Author Topic: BitSuperLab please fix your feeds  (Read 9963 times)

0 Members and 1 Guest are viewing this topic.

Offline cube

  • Hero Member
  • *****
  • Posts: 1404
  • Bit by bit, we will get there!
    • View Profile
  • BitShares: bitcube
Right now it looks like we are dependent upon many free sources.

Cryptosmith accepts payment in bitgold/bitsilver so if the silver feed isn't keeping up with the live market I am sure you can see what a issue this will be, not just for myself but any merchant that wants to accept bitassets.


Many sources/greater reliability is what I am advocating here

Will there be a problem to Cryptosmith  when the price feeds are depending on free sources?
ID: bitcube
bitcube is a dedicated witness and committe member. Please vote for bitcube.

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
Many sources/greater reliability is what I am advocating here

+1
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline Gentso1

  • Hero Member
  • *****
  • Posts: 931
    • View Profile
  • BitShares: gentso
Perhaps its just over my head but I don't understand the attack vector for feed prediction myself. I just don't see how you can predict the price feed without a crystal ball.


As to answering your question, no I don't believe their is ever a 100% accurate price. I think instead of adding .2% of random filler we should focus on where we get our feeds from.

Through some of my own research I have seen that quality price feeds that are updated from many sources/markets and guarantee 99% up time and are updated more often.


Right now it looks like we are dependent upon many free sources.

Cryptosmith accepts payment in bitgold/bitsilver so if the silver feed isn't keeping up with the live market I am sure you can see what a issue this will be, not just for myself but any merchant that wants to accept bitassets.


Many sources/greater reliability is what I am advocating here 

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I guess I should just go design a feed-prediction attack and make money myself, since people seem so hard to convince.

Please do, and then after you make some money to compensate you for the time spent designing the attack, please post the attack details on the forums.  :)
+5% +5%

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
I guess I should just go design a feed-prediction attack and make money myself, since people seem so hard to convince.

Please do, and then after you make some money to compensate you for the time spent designing the attack, please post the attack details on the forums.  :)

Offline biophil

  • Hero Member
  • *****
  • Posts: 880
  • Professor of Computer Science
    • View Profile
    • My Academic Website
  • BitShares: biophil
I guess I should just go design a feed-prediction attack and make money myself, since people seem so hard to convince.

At the very least, feed scripts should randomize update times. I'll leave it at that until I can give a better argument.
Support our research efforts to improve BitAsset price-pegging! Vote for worker 1.14.204 "201907-uccs-research-project."

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
@Xeroc, I haven't actually designed a manipulation algorithm to exploit feed price prediction, but isn't it obvious that a noisy feed would be better than a predictable one? I'm working from this principle: if I can execute trades on btc38 and predict exactly what that will do to the price feed, then I can make money moving the price feed around. Probably a fraction of a percent per trade, but the fact is I'll be taking money from the system without providing any benefit. Doesn't that sound like something we should try to prevent?

It isn't obvious to me. I don't see how a deterministic price feed opens up any new attack vectors.

Let's say you could predict what the price feed would be within the next hour with perfect precision and greater than 99% confidence. What could you do with that information over someone who knows nothing about the price feed other than what it currently is? It doesn't allow you to predict how the bids and asks on the DEX will change. It allows you to know how short sells with a price limit below the feed price will change (assuming they do not get cancelled). So if you can predict that the price feed will shrink (in BTS/BitUSD) in the next 30 minutes, then maybe you decide to sell BitUSD right below the price feed and then wait for 30 minutes and then buy back more BitUSD from the short wall at the lower price. I just view this as similar to profiting from arbitrage and find it to be totally legitimate market behavior. Of course it isn't without risk since the short sell at the price feed might be cancelled after you sell the BitUSD but before the 30 minutes has passed. It also is even less of a serious issue if the delegates incorporate the most recent outside exchange info into their price feed just prior to publishing. In that case, you cannot predict the price feed very far into the future (less than 8 minutes if delegates update their price feeds each time they produce a block) since you can't predict how bids and asks will change on outside exchanges.

Offline biophil

  • Hero Member
  • *****
  • Posts: 880
  • Professor of Computer Science
    • View Profile
    • My Academic Website
  • BitShares: biophil
@Gentso- do you believe there is any such thing as a perfectly accurate price? What's the spread at btc38? 1%? 0.5%? Which price is the price you think is "correct?" The bid or ask? The price of the last trade? I think you'll agree with me that none of those are quite right; you'd almost always be more interested in something between the bid and ask. So what do you pick? The average? A recent moving average of market prices? Those sound better, but they're still only estimates. Maybe I'm being long-winded, but I'm trying to make the point that there isn't ever 1 price and the best you can ever do is estimate it. So adding in 0.2% noise will still give an accurate price feed, especially if everybody is doing it and all the noise averages out.

@Xeroc, I haven't actually designed a manipulation algorithm to exploit feed price prediction, but isn't it obvious that a noisy feed would be better than a predictable one? I'm working from this principle: if I can execute trades on btc38 and predict exactly what that will do to the price feed, then I can make money moving the price feed around. Probably a fraction of a percent per trade, but the fact is I'll be taking money from the system without providing any benefit. Doesn't that sound like something we should try to prevent?

maybe we can find a compromise and have a randomness in-line with the lowest spread of your exchanges .. if btc38 says 1% you may add randomness with a spread of less than 1% with confidence >90% or so ..
Yeah, that's more or less what I had in mind.

Another way to do it halfway is to randomize update times. Update every 20 minutes plus or minus 5.

Also there should be no hard triggers that push a new price with 100% certainty, because those could be pretty easily exploitable. Again, based on the principle that a deterministic price feed is exploitable.
Support our research efforts to improve BitAsset price-pegging! Vote for worker 1.14.204 "201907-uccs-research-project."

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
@Gentso- do you believe there is any such thing as a perfectly accurate price? What's the spread at btc38? 1%? 0.5%? Which price is the price you think is "correct?" The bid or ask? The price of the last trade? I think you'll agree with me that none of those are quite right; you'd almost always be more interested in something between the bid and ask. So what do you pick? The average? A recent moving average of market prices? Those sound better, but they're still only estimates. Maybe I'm being long-winded, but I'm trying to make the point that there isn't ever 1 price and the best you can ever do is estimate it. So adding in 0.2% noise will still give an accurate price feed, especially if everybody is doing it and all the noise averages out.

@Xeroc, I haven't actually designed a manipulation algorithm to exploit feed price prediction, but isn't it obvious that a noisy feed would be better than a predictable one? I'm working from this principle: if I can execute trades on btc38 and predict exactly what that will do to the price feed, then I can make money moving the price feed around. Probably a fraction of a percent per trade, but the fact is I'll be taking money from the system without providing any benefit. Doesn't that sound like something we should try to prevent?

maybe we can find a compromise and have a randomness in-line with the lowest spread of your exchanges .. if btc38 says 1% you may add randomness with a spread of less than 1% with confidence >90% or so ..

Offline biophil

  • Hero Member
  • *****
  • Posts: 880
  • Professor of Computer Science
    • View Profile
    • My Academic Website
  • BitShares: biophil
@Gentso- do you believe there is any such thing as a perfectly accurate price? What's the spread at btc38? 1%? 0.5%? Which price is the price you think is "correct?" The bid or ask? The price of the last trade? I think you'll agree with me that none of those are quite right; you'd almost always be more interested in something between the bid and ask. So what do you pick? The average? A recent moving average of market prices? Those sound better, but they're still only estimates. Maybe I'm being long-winded, but I'm trying to make the point that there isn't ever 1 price and the best you can ever do is estimate it. So adding in 0.2% noise will still give an accurate price feed, especially if everybody is doing it and all the noise averages out.

@Xeroc, I haven't actually designed a manipulation algorithm to exploit feed price prediction, but isn't it obvious that a noisy feed would be better than a predictable one? I'm working from this principle: if I can execute trades on btc38 and predict exactly what that will do to the price feed, then I can make money moving the price feed around. Probably a fraction of a percent per trade, but the fact is I'll be taking money from the system without providing any benefit. Doesn't that sound like something we should try to prevent?
Support our research efforts to improve BitAsset price-pegging! Vote for worker 1.14.204 "201907-uccs-research-project."

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Thinking about it I cannot come up with an attack vector that can exploit a predictable feed price .. unless you can manipulate exchanges with high volume ..
so maybe @gentso is right about this one ..

what's everyone else's opinion? Do we want a (predictable) outcome of a feed script?

//edit: a huge argument to have a predictable outcome would be reproducibility and accountability of delegate feeds .. so that's another big minus for adding randomness

Offline Gentso1

  • Hero Member
  • *****
  • Posts: 931
    • View Profile
  • BitShares: gentso
One more fairly obvious item you should add to the list is:

Always multiply your published price by a random number that is close to 1; maybe within a quarter percent of one. It's an easy step that makes the price feed that much less predictable and improves security against precision market manipulation.
Really? And this totally screws with ppl dependant on accurate feeds
the error introduced is averaged out over time ... I think it's a good idea .. if you chose a spread of .. say 0.1% or so ..

As a business that will accept bit assets this is a awful idea.

I think we would be better served adding a 100% pay delegate and paying for feeds. Their are entire businesses who only have one product and that's providing feeds. It will give us a more accurate, dependable  feed for every

market that we currently have running.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
One more fairly obvious item you should add to the list is:

Always multiply your published price by a random number that is close to 1; maybe within a quarter percent of one. It's an easy step that makes the price feed that much less predictable and improves security against precision market manipulation.
Really? And this totally screws with ppl dependant on accurate feeds
the error introduced is averaged out over time ... I think it's a good idea .. if you chose a spread of .. say 0.1% or so ..

Offline jsidhu

  • Hero Member
  • *****
  • Posts: 1335
    • View Profile
One more fairly obvious item you should add to the list is:

Always multiply your published price by a random number that is close to 1; maybe within a quarter percent of one. It's an easy step that makes the price feed that much less predictable and improves security against precision market manipulation.
Really? And this totally screws with ppl dependant on accurate feeds
Hired by blockchain | Developer
delegate: dev.sidhujag

Offline biophil

  • Hero Member
  • *****
  • Posts: 880
  • Professor of Computer Science
    • View Profile
    • My Academic Website
  • BitShares: biophil
One more fairly obvious item you should add to the list is:

Always multiply your published price by a random number that is close to 1; maybe within a quarter percent of one. It's an easy step that makes the price feed that much less predictable and improves security against precision market manipulation.
Support our research efforts to improve BitAsset price-pegging! Vote for worker 1.14.204 "201907-uccs-research-project."