowing the internal USD/BTS)]).
Moreover, I feel that the fee structure...
Fees are calculated based upon how much of the order book you walk.
Given bids of 99, 98, 97, and 95.... to buy it all up in one go you enter an ask for 4@95. You will receive 4*95=380 rather than 99+98+97 = 389 for a fee of '9'. Obviously, if you attempted walk the book all the way down to 50, your fees are going to average 25%.
...encourages low volume (more trades = higher fees, as is obvious in the above example, 1 bid=0 fees), and large spreads (as you literally pay for every dollar the market-price moves past your existing bids/asks). As volume collapses, the market may lose all of its liquidity completely. Strategically, people will be hesitant to enter a soon-to-be-illiquid market.
All phenomena create an equilibrium of non-tracking and no trade.
( This thread promises tips in exchange for "finding attacks", but I have not yet received any tips. My Bitcoin address is 1DSrFGXJdsFw2MsrgwHeQxWq1djQk4jcyD )
If some wanted to tip u in pts, is this impossible or do u have an address? This conversation seems worth it.
-
Does the fact that bts earns income from bitusd and bts transactions change the argument? It seems like if I had no guess about their relative directions I would go long bts over bitusd to capture income. I'd much rather x% of current tx fees as income than not.
Why not?? Because the market values bts at non 0 value.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
I don't think I'm getting my point across. Imagine that everyone is doing as I suggest in bold (we can go over "Why is everyone acting this way?" and "Is this behavior inevitable?" after we sort this first part out).
individuals should always be long BitAssets and short BTS, both within BitsharesX and on external exchanges, and always sell the BTS they receive as soon as possible
Then none of what you are saying matters, because if you deviate from this strategy (and hold BTS), very soon you will be margin called for your BTS, and lose them. Does this make sense?
-
MolonLabe,
Your argument that you should be long BitUSD because you can get more BTS when margin is called because in your estimation the network is worthless. I see your point and think you are missing something very critical:
Volatility is constant and taking your bet is extremely risky because of the single unknown component: time. You are betting a run-away short squeeze is inevitable and when this happens the value of BitUSD becomes pegged to the value of the collateral. The market participants recognizing that going long BitUSD is just like going long BTS and that they therefore have nothing to gain by attempting to 'join an attack'. The fact remains that BitUSD would be serving its purpose most of the time with any deviations being short-lived.
So by your estimate no-one should go short which means no one will be able to go long. So if a market forms at all then your assumption is wrong.
All market participants will understand the risk involved and that they are subject to the risk of manipulation like everyone else. These same market participants will still recognize the value of hedging.
Fortunately this is an experiment, like bitcoin, that we can run and learn from.
-
Your argument that you should be long BitUSD because you can get more BTS when margin is called because in your estimation the network is worthless.
Not true. I ONLY assume that people prefer having more money to having less money. I do, separately, believe that the network is worthless, but I plan to carefully build that argument up from a few pieces, including this one.
Volatility is constant and taking your bet is extremely risky because of the single unknown component: time.
I assume you mean that volatility is 'always present' (obviously it is highly variable). We agree that volatility exists, I think.
You are betting a run-away short squeeze is inevitable
Surely you agree that one margin-call will happen eventually? I do believe that I can prove that one margin leads inevitably to a run-away shorts squeeze, and (moreover) the protocol must be prepared to handle one even if you never expected one.
and when this happens the value of BitUSD becomes pegged to the value of the collateral.
At the instant of the margin call, yes. Which is why manipulated prices will stick.
The market participants recognizing that going long BitUSD is just like going long BTS and that they therefore have nothing to gain by attempting to 'join an attack'.
The other half of the equilibrium is selling BTS on external exchanges. This is where the attack continues (until all shorts are squeezed).
The fact remains that BitUSD would be serving its purpose most of the time with any deviations being short-lived.
Why wouldn't the attack happen immediately of its own volition, as a result of greed, and partially as a result of risk-aversion on the part of innocent traders? With some heavy-handed and expensive support from a dedicated team, the market may appear to be healthy (until this support is withdrawn).
So by your estimate no-one should go short which means no one will be able to go long. So if a market forms at all then your assumption is wrong.
I am describing equilibrium strategic behavior, if a market forms at all, it will mean that some participants are irrational (prefer having less money to more money). These individuals will lose their money, quickly if other participants are rational, slowly if few are. I am NOT assuming that everyone is rational, or that everyone is aware of my attack/the risks involved in going short.
-
Yes I was stating that volatility is always present not that its magnitude is constant.
Yes I expect a short squeeze to occur at some point in time.
Yes I assume that any market move is possible for natural causes. (Natural being defined as changing market perception rather than attack).
Given any market move is possible for natural causes, it is therefore to be expected that someday shorts will be blown out and BitUSD holders will have to eat any losses due to insufficient collateral. BitUSD will then remain pegged to BTS until the holders of BitUSD accept their losses or the value of BTS recovers.
So the question becomes one of unnatural causes that are not based upon economic fundamentals but based upon one individual or groups attempt to manipulate the price to profit. Like you said people like to make money any way they can.
So the way you claim they can make money is by selling BTS off chain and buying BitUSD on chain... but these two actions are mutually exclusive as buying BitUSD is ultimately buying a variable amount of BTS.
So buying BitUSD is generating demand for BTS and supporting the price.
So if you want to execute this attack for the purpose of making money the only way to do so is to short BTS off chain which means borrowing from someone off chain.
So if buying BitUSD is viewed as a proxy for buying some amount of BTS in the future where the amount depends upon the future market value of the dollar or 2x the BTS you could have purchased with USD today. Thus BitUSD is merely a partial hedge against BTS value falling and is still an investment in BTS.
So if the system has 0 value then it does not work, but as long as it has some value it will work. An attacker must buy before he can sell and must own a large amount. Attacks are not likely to be profitable because at the end of the day he ends up with BitUSD converted to BTS which is worthless as a result of the attack than it was when he purchased it originally in order to execute the attack.
So selling 'off-chain' is the only way to making money and in this sense it is like bitcoin, very hard to make money on the down side because few will lend BTC or BTS in the real world necessary to short it in the real world.
So I still conclude that your attack is not 'automatic' nor 'assumed' and that it is not profitable. It would have to be triggered by first buying into the system to prop up the price... then buying a ton of BitUSD which will cause the price to rise and cause new shorts to enter. The strategy of buying BitUSD until a short squeeze results in more and more collateral being put up for the later BitUSD purchases. So some early positions may get squeezed but the later ones will not.
In fact I think attempts at buying up BitUSD will only strengthen the network... so all that remains is attempting to manipulate the real world values.
-
you claim they can make money is by selling BTS off chain and buying BitUSD on chain... but these two actions are mutually exclusive as buying BitUSD is ultimately buying a variable amount of BTS.
Perhaps I did not explain...you either use BTS for one or the other. You go long whenever you can and sell on an external exchange otherwise (as long as you are long somewhere). This is less 'attack' and more 'defense', and does not need to be deliberate contrived by anyone.
So buying BitUSD is generating demand for BTS and supporting the price.
I thought that, to go long BitUSD, you spent BTS to receive BitUSD. That's usually what people mean when they say they went long stocks (that they spent dollars on stocks). If the price of stocks in terms of usd has gone up, then the price of usd in terms of stock has gone down. So buying BitUSD is putting pressure on the price of BTS, not supporting it. Or have I misunderstood?
So if you want to execute this attack for the purpose of making money the only way to do so is to short BTS off chain which means borrowing from someone off chain.
You might do this, but you could also just sell the BTS that you currently own. If BTS/USD price is falling, many will decide to sell (surely you do not believe that the BTS/USD price will always go up?).
So if buying BitUSD is viewed as a proxy for buying some amount of BTS in the future where the amount depends upon the future market value of the dollar or 2x the BTS you could have purchased with USD today. Thus BitUSD is merely a partial hedge against BTS value falling and is still an investment in BTS.
Really? I can go long an ounce of gold, and short a barrel of oil. Each of those transactions could be described as "buying some amount of USD in the future", but I would NOT then describe them as "an investment in USD". You must be saying that the BTS system will be valuable, and BTS-owners will receive a sizable quantity of fees (paid in BTS, I assume). Even if this were true, it wouldn't be a reason NOT to sell those BTS off during a collapse in value.
So if the system has 0 value then it does not work, but as long as it has some value it will work. An attacker must buy before he can sell and must own a large amount. Attacks are not likely to be profitable because at the end of the day he ends up with BitUSD converted to BTS which is worthless as a result of the attack than it was when he purchased it originally in order to execute the attack.
Actually, I assumed that, by your own design, the BTS he received post-attack, while being at a lower market price, would be at a higher market quantity and still retain all of their value. The attack-profit comes from the initial raiding of the shorts, but also by selling BTS before anyone else can.
So selling 'off-chain' is the only way to making money and in this sense it is like bitcoin, very hard to make money on the down side because few will lend BTC or BTS in the real world necessary to short it in the real world.
Why do you assume that people need to borrow BTS to sell? Even those who believe in the BTS philosophy prefer having more money to less money. They will sell if it benefits them, and one way to do that is to go long an asset (of course, my attack murders all the shorts, so the only other way is to sell on an external exchange).
So I still conclude that your attack is not 'automatic' nor 'assumed' and that it is not profitable. It would have to be triggered by first buying into the system to prop up the price...
Not true. Can (and will) be triggered by existing True "BTS-Believers".
then buying a ton of BitUSD which will cause the price to rise
Each rational person will buy a little BitUSD, if only to protect themselves from this attack. This itself is enough to start the attack.
and cause new shorts to enter.
Anyone who shorts inside of BitsharesX is going to regret it. I have already explained why. Those who don't learn the easy way will eventually learn the hard way, or run out of money. The BitAssets allow people to flee BTS even more easily than they would otherwise.
The strategy of buying BitUSD until a short squeeze results in more and more collateral being put up for the later BitUSD purchases. So some early positions may get squeezed but the later ones will not.
In fact I think attempts at buying up BitUSD will only strengthen the network... so all that remains is attempting to manipulate the real world values.
Sorry, this is too vague for me. "later ones", "strengthen", "real world values"?
-
I thought that, to go long BitUSD, you spent BTS to receive BitUSD. That's usually what people mean when they say they went long stocks (that they spent dollars on stocks). If the price of stocks in terms of usd has gone up, then the price of usd in terms of stock has gone down. So buying BitUSD is putting pressure on the price of BTS, not supporting it. Or have I misunderstood?
Yes, you have misunderstood. There are two ways to buy bitUSD:
1st way
you can pay someone real dollars for their bitUSD
effect:
no direct effect on BTS price.
If bitUSD is sold on an exchange this will drive up bitUSD price relative to real USD
2nd way:
Buy BTS first and then use it to buy bitUSD within the BTS system.
Net effect: you had to buy BTS on an exchange and you drove up the real value of BTS.
The internal creation of bitUSD was not done on exchange; it happened within the BTS system and has no direct effect on an exchange with real dollars.
The secondary effect of people buying BitUSD the 1st way is that it makes bitUSD scarce so people try to get bitUSD the 2nd way; which again pushes up the value of BTS.
-
Really? I can go long an ounce of gold, and short a barrel of oil. Each of those transactions could be described as "buying some amount of USD in the future", but I would NOT then describe them as "an investment in USD". You must be saying that the BTS system will be valuable, and BTS-owners will receive a sizable quantity of fees (paid in BTS, I assume). Even if this were true, it wouldn't be a reason NOT to sell those BTS off during a collapse in value.
The difference is that BitUSD is only redeemable in BTS where as gold/oil contracts are redeemable in gold/oil (in theory). So at the end of the day BitUSD is just a claim on BTS. You do not buy BitUSD unless you expect BTS to have value in the future with less volatility than the collateral can support.
So think of BitUSD as an alternative investment that is highly correlated to USD but is not USD.
-
Actually, I assumed that, by your own design, the BTS he received post-attack, while being at a lower market price, would be at a higher market quantity and still retain all of their value. The attack-profit comes from the initial raiding of the shorts, but also by selling BTS before anyone else can.
To trigger a margin call the value of BitUSD must rise rapidly against the collateral. This requires people to buy BitUSD in a market where no one is selling BitUSD or SHORTING BitUSD. The only reason for people not to short BitUSD into buying demand is if the real value of BTS were falling relative to USD. Holding BitUSD is like lending the network $1 worth of value by not redeeming it immediately for shares. The more demand for BitUSD with no sellers means the credit rating of the network is growing as people are willing to accept and hold IOUs from the network.
In the event of a network default, those that hold IOUs are effectively converted to equity positions. A default can occur only when the real value of BTS falls very rapidly. Manipulating the real value of BTS is like manipulating a penny stock (initially) but becomes increasingly difficult as the network grows.
Unfortunately the network does not know the real BTS / USD price and is operating entirely on the BTS / BitUSD price. So to crash BTS in the BTS/BitUSD price means you must buy up a lot of BitUSD in a market where there is no one willing to short BitUSD. So the window of attack is in the arbitrage delay between BTS/USD price changes and BTS/BitUSD price changes. Thus it requires speed to trigger a 'false margin call' and this is why having minimum market depth and maximum price movements helps give all market participants TIME to assess the reality of the value change in BTS/USD before a chain reaction can gain speed and force shorts out of their position at a loss based upon noise rather than fundamentals.
Like we said earlier, if you could require 100x margin then you would be unable to shake someone from their position, but you expose yourself to the monopoly attack when someone buys up all of the BitUSD to force the margin call. Having 2x margin increases the risks of the shorts, but the good news is that 2x is just the minimum margin and any short that wishes to have a defense against certain market manipulation attacks would be proactive about maintaining higher collateral than everyone else. In time the market will learn what to expect in terms of volatility.
-
!!!This is not an ‘attack’!!!
OK – please move this discussion to something else – like ‘Miner feasibility issues on trading platforms with no real deliveries’ or even better ‘OMG, OMG margin calls make the shorts real uncomfortable’ or whatever you want to call it.
!!!This is not an ‘attack’!!!
-
I thought that, to go long BitUSD, you spent BTS to receive BitUSD. That's usually what people mean when they say they went long stocks (that they spent dollars on stocks). If the price of stocks in terms of usd has gone up, then the price of usd in terms of stock has gone down. So buying BitUSD is putting pressure on the price of BTS, not supporting it. Or have I misunderstood?
2nd way:
Buy BTS first and then use it to buy bitUSD within the BTS system.
You are wrong. Reread what I wrote earlier about who would act in the way I describe. If you aren't going to read it the first time, I don't see why I should repeat myself.
Really? I can go long an ounce of gold, and short a barrel of oil. Each of those transactions could be described as "buying some amount of USD in the future", but I would NOT then describe them as "an investment in USD". You must be saying that the BTS system will be valuable, and BTS-owners will receive a sizable quantity of fees (paid in BTS, I assume). Even if this were true, it wouldn't be a reason NOT to sell those BTS off during a collapse in value.
The difference is that BitUSD is only redeemable in BTS where as gold/oil contracts are redeemable in gold/oil (in theory). So at the end of the day BitUSD is just a claim on BTS. You do not buy BitUSD unless you expect BTS to have value in the future with less volatility than the collateral can support.
So think of BitUSD as an alternative investment that is highly correlated to USD but is not USD.
That's not true. Gold/Oil contracts may be redeemable for gold/oil, but they usually aren't. In practice, those that are so redeemable almost never are (only industrial firms which actually needed to buy gold/oil anyway do such transactions, typically through intermediaries). Moreover, although you say "You do not buy BitUSD unless you expect BTS to have value in the future" you have not shown why. I just described a second reason why one might buy BitUSD: precisely because they feel that BTS will have a LOWER value in the future. This is usually why people buy gold contracts! Separately, you are swapping "lower" with "zero" almost randomly.
Manipulating the real value of BTS is like manipulating a penny stock (initially) but becomes increasingly difficult as the network grows.
You keep saying this, yet you ignore what I write down about everyone, including BTS owners, adopting a certain profit-maximization strategy. In what I described, "network growth" is completely irrelevant.
Unfortunately the network does not know the real BTS / USD price and is operating entirely on the BTS / BitUSD price. So to crash BTS in the BTS/BitUSD price means you must buy up a lot of BitUSD in a market where there is no one willing to short BitUSD. So the window of attack is in the arbitrage delay between BTS/USD price changes and BTS/BitUSD price changes. Thus it requires speed to trigger a 'false margin call' and this is why having minimum market depth and maximum price movements helps give all market participants TIME to assess the reality of the value change in BTS/USD before a chain reaction can gain speed and force shorts out of their position at a loss based upon noise rather than fundamentals.
Assume that BitUSD exchange rate tracks the USD exchange rate perfectly, if you want. I doubt it will, but it makes no difference to what I described.
Like we said earlier, if you could require 100x margin then you would be unable to shake someone from their position, but you expose yourself to the monopoly attack when someone buys up all of the BitUSD to force the margin call. Having 2x margin increases the risks of the shorts, but the good news is that 2x is just the minimum margin and any short that wishes to have a defense against certain market manipulation attacks would be proactive about maintaining higher collateral than everyone else. In time the market will learn what to expect in terms of volatility.
Cost of capital is not free. 100x collateral is permanently unworkable. Even 2x is much higher than is required today. As the attack succeeds, someone who put up 4x capital will already be halfway to the next failure...they are effectively at 2x capital.
Shorts are permanently unsafe in BitsharesX. In the real world, people would sell an asset if it were worth 10 billion dollars. They'd sell and retire. In BitsharesX if a BitAsset climbs to 10 billion BTS, and BTS is almost worthless, no one will sell. You are assuming these markets will behave the way regular markets do.
!!!This is not an ‘attack’!!!
OK – please move this discussion to something else – like ‘Miner feasibility issues on trading platforms with no real deliveries’ or even better ‘OMG, OMG margin calls make the shorts real uncomfortable’ or whatever you want to call it.
!!!This is not an ‘attack’!!!
It is still an attack. One individual or group could make this more likely to happen. I did not even get a change to explain these methods, as I am still reviewing the basics. Let's get real: You are afraid other people will read this thread, and sell their PTS, and that would mean you were wrong.
I'm sorry to rain on your parade, but when you grow up, you'll learn that, although you can "move" a conversation you don't like "away", you can't "move" reality "away". Bytemaster understand this. Good luck with the rest of middle school! !!!I hear they give extra credit for !'s !!! !!!!!!!!!!!! !!!
-
It is still an attack. One individual or group could make this more likely to happen. I did not even get a change to explain these methods, as I am still reviewing the basics.Let's get real: You are afraid other people will read this thread, and sell their PTS, and that would mean you were wrong.
I'm sorry to rain on your parade, but when you grow up, you'll learn that, although you can "move" a conversation you don't like "away", you can't "move" reality "away". Bytemaster understand this. Good luck with the rest of middle school! !!!I hear they give extra credit for !'s !!! !!!!!!!!!!!! !!!
Please elaborate on this:
Let's get real: You are afraid other people will read this thread, and sell their PTS, and that would mean you were wrong.
-
This post of Nicolai's:
https://bitsharestalk.org/index.php?topic=4573.msg57536#msg57536
gives me an idea for attack!
[UPDATE]
The possibility to be long and short at the same time makes possible to have neutral bitAsset position with limited max loss and unlimited max gain.
Which for all practical purposes (if/when all participants realize the above fact – i.e. soon as I am posting it online), instead of being neutral all bitAssets, all market participants will be short the asset and long the asset (at the same price).
Any price movement above the 2x the neutral price will move the total position in the unlimited gain area.
TODO:
How to benefit from such attack? If no way found just remove the ‘attack’ status and move the argument to reason #3 (in order of importance) why BTS X price prediction model won’t work.
-
That's not true. Gold/Oil contracts may be redeemable for gold/oil, but they usually aren't. In practice, those that are so redeemable almost never are (only industrial firms which actually needed to buy gold/oil anyway do such transactions, typically through intermediaries). Moreover, although you say "You do not buy BitUSD unless you expect BTS to have value in the future" you have not shown why. I just described a second reason why one might buy BitUSD: precisely because they feel that BTS will have a LOWER value in the future. This is usually why people buy gold contracts! Separately, you are swapping "lower" with "zero" almost randomly.
You buy BitUSD if you expect BTS to fall at reasonable rates, but not if you expect BTS to have catastrophic volatility or no value at all. So BitUSD is only a hedge against falling BTS within the scope of a reasonable market. BitUSD cannot hedge you against the possibility of system failure or complete loss of confidence.
The fact that other contracts can potentially be redeemed means that assuming the counter-party is solvent and not fraudulent that you have infinite margin (assuming 100% reserve exchange). The fact that people often settle for cash rather than take delivery is beside the point.
In the 'slow decay' example you show there is no 'attack' it is just consistent losses by the shorts for being on the wrong side of the market. An attack specifically aimed at causing rapid change and a short squeeze in order to justify profits is effectively the SlingShot attack. This is a risk all shorts take, especially when books are open. Fortunately, attempts at manipulating up the price of BitUSD does not change the real value of BTS on the blockchain and thus creates profit opportunities for shorts who compare BitUSD to real USD.
So your attack has to be based upon manipulating the real world perception on the value of BTS relative to USD.
Your primary argument is that rational market actors will choose to join the attack rather than fight the attack and thus the market will attack itself so-to-speak. The thinking goes something like this.... I see the price of BitUSD rising and a short squeeze start... at the start of the short squeeze every market participant is in a race to buy so they can sell high to the shorts. The result being that in the event of a squeeze shorts loose everything rather than just part of their position as would have been the case had the rest of the market not jumped on the opportunity to stick it to the shorts.
So recognizing that a squeeze could happen at any time, one may choose to buy and hold BitUSD so that they can 'profit' form the eventual squeeze. This only works if the squeeze happens in the short term and is catastrophic to the speculator if there is a slow steady growth in the value of BTS prior to the squeeze because of lost opportunity cost.
Bottom line: it works the same as any other market, once participants recognize a short squeeze in progress everyone buys in... during the squeeze BitUSD goes up in value relative to real USD. However, what goes up in a squeeze must comes down and thus everyone who bought in the rush that wasn't covering could be caught with their pants down when the tide goes out and prices return to normal. Thus speculating in a short squeeze is very risky, especially with low frequency trading on the blockchain and price move limits.
Conclusion: the market will expect periodic short squeezes, these squeezes can be triggered to some extent by large actors. The most likely timing of a squeeze is after a large natural fall in BTS which magnifies the power of the manipulator who only has to tip it over while collateral is low and thus the attack is easiest. Once again, this is just normal behavior. People see a price fall, anticipate a potential squeeze so buy BitUSD to get ahead of it which causes a chain reaction to start the squeeze.
However, for every individual who wants to buy at the start of the squeeze to sell at the height someone else recognizes that the safest play in this case is a short position on BitUSD with a large collateral to prevent a margin call that is executed once the squeeze is already clearly underway. They can then wait out the squeeze and profit maximally. This rational action works to limit the scope and potential of the squeeze because making money from shorting into a squeeze with large collateral is much less risky than attempting to time the market.
Yes, people can attempt to push the market around, but the volatility of BitUSD will be much lower than the volatility of BTS. Most traders will recognize that BitUSD will fluctuate around the dollar and thus know that any deviation is short-term. Those that wish to sell BitUSD wait until it is overvalued, those that wish to buy wait until it is undervalued for the best deal and professionals trade the arbitrage on a daily basis.
-
This post of Nicolai's:
https://bitsharestalk.org/index.php?topic=4573.msg57536#msg57536
gives me an idea for attack!
[UPDATE]
The possibility to be long and short at the same time makes possible to have neutral bitAsset position with limited max loss and unlimited max gain.
Which for all practical purposes (if/when all participants realize the above fact – i.e. soon as I am posting it online), instead of being neutral all bitAssets, all market participants will be short the asset and long the asset (at the same price).
Any price movement above the 2x the neutral price will move the total position in the unlimited gain area.
TODO:
How to benefit from such attack? If no way found just remove the ‘attack’ status and move the argument to reason #3 (in order of importance) why BTS X price prediction model won’t work.
I don't follow... do it step by step. I buy both bts and bitusd. Now what?
Sent from my SCH-I535 using Tapatalk
-
'I don't follow... do it step by step. I buy both bts and bitusd. Now what?'
You buy 1 bitUSD and sell 1 bitUSD BTW not 'buy both bts and bitusd.'
Neutral* bitAsset position with unlimited max gain.
*[neutral] Read with limited max loss of 0 i.e. riskless (for this particular asset) and at 0 cost;
0 risk and 0 cost (and do not star arguing that there is commission, so it is not 0 cost – for all practical purposes it is 0 cost) with gain potential - generally no one in his right mind offers such benefits. It is potentially a lot for nothing situation…
How one profits from this? – I do not know yet, working on it… all I know it is a situation that is so good it is not logical to exist. Close relative: lotto ticket at ~0 price and 10^-12 chance to win $100. => the lotto organizer is doing something wrong.
-
'I don't follow... do it step by step. I buy both bts and bitusd. Now what?'
You buy 1 bitUSD and sell 1 bitUSD BTW not 'buy both bts and bitusd.'
Neutral* bitAsset position with unlimited max gain.
*[neutral] Read with limited max loss of 0 i.e. riskless (for this particular asset) and at 0 cost;
0 risk and 0 cost (and do not star arguing that there is commission, so it is not 0 cost – for all practical purposes it is 0 cost) with gain potential - generally no one in his right mind offers such benefits. It is potentially a lot for nothing situation…
How one profits from this? – I do not know yet, working on it… all I know it is a situation that is so good it is not logical to exist. Close relative: lotto ticket at ~0 price and 10^-12 chance to win $100. => the lotto organizer is doing something wrong.
I like this kind of analysis... lets see if I can rephrase it.
You buy 1 BitUSD and short 1 BitUSD and we assume parity at the time you took the position; therefore your account looks like:
2 BTS held as collateral for 1 BitUSD
1 BitUSD held on your balance sheet.
Total Initial Cost: 2 BTS.
If BTS goes down your short position is wiped out and you can sell your 1 BitUSD for 2 BTS... break even.... it may be possible for someone else to call your short and thus the going price for you to sell your 1 BitUSD for may be less than 2 BTS.
If BTS doubles in value, then you can cover for .5 BTS and sell your 1 BitUSD for 2 for a grand total of 3.5 BTS, a gain of 1.5 BTS.
If you held 2 BTS then you could have had 4 BTS or a .5 BTS opportunity cost
So the conclusion would be that the 'always win' move is to hold both at the same time... If there is a always win position that might suggest there there is an always loose position and that the system is unbalanced. Either that or the 'always win' move isn't truly an always win position.
So I think I found the problem with the analysis... It is always win in terms of BTS, but if you do it in terms of USD then it isn't. Lets run the same numbers again.
Initial Cost $2 to buy 2 BTS and enter the short/long position at the same time.
BTS crashes... you end up with 2 BTS worth $0.50 for a total of $1 (a 50% loss or more)
BTS doubles... you end up with 3.5 BTS worth a total of $7 for an opportunity cost of $1
If instead you had gone long 2 BitUSD then you would have ended up with 4 BTS worth $2.00 (break even or less).
So I think we need to be very careful how we calculate our profits and losses with various trading strategies because it is very easy to be deceived into thinking you have gains which are just nominal rather than real.
-
Updated post is here: https://bitsharestalk.org/index.php?topic=3130.msg57694#msg57694
2 BTS held as collateral for 1 BitUSD
1 BitUSD held on your balance sheet.
Total Initial Cost: 2 BTS.
Actually correct:
2 BTS held as collateral for -1 BitUSD
-1 BitUSD held on your balance sheet.
1 BitUSD held on your balance sheet.
Total Initial Cost: 2 BTS
...continuing...updating... 5%....
this will likely lead this:
Initial Cost $2 to buy 2 BTS and enter the short/long position at the same time.
BTS crashes... you end up with 2 BTS worth $0.50 for a total of $1 (a 50% loss or more)
BTS doubles... you end up with 3.5 BTS worth a total of $7 for an opportunity cost of $1
to be actually:
Initial Cost $2 to buy 2 BTS and enter the short/long position at the same time.
BTS crashes... you end up with 2 BTS worth a total of X - IT does not matter what X is; You have 2 BTS worth the same as if you just bought 2 BTS and hold them.
BTS doubles + ... you end up with 1 BTS worth a total of $Z > $2 for an opportunity cost of $0
...updating... 7%....
BTW on a side note you are introducing the outside market in this discussion, which taints your analyses (probably due to the discussion with MolonLabe).
I am of the opinion that the outside market/s are important if you try to analyze the feasibility of the system (the general concept). And I consider an ‘attack’ only something that is implementation specific, and not something proving the general idea of the system inapplicable… But it is may be just me.
-
2 BTS held as collateral for 1 BitUSD
1 BitUSD held on your balance sheet.
Total Initial Cost: 2 BTS.
Actually correct:
2 BTS held as collateral for -1 BitUSD
-1 BitUSD held on your balance sheet.
+1 BitUSD held on your balance sheet.
Total Initial Cost: 1 BTS
Tony, your math is not adding up. The initial cost is 2 BTS. Please check it carefully.
-
CRUDE Form of “Have a cake and eat it too attack”
attack description:
https://bitsharestalk.org/index.php?topic=3130.msg57544#msg57544
https://bitsharestalk.org/index.php?topic=3130.msg57576#msg57576
1. Due to publication in the internet (i.e. available to everyone) it is known that you can have risk free position in bitUSD (in the BTS X exchange) which cost 0 %.
2. It is also clear that in 99%+ of the time such position will make 0% dollars.
3. In order to increase your chances of success you must have your (1 bitUSD; - 1bitUSD) position as low as possible (as low as possible ratio bitUSD/USD).
4. Significant part of the market participants are aware of p.1-3, so coordinated or not, but in their joint knowledge and interest they drive the price of bitUSD low and take their neutral position (1 bitUSD; - 1bitUSD)
5. rest is history… the price is returning to near parity bitUSD/USD ~1; all who took their '1'/-1 position below ½ bitUSD/USD make money; all who took their 1/-1 position in the ½ to 1 range end up even; all who did not read about the “Have a cake and eat it too attack” pay for the party….
F*** !!!! The F***** thing is changing my 'plus ones' to +5%
-
Tony, your math is not adding up. The initial cost is 2 BTS. Please check it carefully.
Seems fine to me.... will double check though!
Yes you are right... it is wrong let see if this changes anything(it should not).
-
CRUDE Form of “Have a cake and eat it too attack”
attack description:
https://bitsharestalk.org/index.php?topic=3130.msg57544#msg57544
https://bitsharestalk.org/index.php?topic=3130.msg57576#msg57576
1. Due to publication in the internet (i.e. available to everyone) it is known that you can have risk free position in bitUSD (in the BTS X exchange) which cost 0 %.
2. It is also clear that in 99%+ of the time such position will make 0% dollars.
3. In order to increase your chances of success you must have your (1 bitUSD; - 1bitUSD) position as low as possible (as low as possible ratio bitUSD/USD).
4. Significant part of the market participants are aware of p.1-3, so coordinated or not, but in their joint knowledge and interest they drive the price of bitUSD low and take their neutral position (1 bitUSD; - 1bitUSD)
5. rest is history… the price is returning to near parity bitUSD/USD ~1; all who took their '1'/-1 position below ½ bitUSD/USD make money; all who took their 1/-1 position in the ½ to 1 range end up even; all who did not read about the “Have a cake and eat it too attack” pay for the party….
F*** !!!! The F***** thing is changing my 'plus ones' to +5%
Step 4 is the problem... where you make all of your assumptions. Explaining it at this hour is a tad difficult, but you start off assuming 'intent to drive the price to point X' so we can profit on the rebound can be uncoordinated and naturally happen because those 'in the know' can predict when everyone else will make this initial move and thus everyone can act in concert...
I have news for you, if we all knew in advance that someone were going to drive the price to point X, then we would buy low and sell at X and use as much leverage as we could. If everyone knows that price X is out of balance then you wouldn't want to be +/- at the same time, you would go all in because the market direction would be obvious.
-
Explaining it at this hour is a tad difficult is correct and I did not wrote this CRUDE Form of the “Have a cake and eat it too attack” for you to read before tomorrow. Also I hoped I will refine/clarify it till then so... night now
-
"... or destroy the market even with no personal gain"
maybe a competitor?
-
'I don't follow... do it step by step. I buy both bts and bitusd. Now what?'
You buy 1 bitUSD and sell 1 bitUSD BTW not 'buy both bts and bitusd.'
Neutral* bitAsset position with unlimited max gain.
*[neutral] Read with limited max loss of 0 i.e. riskless (for this particular asset) and at 0 cost;
0 risk and 0 cost (and do not star arguing that there is commission, so it is not 0 cost – for all practical purposes it is 0 cost) with gain potential - generally no one in his right mind offers such benefits. It is potentially a lot for nothing situation…
How one profits from this? – I do not know yet, working on it… all I know it is a situation that is so good it is not logical to exist. Close relative: lotto ticket at ~0 price and 10^-12 chance to win $100. => the lotto organizer is doing something wrong.
I like this kind of analysis... lets see if I can rephrase it.
You buy 1 BitUSD and short 1 BitUSD and we assume parity at the time you took the position; therefore your account looks like:
2 BTS held as collateral for 1 BitUSD
1 BitUSD held on your balance sheet.
Total Initial Cost: 2 BTS.
If BTS goes down your short position is wiped out and you can sell your 1 BitUSD for 2 BTS... break even.... it may be possible for someone else to call your short and thus the going price for you to sell your 1 BitUSD for may be less than 2 BTS.
If BTS doubles in value, then you can cover for .5 BTS and sell your 1 BitUSD for 2 for a grand total of 3.5 BTS, a gain of 1.5 BTS.
If you held 2 BTS then you could have had 4 BTS or a .5 BTS opportunity cost
So the conclusion would be that the 'always win' move is to hold both at the same time... If there is a always win position that might suggest there there is an always loose position and that the system is unbalanced. Either that or the 'always win' move isn't truly an always win position.
So I think I found the problem with the analysis... It is always win in terms of BTS, but if you do it in terms of USD then it isn't. Lets run the same numbers again.
Initial Cost $2 to buy 2 BTS and enter the short/long position at the same time.
BTS crashes... you end up with 2 BTS worth $0.50 for a total of $1 (a 50% loss or more)
BTS doubles... you end up with 3.5 BTS worth a total of $7 for an opportunity cost of $1
If instead you had gone long 2 BitUSD then you would have ended up with 4 BTS worth $2.00 (break even or less).
So I think we need to be very careful how we calculate our profits and losses with various trading strategies because it is very easy to be deceived into thinking you have gains which are just nominal rather than real.
To get a better understanding I will do the 2 possible neutral positions (let’s call them ‘Simple Neutral Position’ and ‘System Enhanced Neutral Position’) in parallel, so it is easier to see the differences:
1.Open the position
‘Simple Neutral Position’
2 BTS held on the balance sheet.
Total Initial Cost: 2 BTS.
Initial Cost $2 to buy 2 BTS.
-------
‘System Enhanced Neutral Position’:
You buy 1 BitUSD and short 1 BitUSD and we assume parity at the time you took the position; therefore your account looks like:
2 BTS held as collateral for -1 BitUSD
1 BitUSD held on your balance sheet.
Total Initial Cost: 2 BTS.
Initial Cost $2 to buy 2 BTS and enter the short/long position at the same time.
2. Scenario - BTS doubles...:
‘Simple Neutral Position’ 2BTS * $2 = $4;
‘System Enhanced Neutral Position’ – you sell your 1bitUSD and at the same price cover your short (i.e -1 bitUSD); 2 BTS collateral is released back to you; 2BTS * $2 =$4
3. Scenario - BTS crashes...:
‘Simple Neutral Position’: 2 BTS worth $0.33 for a total of $.66
‘System Enhanced Neutral Position’ ; your short was closed so you end with 0 BTS from the collateral; you have 1 bitUSD worth 3.03 PTS; you sell it and end up with 3 BTS; 3*$0.33~ $1
In the last scenario you see the enhancement;
-
I gave a lot of thought about the “Have a cake and eat it too” attack and came to really really sad conclusion:
1. It won’t be a problem to explain to BM why this is actually an attack. (My definition of attack is – flow/ deficiency in the implementation that leaves the system vulnerable and gives a possibility to malicious participants to either benefit (financially) or destroy the market even with no personal gain)
2. The problem is that even if the flow is fixed (the flow in this case is the possibility for an account to be short and long the same bitAsset at the same time), the possibility for someone to be long and short the same asset, (coupled with the limited risk of the short position to 2x max loss) still exists! The malicious player will just need 2 accounts to achieve this same result… and I do not see how this can be prevented => this is deficiency of the model (of the prediction market called BTS X) existing on a blockchain with no access to all assets of the short position holder but just to up to his initial margin.
3. The unfortunate result of 2. is that the “Have a cake and eat it too” is not simply an attack (something fixable) but argument #3 why BTS X will not work. And this is pretty bad news for me, as I will truly benefit much more if the BTS X experiment does work…
…well let’s hope it does against all odds...
-
System Enhanced Neutral Position’:
You buy 1 BitUSD and short 1 BitUSD and we assume parity at the time you took the position; therefore your account looks like:
2 BTS held as collateral for -1 BitUSD
1 BitUSD held on your balance sheet.
Total Initial Cost: 2 BTS.
Initial Cost $2 to buy 2 BTS and enter the short/long position at the same time.
You forgot the cost of buying the BitUSD.
You have 2 BTS, you short 1 BitUSD at 1:1.
Now you have 0 BTS *and that's it*, you do not have 1 BitUSD also! This is why I was emphasizing the order of things in the other thread.
You can BUY 1 BitUSD if you had more BTS. Then your total cost was 3 BTS for: 1 BitUSD, -1 BitUSD on the sheets, and 2 BTS in collateral.
-
Nicolay,
I politely ask you to leave the responses in this thread to Dan...
As you are incorrect here, the same way you were incorrect in the other thread.
I don't think that's right... you put up 2x collateral at the time you place the order. The bts you trade the bitusd for and your margin are separate. You never have negative balance, just locked collateral
Sent from my SCH-I535 using Tapatalk
Each party puts up 1x for a total of 2x entering the trade, and the output of the trade is -USD backed by 2x and +USD
-
Actually I believe Dan was agreeing and clarifying what I mean. You put up 1x for a total of 2x entering the trade. The output of the trade is "-USD" aka a cover opportunity for 1 USD and it is backed by 2x in collateral and the +USD on the other side of the trade. End result: network has 2 BTS, you have 1 BTS (aka 1 bts + "2 BTS" in collateral + "-1 USD" opposite trade).
edit: added in 1 BTS you got from the trade for completion
I'm glad to let Dan do the arguing but maybe he will be kind enough to endorse my position here, or explain why it is wrong since you haven't
-
'You have 2 BTS, you short 1 BitUSD at 1:1.
Now you have 0 BTS *and that's it*, you do not have 1 BitUSD also!'
-With 1 BTS you sell 1bitUSD; you end up with -1bitUSD; the collateral of 2 BTS is formed by said (your) 1 BTS and the 1 BTS received from the sale of said 1 bitUSD.
-With 1 BTS you buy 1bitUSD so you do have 1 BitUSD.
-
Have made allready so many clicks to see what bytemaster will say... :)
-
You do not believe tonyk is a BM's alias???
-
'You have 2 BTS, you short 1 BitUSD at 1:1.
Now you have 0 BTS *and that's it*, you do not have 1 BitUSD also!'
-With 1 BTS you sell 1bitUSD; you end up with -1bitUSD; the collateral of 2 BTS is formed by said (your) 1 BTS and the 1 BTS received from the sale of said 1 bitUSD.
-With 1 BTS you buy 1bitUSD so you do have 1 BitUSD.
Ok I see what you are saying... this is equivalent and I think I may have messed up an earlier explanation if you think I disagree. It just depends on whether the market takes collateral from you and gives you the BTS or if it takes the collateral from the trade and only requires 1x from you, but this all happens atomically anyway.
In other words, you still end up with 1 BTS and 0 BitUSD, with a cover opportunity to get 2 BTS for 1 BitUSD. Your entry cost was 2 BTS.
I think we're on the same page now.
-
fuck I messed up again. The edit:
In other words, you still end up with 1 BTS and 0 BitUSD, with a cover opportunity to get 2 BTS for 1 BitUSD. Your entry cost was 2 BTS.
-
Here's a question, if this position always wins, then which position is the one that always loses? Just holding BTS?
-
First of all it does not always win! But it is like a zero price lottery ticket.
The loser are the holders of ‘Simple Neutral Position’ i.e. BTS holders that are neither long nor short bitUSD (as they did not get their hands on those $0.00 lottery tickets that just won).
If you ask where the money come from I must give it a bit of thought…
-
More important is how existing market deal with the issue..
They use:
1. Caps on price movement.
2. Daily margin requirements that must be met pretty quickly or liquidation follows.
3. The daily margins are re-calculated often (daily) and are based on recent past volatility.
4. and of course there are no mixed accounts (i.e. you can either be short/long or have no position in any particular asset – it also means that buying 1contract of any Asset always covers your short position if you have one, no matter if you placed a cover order (if one exists) or straight buy order)
-
More important is how existing market deal with the issue..
They use:
1. Caps on price movement.
2. Daily margin requirements that must be met pretty quickly or liquidation follows.
3. The daily margins are re-calculated often (daily) and are based on recent past volatility.
4. and of course there are no mixed accounts (i.e. you can either be short/long or have no position in any particular asset – it also means that buying 1contract of any Asset always covers your short position if you have one, no matter if you placed a cover order (if one exists) or straight buy order)
#4 is curious, wouldn't that mean me and a buddy could make a deal and perform the same "attack"? This isn't even illegal or anything, you could just arrange it on another marketplace, right?
For #3, I think any function from volatility to margin requirement which has an upper bound can be replaced with some "X margin with Y call ratio" that is strictly safer. So for #2 we just have continuous instead of daily evaluation.
#1 is already being considered but I don't see how it affects this attack since it is independent of price movement speed
-
#1 is already being considered but I don't see how it affects this attack since it is independent of price movement speed
Actually #1 is the most important and we MUST have it. (not only because of this attack. BTW)
It puts artificial brake on the price movement speed! – i.e. at price change of >=5% the trading stops for 2 hours. at price change of >=10% the trading stops for the day.
-
Good news!!!!!
I think I have a solution, BM!
It is pretty ugly (both from market point of view and will definitely delay the implementation...)
If you can offer a bounty of 100 PTS (total for the attack + the solution) I can go ahead and save you some time and effort …
-
Good news!!!!!
I think I have a solution, BM!
It is pretty ugly (both from market point of view and will definitely delay the implementation...)
If you can offer a bounty of 100 PTS (total for the attack + the solution) I can go ahead and save you some time and effort …
If I use your solution and agree that it is an attack then I'll pay you 100 PTS.... if I see no attack or reject your solution then no pay.
-
...if I see no attack...
If your see no attack/ deficiency of the model, I do not think those PTS will be worth much anyway... we cannot afford unwise prophet.
You can always say that something is not my solution by changing just some little detail… so I read your answer as ‘Thanks. But no, thank you”, which is fine with me because mine is ugly solution anyway and you might come with something more elegant
-
Good news!!!!!
I think I have a solution, BM!
It is pretty ugly (both from market point of view and will definitely delay the implementation...)
If you can offer a bounty of 100 PTS (total for the attack + the solution) I can go ahead and save you some time and effort …
If I use your solution and agree that it is an attack then I'll pay you 100 PTS.... if I see no attack or reject your solution then no pay.
...if I see no attack...
If your see no attack/ deficiency of the model, I do not think those PTS will be worth much anyway... we cannot afford unwise prophet.
You can always say that something is not my solution by changing just some little detail… so I read your answer as ‘Thanks. But no, thank you”, which is fine with me because mine is ugly solution anyway and you might come with something more elegant
FACEPALM! ARE YOU GUYS 5??!?
-
Why 5 year olds?
I think (and obviously Dan too) that it is only reasonable to expect that a development team that is paid about $200,000 -$250,000 a month or 100 PTS every 20 minutes ( according to this post https://bitsharestalk.org/index.php?topic=3916.msg57306#msg57306 ) + Dan, to have much better chance of finding elegant solution to the problem, than my lonely self.
Additionally, he did not ask for my help and me offering it (with strings attached nevertheless, be it pocket change or not) is kind of stupid on my behalf, , so Dan responded with his unfulfillable conditions.
-
If you formulate it like "I won't tell unless you pay", of course he is not going to pay.
If Dan says "I will only pay if I think it is a solution to an attack", of course you are not going to tell.
If you looked at Dan's history you'll see him tip not only people who find non-attacks, but also people who didn't ask for tips but contributed to the discussion anyway. So I think he was hedging against the possibility that your attack is a non-attack or your solution is a non-solution and doesn't want to set a precedent for people to hold knowledge hostage.
Want me to help you guys come up with a mutually beneficial deal or can you work it out yourself?
-
Let see if he considers this an attack... :)
I do not, but I do consider it something even more dangerous…
-
2. Scenario - BTS doubles...:
‘Simple Neutral Position’ 2BTS * $2 = $4;
‘System Enhanced Neutral Position’ – you sell your 1bitUSD and at the same price cover your short (i.e -1 bitUSD); 2 BTS collateral is released back to you; 2BTS * $2 =$4
3. Scenario - BTS crashes...:
‘Simple Neutral Position’: 2 BTS worth $0.33 for a total of $.66
‘System Enhanced Neutral Position’ ; your short was closed so you end with 0 BTS from the collateral; you have 1 bitUSD worth 3.03 PTS; you sell it and end up with 3 BTS; 3*$0.33~ $1
I'm not at all convinced of this "attack".
To me it seems like being short and long at the same time would be about equivalent to just holding BTS and being neither short or long.
I agree with your first "scenario" that both positions have the same outcome.
I don't agree with your second scenario.
first of all, if the shorts have been blown out it is not a fair assumption that bitUSD tracks the dollar anymore. Bytemaster has already stated that in a short squeeze if bitUSD runs out of collateral it can go below the dollar until BTS recovers or people just have to sell their bitUSD at a loss. So you don't get the $1 value for your bitUSD that you were counting on.
Second of all, you can lose money another way.
If BTS falls from $1 to $0.75 now you only have $1.50 of BTS backing the bitUSD and I think this is the actual point that you run into a margin call and it sells your collateral to cover your loss. It doesn't wait all the way up until BTS has dropped to $0.50 before you have to sell to cover.
So all that needs to happen is for BTS to drop 25% and then you are paying a penalty for forcing the sale of your collatoral.
You can always say that something is not my solution by changing just some little detail…
This is a ridiculous accusation. You are calling into question bytemaster's honor and ethics for no reason at all. He has always been very reasonable and a man of his word. If you don't believe bytemaster is a man of his word than I have no idea why you are investing in this project in the first place. There is no justification for you to accuse bytemaster of being so petty that he will cheat you out of 100PTS.
Then you turn around and expect the community to pay you upfront to reveal your "solution" and trust that it has value without even seeing it.
If we start paying everyone who claims to have some important piece of information but we can only find out by paying up front we will be out of money in no time and will have given a lot of money to people who obviously don't care about bitshares. You only have to look at the number of people who post ideas that they haven't thought through to see why this is a non-starter.
-
3. Scenario - BTS crashes...:
‘Simple Neutral Position’: 2 BTS worth $0.33 for a total of $.66
‘System Enhanced Neutral Position’ ; your short was closed so you end with 0 BTS from the collateral; you have 1 bitUSD worth 3.03 PTS; you sell it and end up with 3 BTS; 3*$0.33~ $1
Wait a second, you still lost money, just less money. So it's not a free lottery ticket, it's just lower EV to go long BTS without shorting some amount of BitUSD along with it. And you win less than if you had held a BTS instead of a BitUSD outside of the short position.
Not this just seems like a normal hedge and in low volatility you win against people who just hold USD, or people who are short USD and re-short or just hold the BTS outside the collateral instead of getting a BitUSD.
-
Agent86,
Thanks for accusing me of accusing Dan… when I just said he can (not he will). But hey go ahead…
@toast at 12:56 AM 5/14 Wait a second, you still lost money, just less money.
tonyk at 05:21:58 PM 5/13 "First of all it does not always win!" …
I am tired of going in circles, repeating one and the same thing in 7 different ways and as a result receiving made up accusations.
I think I am done with this thread.… read or not… decide or not…implement or not… I really do not care… That’s my last post in this thread.
-
Agent86,
Thanks for accusing me of accusing Dan… when I just said he can (not he will). But hey go ahead…
I'm sorry if I misinterpreted.
-
Tonyk,
You have clearly spent significant time analyzing our designs and systems and then debating in this thread. You certainly deserve a tip for that effort.
Agent86 did a wonderful job reviewing the so-called attack or proof that the system cannot work. I spent some serious time considering the implication of any imbalances that could result from the short/long at the same time approach. Here is my analysis:
There is opportunity cost associated with the move in many cases.
Agent86 rightly pointed out that in the far more likely case (slow moves) your short position will have been closed out with a penalty long before the entire position was liquidated.
The position is only apparently advantageous in the event of a rapid global blowout.
Agent86 rightly pointed out that BitUSD would likely break parity in the short run until people accepted their losses, however, if you held it long enough you could eventually get parity.
So my conclusion is that market participants will each calculate their own risks and that the market will do something and that something will likely be useful by some metric and we can learn.
-
Keep your tip… give it to yourself / Agent86 for his excellent mind reading abilities…Other than his excellent mind reading he deserves the tip for many more achievements today – Defending your high character when nobody is attacking it; building and delivering made up accusation; and probably most important of all – building in the conscience of masses that – “As long as BM has said that decoupling of bitUSD from USD can occur, it makes it OK, almost desirable you know…”
In exchange to the financial benefits offered to me, I will gladly accept you PM me your 'airdropping secret plan…'
-
tony, I'm sorry again for misunderstanding you and for trying to read your mind :) and I appreciate your contributions.
I think we all just want to get a test network up and running so we can see the exact implementation. I imagine these conversations will be more easily resolved when we can all try things out. So this must be the focus for now.
-
tony, I'm sorry again for misunderstanding you and for trying to read your mind :) and I appreciate your contributions.
I think we all just want to get a test network up and running so we can see the exact implementation. I imagine these conversations will be more easily resolved when we can all try things out. So this must be the focus for now.
We are all waiting on you...Dan
-
.. and we are patient...
-
(http://mypianolessons.net/wp-content/uploads/2013/01/how-to-practice-keeping-time-300x225.jpg)
-
Day one...I have not received my PM neither I have seen the tip to Agent86… well may by Dan is busy with BTS X (heard something about major update?!?)… will have to wait then…
-
What was I supposed to pm u about?
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
-
Magical airdrop/marketing secret idea of yours...
I am fine by you sending the tip to Agent86 if the idea is top secret though...which ever works for you better.
-
Magical airdrop/marketing secret idea of yours...
I am fine by you sending the tip to Agent86 if the idea is top secret though...which ever works for you better.
I'll leave the discussion of magical airdrop marketing ideas to the Beyond Bitcoin saturday morning chats OFF THE RECORD until we finalize on the best approach.
-
Send the tip to Agent86 than.
-
Send the tip to Agent86 than.
Thanks for the support tony, I'm with you in that I'm not worried about tips as much as I care about the success of bitshares.
I only have my BTC address at the moment 12iiqzhxn35EQbPDPt8ssLuJx3QtogNqLJ. If it takes time out of your day to tip me BM, there's no need.
-
I only have my BTC address at the moment 12iiqzhxn*****?
If you do not have access at the moment, post it when you go home or where ever you have it. It would be pretty weird if do not have PTS account at all though...
-
Magical airdrop/marketing secret idea of yours...
I am fine by you sending the tip to Agent86 if the idea is top secret though...which ever works for you better.
I'll leave the discussion of magical airdrop marketing ideas to the Beyond Bitcoin saturday morning chats OFF THE RECORD until we finalize on the best approach.
If you get a chance can you pm me with some highlights from the discussion? Maybe I can add some ideas in private which could improve on whatever the Bitshares team is contemplating.
From what I'm seeing the technology is passing the tests so if we can get the marketing right we all win.
-
Day one...I have not received my PM neither I have seen the tip to Agent86… well may by Dan is busy with BTS X (heard something about major update?!?)… will have to wait then…
Day 3 - May 18, 2014, 02:12:56 AM
The public books still show no tip sent to important contributor to this topic – i.e. AGENT86 !!!
-
Send the tip to Agent86 than.
Thanks for the support tony, I'm with you in that I'm not worried about tips as much as I care about the success of bitshares.
I only have my BTC address at the moment 12iiqzhxn35EQbPDPt8ssLuJx3QtogNqLJ. If it takes time out of your day to tip me BM, there's no need.
Agent86... thank you for your support and consideration of my time. I'll have Stan tip you for the effort and if you want it re-invested in the project you can give back via AGS.
-
Send the tip to Agent86 than.
Thanks for the support tony, I'm with you in that I'm not worried about tips as much as I care about the success of bitshares.
I only have my BTC address at the moment 12iiqzhxn35EQbPDPt8ssLuJx3QtogNqLJ. If it takes time out of your day to tip me BM, there's no need.
Agent86... thank you for your support and consideration of my time. I'll have Stan tip you for the effort and if you want it re-invested in the project you can give back via AGS.
Tip for Tonyk:
Status: 0/unconfirmed, broadcast through 6 nodes
Date: 5/19/14 11:23
To: Tonyk - PgjNdTXCQQV97eBd5vaCHiqUtAvFF9B4xK PgjNdTXCQQV97eBd5vaCHiqUtAvFF9B4xK
Debit: -30.00 PTS
Net amount: -30.00 PTS
Transaction ID: 2bebec196ddceb4529ca1afd5e823953ccfbcfada8d86cef3ee392f1b05ee2a5
Tip for Agent86 will go out as soon as my @#%*~! BTC wallet completes its 36-hour rebuild cycle tomorrow.
Thanks!
-
Thanks for the tip!
Dan, now that you have given me a tip after I specifically refused it, here is in return, my decision to my non-attack.
Actually I have posted the main ingredients in a post long time ago. As I said it is ugly decision but the benefit is it prevents decoupling of bitUSD (and other assets).
https://bitsharestalk.org/index.php?topic=3130.msg44854#msg44854
For this scenario I actually suggest variant 3 (‘c.’ in the original post) of my early suggestion: close the position with the position of the longs that opened with prices closest to the price the short ( that is being force closed/covered) was opened. This way the longs will know that if the price goes up 2 times there is great chance their position (or part of it) will be force-closed, so they can take appropriate action.
Consider the above if you think it worth the ‘price’ of such rule in order to prevent asset decoupling, or do not… it is up to you now.
-
Over the past week many people have identified certain attacks that we must guard against in the initial chain. The theory behind BitShares XT works very well in a large established network, but early on in the life of a network things break down due to low market depth. A few simple attacks have come to my attention that must be resolved and I will be posting them each in their own thread. I would like to use this thread to discuss potential attacks and if an attack warrants in depth discussion I will spawn a new thread to discuss it.
I am not going to place a specific bounty price for finding attacks, lets just say that if you bring something to my attention that makes me realize something new that I will tip very generously up to hundreds of PTS.
This thread is motivated by the discovery of two attacks for which I have found solutions which will impact BitShares XTs rules:
Attack 1) The SIDS Attack (Sudden Instant Derivative Sack)
In this attack any user who is around when the blockchain is first launched can issue themselves $1 billion BitUSD as a long position with a short position of $1 billion BitUSD backed by 1 BTS. It doesn't matter what the future consensus is, the short position will be blown out in a massive way and leave billions of BitUSD laying around with no backing.
The solution to the SIDS Attack is two fold:
a) no market trading will be allowed for the first N days to allow enough people time to enter bids and asks that arrive at market consensus.
b) no market trading will be allowed anytime either side of the order book has a depth below D% of the share supply.
This rule effectively states that for blockchain based trading to occur in an automated way there must be a quorum of shareholders agreeing on the price. This does not prevent private parties from transferring BitUSD or BTS to other users or arranging manual trades. It simply prevents any manipulation of the price that could result in margin calls at unrealistic prices.
The values for N and D are subject to debate, but my gut feeling is that N should be 14 days and D should be 5%
Attack 2) The SlingShot Attack (Other names welcome)
In this attack, the attacker will place a large short order close to 2x above the current ask. Under normal conditions this order would never be filled. Then the attacker starts buying to push the price up until he triggers a short squeeze. The short squeeze starts a chain reaction that pushes the price clear up into the attackers short position. Then the price falls back to where it should and the attacker covers their position with a 50% gain. Whether this attack is profitable or not depends upon how big of a short squeeze the attacker can trigger and how little is required to kick off the squeeze.
I have been thinking long and hard about the SlingShot Attack and have concluded that the only solution is to increase margin requirements. As it exists today, if someone wants to short 1 BitUSD the most they risk is 1 BitUSD. On a traditional exchange, if you want to short something your potential losses are infinite because if you run out of margin then they can come after your savings, your house, and your future income. The SlingShot Attack is much harder if the margin requirements make the probability of a short squeeze much lower.
Lets assume a very conservative amount of margin, 10x. To perform the SlingShot attack would require pushing the price up 9x and would reduce the attackers gain from a maximum of 50% to a maximum of 5%. If you then combine this increase in margin requirements with the automatic market freeze anytime the depth fell below the required threshold and you will be unlikely to walk the book enough to trigger a short squeeze without suspending trading.
What is the impact of requiring a larger margin for short positions? People will still go short, but the amount of leverage they can apply will be reduced significantly. BitUSD will still be created and thus will still trade. Instead of the marketcap of BTS being 2x the value of the trading BitAssets it would now be at least 10x the value of the BitAssets traded. Thus increasing margin requirements should only limit the ability to go short and have little influence on the price people are willing to go short. Shorts will feel much more secure knowing that other shorts are less likely to end up in a squeeze which will balance out with the added risk of losing up to 10x the amount you shorted.
Based upon these two attacks and the need for significant market depth before the chain can be 'secure' I am starting to conclude that market depth is more important than transaction volume in limiting the number of BitAssets per chain. For this reason I am thinking that the BitShares XT network should have only 2 BitAssets (Gold and Bitcoin). We want to focus the trading efforts and market depth on two assets rather than spreading the network thin. Once we understand the security implications future chains are likely to start with a larger user base, deeper markets, higher initial valuation, and thus able to support more assets securely.
Please let me know of any other attack ideas you can come up with and what your thoughts are on these rule refinements?
I am sorry for bring ups an old subjest but I just got around to read this. In order to short there must be inventory to borrow. Typically this inventory is held by institutions in the traditional market sense and lend this inventory to short sellers on margin. How are you accounting for inventory since there are no "institutions" holding inventory/float? Are you going to allow users the ability to lend out there own shares in a public pool? Are you going to show the amount of short inventory or rather the amount allowed to be borrowed to short?
maybe you have this in a paper?
-
I am sorry for bring ups an old subjest but I just got around to read this. In order to short there must be inventory to borrow. Typically this inventory is held by institutions in the traditional market sense and lend this inventory to short sellers on margin. How are you accounting for inventory since there are no "institutions" holding inventory/float? Are you going to allow users the ability to lend out there own shares in a public pool? Are you going to show the amount of short inventory or rather the amount allowed to be borrowed to short?
maybe you have this in a paper?
[/quote]
I think part of the answer is here: https://bitsharestalk.org/index.php?topic=4573.15