Author Topic: [blog] Decentralized Exchange Network as a Platform for Centralized Exchanges  (Read 5991 times)

0 Members and 1 Guest are viewing this topic.

Offline monsterer

And can you tell how much users have to pay per transaction to do PoW? (If the cost is linear, bots are less likely to come to the exchange)

Yes, I am forced to concede, that even with no fees and PoW, owners of HFT bots would likely move to another exchange anyway because time is a critical factor for them.

As it stands I see no viable options. I will consider this more when I have a free moment.
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline tbone

  • Hero Member
  • *****
  • Posts: 632
    • View Profile
  • BitShares: tbone2
Why is this conversation taking place?  At the current price, a 1 BTS order placement fee would cost an active bot about $3 per 1,000 cancelled trades.  Are you seriously saying that someone operating such a bot would be looking to avoid $3 in fees?  So now we have to remove the order placement fee, which in turn exposes us to DDOS, and now the answer is switch to PoW? 

I'm not saying you should or shouldn't do anything. I'm just illuminating my own thought process as an exchange owner and bitshares user. I think any fees levied onto customers which are not present on a competitors exchange are very relevant.

If you're going to maintain that $3 per THOUSAND cancelled orders is going to motivate a high-volume bot operator to look elsewhere, then I seriously question your judgement and would do my best to avoid your service.

I know you like to play devil's advocate, and there's often value in that, which I'm sure many here can appreciate.  But this is just ridiculous.   

Offline Akado

  • Hero Member
  • *****
  • Posts: 2752
    • View Profile
  • BitShares: akado
I'm of the opinion a user will still use an exchange even if they have to pay a small fee, if they really like it. The exchange just needs to provide services that are worth those same fees. Easier said than done, but I believe user's won't just leave an exchange they like and has given them good support just because of a relatively small fee. I'm not a trader though.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline clayop

  • Hero Member
  • *****
  • Posts: 2033
    • View Profile
    • Bitshares Korea
  • BitShares: clayop
How can you prevent DDos without charging any costs on them in DEX? It's impossible unless you verify users' identity.

PoW is the only way this makes sense, I think.

I think you do now want to resolve the problem with existing solutions. You just want to introduce PoW. I'm not saying PoW idea is wrong, but you're just insisting your thoughts although there are many ways with existing features to resolve the issue you now have.

Why not whitelisting? Why not temporal small fee with full refund after an attack?
And can you tell how much users have to pay per transaction to do PoW? (If the cost is linear, bots are less likely to come to the exchange)
Bitshares Korea - http://www.bitshares.kr
Vote for me and see Korean Bitshares community grows
delegate-clayop

Offline monsterer

Why is this conversation taking place?  At the current price, a 1 BTS order placement fee would cost an active bot about $3 per 1,000 cancelled trades.  Are you seriously saying that someone operating such a bot would be looking to avoid $3 in fees?  So now we have to remove the order placement fee, which in turn exposes us to DDOS, and now the answer is switch to PoW? 

I'm not saying you should or shouldn't do anything. I'm just illuminating my own thought process as an exchange owner and bitshares user. I think any fees levied onto customers which are not present on a competitors exchange are very relevant.
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline tbone

  • Hero Member
  • *****
  • Posts: 632
    • View Profile
  • BitShares: tbone2
How can you prevent DDos without charging any costs on them in DEX? It's impossible unless you verify users' identity.

PoW is the only way this makes sense, I think.

Why is this conversation taking place?  At the current price, a 1 BTS order placement fee would cost an active bot about $3 per 1,000 cancelled trades.  Are you seriously saying that someone operating such a bot would be looking to avoid $3 in fees?  So now we have to remove the order placement fee, which in turn exposes us to DDOS, and now the answer is switch to PoW? 

Why not focus on some of the actual challenges we're facing?

Offline Empirical1.2

  • Hero Member
  • *****
  • Posts: 1366
    • View Profile
What about refunding accounts their order creation fees at the end of the week/month?

If the account is involved in DDOS it will be red-flagged and those fees won't be re-imbursed.

Why would any user accept this compromise when they could switch to a competing exchange which didn't charge them? Opportunity cost.

For the vast majority, it would be opportunity cost on a few cents to a few dollars...

Trading costs at various exchanges already vary considerably with trading fees ranging from 0.1-0.2% and some Maker/Taker offers etc.
So I don't think those few cents/dollars which are re-imbursed daily/weekly will have a major impact on decision making.



« Last Edit: January 21, 2016, 10:27:29 pm by Empirical1.2 »
If you want to take the island burn the boats

Offline Akado

  • Hero Member
  • *****
  • Posts: 2752
    • View Profile
  • BitShares: akado
No. I'm talking per account. If an account does what I mentioned above, that account's fees scale or get delayed.

And so the attacker moves accounts and continues his attack?

Depends on the algorithm. Assume the network notices there are 10tx/s at any given moment. It delays transactions spreading them throughout random future blocks and readjusts that according to the amount of transaction each block is having atm. Assume it reaches 10tx/s then it starts readjusting them to the next few blocks, if all those blocks are getting filled with transactions surpassing a given limit it extends the next ones throughout the next blocks and gives priority to accounts with single transactions. It would have to compare the number of all transactions made by all accounts in the last X blocks though, that might cause some performance issues..

Of course I don't know about the feasibility of this. If it notices the same account having multiple transactions on an interval of 5 or 10 blocks then rises the fee for that account. Of course he can do this with more accounts. Then you prioritize accounts with less transactions. Assume there are more 100 accounts doing the same, those would get their transactions delayed in future blocks where normal non-attacker accounts would get their transactions prioritized.

The challenge here is identifying attacking accounts.

Imagine each account being flagged if the number of transactions in any given number of blocks surpasses a pre defined limit. Let's say 100 transactions in 10 blocks or 20 transactions per 3 blocks, whatever number we see fit. If an account hits that, it gets flagged and restricted for the following X blocks. From the moment an account gets flagged, all other accounts get a limited amount of transactions per blocks.

This would mean that if the attacker has 100s of accounts, now instead of for example them being able to do each 100tx per 10 blocks they can only do 10. Normal users don't really need to spam the network with tons of transactions, 1 per block is fine per user I guess?

As for big businesses in the future having the need to do more transactions per block, they get a different flag that allows them to have a bigger or no limit at all.

Just throwing some random stuff there. I think the last example I gave makes more sense.. Then any number of accounts would have their number of transactions restricted. I think you might still argue we're making his job easier, but we really only have to find the right limits from here I think. It can be more, or less. It's "just" a matter of figuring it out.

Once again I'm not a technical guy, just throwing some stuff that makes sense in my head, until you come with a counter argument. If everyone brainstormed we might get something.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline monsterer

What about refunding accounts their order creation fees at the end of the week/month?

If the account is involved in DDOS it will be red-flagged and those fees won't be re-imbursed.

Why would any user accept this compromise when they could switch to a competing exchange which didn't charge them? Opportunity cost.
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline Empirical1.2

  • Hero Member
  • *****
  • Posts: 1366
    • View Profile
What about refunding accounts their order creation fees at the end of the week/month?

If the account is involved in DDOS it will be red-flagged and those fees won't be re-imbursed.


If you want to take the island burn the boats

Offline monsterer

How can you prevent DDos without charging any costs on them in DEX? It's impossible unless you verify users' identity.

PoW is the only way this makes sense, I think.
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline monsterer

No. I'm talking per account. If an account does what I mentioned above, that account's fees scale or get delayed.

And so the attacker moves accounts and continues his attack?
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline clayop

  • Hero Member
  • *****
  • Posts: 2033
    • View Profile
    • Bitshares Korea
  • BitShares: clayop
I am not sure that users really care about the temporal fee of 1 BTS per creating order during DDOS.
If you want to be more active, you can charge much more fees during DDOS (say, 10 BTS by adjusting CER), collect BTS from the attacker, and payback to normal users for their fees paid during the DDOS. Isn't it a good idea?

No, I don't think it is. Charging users to place or modify orders will cause them to seek another exchange which doesn't charge them. Trading bots execute thousands of such actions per day in the busiest exchanges.

You never want to charge any fees on users at any time. But users include normal users as well as DDoS attackers

How can you prevent DDos without charging any costs on them in DEX? It's impossible unless you verify users' identity.

I think my previous suggestion can work. Users end up with no fee costs because you can refund the fees to them (or can additionally distribute collected fees from attackers).

Or, alternatively, you can use whitelist feature with some basic identification as like centralized exchanges.
Bitshares Korea - http://www.bitshares.kr
Vote for me and see Korean Bitshares community grows
delegate-clayop

Offline Akado

  • Hero Member
  • *****
  • Posts: 2752
    • View Profile
  • BitShares: akado
Well other chains might have other methods to deal with this problem.

But in BTS, specifically, what if witnesses detected the spamming and simply didn't include those transactions on the blocks? I mean, this would be a very serious action, they would need to be sure but... Or why not make fees escalate if they're done within X blocks? That makes sense? If number of tx > X and the transaction IDs are all within [w, z] blocks, they scale up.

If it passes that defined threshold then fees go up OR transactions get delayed and spread throughout the next X number of blocks as a mean to distribute it evenly

Then you give attackers a chance to DDOS the entire chain by raising fees so high as to make transactions financially unviable to send. Shorting the coin at the same time would make this profitable, potentially.

No. I'm talking per account. If an account does what I mentioned above, that account's fees scale or get delayed.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline monsterer

Well other chains might have other methods to deal with this problem.

But in BTS, specifically, what if witnesses detected the spamming and simply didn't include those transactions on the blocks? I mean, this would be a very serious action, they would need to be sure but... Or why not make fees escalate if they're done within X blocks? That makes sense? If number of tx > X and the transaction IDs are all within [w, z] blocks, they scale up.

If it passes that defined threshold then fees go up OR transactions get delayed and spread throughout the next X number of blocks as a mean to distribute it evenly

Then you give attackers a chance to DDOS the entire chain by raising fees so high as to make transactions financially unviable to send. Shorting the coin at the same time would make this profitable, potentially.
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads