Author Topic: SMARTASSETS SCAMS  (Read 7866 times)

0 Members and 1 Guest are viewing this topic.

Offline akledirs

I think, that transfering asset to null-account will lead to the impossibility of withdrawal from fee pool. Main idea for issuer of creating and owning smartasset - income from fee pool.

Offline btsindex

btsindex, why you not change rights for your smartassets? Such activities may rise up cost BTS, it popularity. I need you create this assets not for cheat

Sure, no problem. Just disabled the Issuer may transfer asset back to himself permission for INDEXDJI, INDEXSPX, INDEXNASDAQ.

Also other permissions:

Require holders to be white-listed
Let's say at some moment an asset owner enables corresponding flag and whitelists only himself and current buyers. So other holders can't sell the asset. I haven't tried that, but it seems that it's also possible to use that flag to cheat. Disabled.

Issuer must approve all transfers
Does it also include buying/selling? Disabled

Keep in mind, that it doesn't make the assets "secure".

I'm thinking about transferring the assets ownership to null-account. It's probably a good idea if witnesses or committee members provide prices so you don't need to manually add price-feed producers. Null-account is probably also a good option for honest ICOs via user-issued assets. Like creating an asset, issuing coins to a specific account, then transfer the ownership to the null. Need to experiment with that...

Offline akledirs

btsindex, why you not change rights for your smartassets? Such activities may rise up cost BTS, it popularity. I hope you create this assets not for cheat.
There is smartasset - GRIDCOIN, in which not right of issuer create blacklist, return themselves, but there is right switch give feed of delegate - now sw.on)
« Last Edit: August 21, 2018, 12:50:50 pm by akledirs »

Offline abit

  • Committee member
  • Hero Member
  • *
  • Posts: 4664
    • View Profile
    • Abit's Hive Blog
  • BitShares: abit
  • GitHub: abitmore
you could create a similar multi-party ownership of a private MPA with a group of community trusted entities

Yep. That should work! If you trust all individuals of a group you can probably trust the group. Thanks!

you could transfer ownership of the MPA to null

So null is like noone's account? It looks like a regular bts user.
Please be careful, it's "null-account" (id 1.2.3), not "null".
https://cryptofresh.com/u/null-account
https://cryptofresh.com/u/null
BitShares committee member: abit
BitShares witness: in.abit

Offline sschiessl

  • Administrator
  • Hero Member
  • *****
  • Posts: 662
    • View Profile
  • BitShares: sschiessl
you could transfer ownership of the MPA to null

So null is like noone's account? It looks like a regular bts user.
Sending anything to null is the same as burning/destroying the item - by transfering asset ownership to null you destroy the owner permissions/keys & nobody else is in control of any of the MPA settings from that point onwards.

Almost the same. Sending to null is a one way street for an UIA if it.doesnt have issuer can transfer flag, truly lost forever (not considering during protocol upgrade). If you burn UIAs the issuer can issue them again.

Offline R

  • Hero Member
  • *****
  • Posts: 1004
    • View Profile
you could transfer ownership of the MPA to null

So null is like noone's account? It looks like a regular bts user.
Sending anything to null is the same as burning/destroying the item - by transfering asset ownership to null you destroy the owner permissions/keys & nobody else is in control of any of the MPA settings from that point onwards.

Offline btsindex

the committee-account (and witness-account) are different in that the blockchain adds accounts to those accounts
according to governance.
There is no simple way to 'create a new committee' account.

Thanks! Updated the post. I was talking about multisig accounts and mistakenly called them committee accounts. Now i see the difference.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Can you trust a committee account? OMG NO.
Registering new users costs nothing. It's easy to create a new committee account, fill it with fake users, maybe add some "reliable" accounts and then 1 & 2 & 3
While I agree with multisig accounts not adding to security by default,
the committee-account (and witness-account) are different in that the blockchain adds accounts to those accounts
according to governance.
There is no simple way to 'create a new committee' account.

Offline JonnyB

  • Hero Member
  • *****
  • Posts: 636
    • View Profile
    • twitter.com/jonnybitcoin
@btsindex
Yes you are correct and the only smartcoins I have ever trusted are bitUSD and BitCNY.
Even these have issues with lack of liquidity and short squeezes.
The price feed accuracy, decentralisation and reliability are so so important.
Even BitBTC has blackswanned.
I run the @bitshares twitter handle
twitter.com/bitshares

Offline btsindex

you could create a similar multi-party ownership of a private MPA with a group of community trusted entities

Yep. That should work! If you trust all individuals of a group you can probably trust the group. Thanks!

you could transfer ownership of the MPA to null

So null is like noone's account? It looks like a regular bts user.

Offline R

  • Hero Member
  • *****
  • Posts: 1004
    • View Profile
The Hz MPA has disabled several of the flags which remain active on the committee owned smartcoins - such as the "Issuer may transfer asset back to himself": http://cryptofresh.com/a/HERTZ I wish more MPAs were to follow suit in the future.

I do agree that you need to trust the asset owner to not remove the feed producers and cause global settlement, however I disagree that only the committee should be trusted because you could create a similar multi-party ownership of a private MPA with a group of community trusted entities or more drastically you could transfer ownership of the MPA to null which would finalize all settings permanently & prove full decentralization.

Offline btsindex

At first glance "smart" assets look like a more secure alternative to regular (user-issued) assets. They are backed by collaterial. An asset owner can't just issue millions of coins. Your only risk is the market fluctuations and Nassim Taleb with his black swans. Right? WRONG! Actually, smart-assets even more risky. Here are some ways asset owners can f*ck everyone who have invested in their smart-coins.

1. Artificial margin-calls.
At any moment an asset owner can push fake settlement price causing a margin-call. When a margin-call happens he/she sells you the asset with a really high price. GOODBYE COLLATERIAL!

2. Artificial devaluation.
You are smart and just want to buy an asset cheaply to sell later. Is it ok? Haha! NO! The asset owner just pushes extra low pricefeed, borrows millions of smartcoins and sells them to you. Don't worry, maybe you will be able to sell those coins in 2058.

3. The "Issuer may transfer asset back to himself" flag.
Really!

4 (new). 99.99% market fee
The main profit an asset owner gets (other than stealing your money with options 1,2 and 3) is a market fee. Each time someone buys the asset, small amount of it goes to the fee pool the owner can use. For example bitCNY fee is 0.1% at the moment. That's ok until the asset owner sets the fee equal to 99.9%. It's just like sending coins you're buying directly to him. Awesome, isn't it?

But what if there are multiple price-feed producers? The settlement price is medianed, so everything should be fine? NO. At any moment, the owner can remove all pricefeed producers from the authorized list and push a fake price. Then 1 & 2

Can you trust a multi-signature account? OMG NO.
Registering new users costs nothing. It's easy to create a new multisig account (http://docs.bitshares.org/bitshares/user/account-permissions.html#flat-multi-signature), fill it with fake users, maybe add some "reliable" accounts and then 1 & 2 & 3

But smartcoins are awesome!
Yes they are, however the only safe smart-coins at the moment are bitASSETS created by trustworthy committee account named simply "commitee-account" (bitUSD, bitCNY etc) and assets created by people you know/trust. If you invest in other smart assets, be ready to loose your collaterial or get an asset that costs nothing at the end of the day. Like 0.000001 nothing.

I'm not going to say that assets I created (INDEXDJI, INDEXSPX, INDEXNASDAQ, CUBED.CNY, CUBED.USD) are any better. If I decide to cheat at some moment, i'll be able to do 1, 2 and then 3 (wtf guys, why do you buy assets with such permission enabled?).

I'm writing this to warn people, who don't really understand how smartcoins work. Also it would be awesome to hear any thoughts about how to make a really secure smart-asset on Bitshares.
« Last Edit: August 21, 2018, 02:51:04 pm by btsindex »