Author Topic: do you have modify the trade logic in this fork?  (Read 36562 times)

0 Members and 1 Guest are viewing this topic.

Offline ripplexiaoshan

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 2300
    • View Profile
  • BitShares: jademont
BTS committee member:jademont

Offline sudo

  • Hero Member
  • *****
  • Posts: 2255
    • View Profile
  • BitShares: ags
I don't know if you don't know what can happen with this flaw, or you don't care about others lost totally.
in fact the users could have lost millions USD in these days if somebody attack with this flaw.

when the price drop down, some short possition will be margin call after several minutes,
the attacker can borrow  0.1 CNY with collect rate just a little bit higher than the first debt position.
in fact he can create many short position like this.

the other hand, the attacker  create some bid orders prepare to fill the comming magin call orders. the bid price is feedprice/1.1

when the margin call happen, the small debt position will execute first, and make all bid orders be ignore just  like what happend to mine 4 days ago.
then the real big margin call orders will filled the attacker's bid order at feed price / 1.1

finally the attacker can sell these cheaper BTS to the bid orders which have be ignore just now.
so he can earn 10% without any risk.

 +5% +5% +5% +5% +5% +5% +5% +5% +5% +5% +5% +5% +5%

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
Shorters should know that they risk a 10% penalty when being margin called. None of the defined operational parameters are broken through this behaviour.
IMO this bug is a flaw, but not a serious problem. It certainly doesn't justify an emergency fix, or whatever you expect.
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline alt

  • Hero Member
  • *****
  • Posts: 2821
    • View Profile
  • BitShares: baozi
if you still ignore the flaw,  you don't care about the users's profit.
I will try to attack.

Offline alt

  • Hero Member
  • *****
  • Posts: 2821
    • View Profile
  • BitShares: baozi
I don't know if you don't know what can happen with this flaw, or you don't care about others lost totally.
in fact the users could have lost millions USD in these days if somebody attack with this flaw.

when the price drop down, some short possition will be margin call after several minutes,
the attacker can borrow  0.1 CNY with collect rate just a little bit higher than the first debt position.
in fact he can create many short position like this.

the other hand, the attacker  create some bid orders prepare to fill the comming magin call orders. the bid price is feedprice/1.1

when the margin call happen, the small debt position will execute first, and make all bid orders be ignore just  like what happend to mine 4 days ago.
then the real big margin call orders will filled the attacker's bid order at feed price / 1.1

finally the attacker can sell these cheaper BTS to the bid orders which have be ignore just now.
so he can earn 10% without any risk.

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
The issue was submitted a long ago, why wasn't the fix included in the last fork?

We discussed the fixes to be included in the hardfork here: https://bitsharestalk.org/index.php/topic,24816.0.html

At that time, the problem was only a side remark on issue #338. There several reasons why it wasn't included, like
* lack of manpower (at the time, @oxarbitrage was the only paid developer)
* the problem was not considered to be a serious one
* nobody came up and asked for a fix, or offered to help - as you can see from that thread, general interest from the community was almost non-existant
* we have a lot of issues regarding the market engine, so fixing this should be part of a bigger overhaul IMO
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline yvv

  • Hero Member
  • *****
  • Posts: 1186
    • View Profile

Offline alt

  • Hero Member
  • *****
  • Posts: 2821
    • View Profile
  • BitShares: baozi

Offline abit

  • Committee member
  • Hero Member
  • *
  • Posts: 4668
    • View Profile
    • Abit's Hive Blog
  • BitShares: abit
  • GitHub: abitmore
BitShares committee member: abit
BitShares witness: in.abit

Offline alt

  • Hero Member
  • *****
  • Posts: 2821
    • View Profile
  • BitShares: baozi
the exactly lose is I should have bought 1M BTS at price 2.8CNY/BTS,
but the marketing engine ignore my bid order, sold the 1M BTS to other orders which price lower than mine.

alt, did you really lose 1M (one million) BTS?

Offline alt

  • Hero Member
  • *****
  • Posts: 2821
    • View Profile
  • BitShares: baozi
I don't know who should take responsibility, but I'm sure it's not me.
or your spoke man should talk the truth to others, the DEX will not take any responsibility for your asset security
if there is a bug make your money disapear, you take responsibility by yourself.

I don't know what happend to you?! and you want who to give you an apologize?! the community?  the developer? the user? the Committee? the system?
If you hate the system flaw, destroy it in your way.
If you hate the BITSHARES, leave or destroy it in your way.

“Don’t let hatred control you, no matter what others do that causes [anger]. You would only become guilty of the same sin that afflicts them, and nothing would be solved.” —Billy Graham

You are a very good developer of BTS, do what you think is right.

Offline alt

  • Hero Member
  • *****
  • Posts: 2821
    • View Profile
  • BitShares: baozi
seems not the same issue.
your issue is matching price.
my issue is not filled my bid orders but others lower than me.

and if you care about the short position's profit,
you should resolve it ASAP.
because with this flaw, I can fill all margin call orders at feedprice/1.1 even there is many bid orders which have a high price than me. then sell these cheap BTS to the high bid orders.

This issue has been discussed on github:
* https://github.com/bitshares/bitshares-core/issues/453 and
* https://github.com/bitshares/bitshares-core/issues/338#issuecomment-318808452

There is a test case to reproduce it:
* https://github.com/bitshares/bitshares-core/pull/341/commits/aa60533269d7ca5e534bedb8a63ac4742d50164c

It's on the to-do list, will be fixed in a future release.
« Last Edit: December 21, 2017, 05:50:23 am by alt »

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 749
    • View Profile
alt, did you really lose 1M (one million) BTS?

binggo

  • Guest
I don't know what happend to you?! and you want who to give you an apologize?! the community?  the developer? the user? the Committee? the system?
If you hate the system flaw, destroy it in your way.
If you hate the BITSHARES, leave or destroy it in your way.

“Don’t let hatred control you, no matter what others do that causes [anger]. You would only become guilty of the same sin that afflicts them, and nothing would be solved.” —Billy Graham

You are a very good developer of BTS, do what you think is right.

Offline abit

  • Committee member
  • Hero Member
  • *
  • Posts: 4668
    • View Profile
    • Abit's Hive Blog
  • BitShares: abit
  • GitHub: abitmore
BitShares committee member: abit
BitShares witness: in.abit