Author Topic: SMARTASSETS SCAMS  (Read 2512 times)

0 Members and 1 Guest are viewing this topic.

Offline btsindex

SMARTASSETS SCAMS
« on: August 20, 2018, 02:42:22 pm »
At first glance "smart" assets look like a more secure alternative to regular (user-issued) assets. They are backed by collaterial. An asset owner can't just issue millions of coins. Your only risk is the market fluctuations and Nassim Taleb with his black swans. Right? WRONG! Actually, smart-assets even more risky. Here are some ways asset owners can f*ck everyone who have invested in their smart-coins.

1. Artificial margin-calls.
At any moment an asset owner can push fake settlement price causing a margin-call. When a margin-call happens he/she sells you the asset with a really high price. GOODBYE COLLATERIAL!

2. Artificial devaluation.
You are smart and just want to buy an asset cheaply to sell later. Is it ok? Haha! NO! The asset owner just pushes extra low pricefeed, borrows millions of smartcoins and sells them to you. Don't worry, maybe you will be able to sell those coins in 2058.

3. The "Issuer may transfer asset back to himself" flag.
Really!

4 (new). 99.99% market fee
The main profit an asset owner gets (other than stealing your money with options 1,2 and 3) is a market fee. Each time someone buys the asset, small amount of it goes to the fee pool the owner can use. For example bitCNY fee is 0.1% at the moment. That's ok until the asset owner sets the fee equal to 99.9%. It's just like sending coins you're buying directly to him. Awesome, isn't it?

But what if there are multiple price-feed producers? The settlement price is medianed, so everything should be fine? NO. At any moment, the owner can remove all pricefeed producers from the authorized list and push a fake price. Then 1 & 2

Can you trust a multi-signature account? OMG NO.
Registering new users costs nothing. It's easy to create a new multisig account (http://docs.bitshares.org/bitshares/user/account-permissions.html#flat-multi-signature), fill it with fake users, maybe add some "reliable" accounts and then 1 & 2 & 3

But smartcoins are awesome!
Yes they are, however the only safe smart-coins at the moment are bitASSETS created by trustworthy committee account named simply "commitee-account" (bitUSD, bitCNY etc) and assets created by people you know/trust. If you invest in other smart assets, be ready to loose your collaterial or get an asset that costs nothing at the end of the day. Like 0.000001 nothing.

I'm not going to say that assets I created (INDEXDJI, INDEXSPX, INDEXNASDAQ, CUBED.CNY, CUBED.USD) are any better. If I decide to cheat at some moment, i'll be able to do 1, 2 and then 3 (wtf guys, why do you buy assets with such permission enabled?).

I'm writing this to warn people, who don't really understand how smartcoins work. Also it would be awesome to hear any thoughts about how to make a really secure smart-asset on Bitshares.
« Last Edit: August 21, 2018, 02:51:04 pm by btsindex »

Offline Customminer

  • Hero Member
  • *****
  • Posts: 627
  • Bitshares FTW!
    • View Profile
  • GitHub: grctest
Re: SMARTASSETS SCAMS
« Reply #1 on: August 20, 2018, 03:06:06 pm »
The Hz MPA has disabled several of the flags which remain active on the committee owned smartcoins - such as the "Issuer may transfer asset back to himself": http://cryptofresh.com/a/HERTZ I wish more MPAs were to follow suit in the future.

I do agree that you need to trust the asset owner to not remove the feed producers and cause global settlement, however I disagree that only the committee should be trusted because you could create a similar multi-party ownership of a private MPA with a group of community trusted entities or more drastically you could transfer ownership of the MPA to null which would finalize all settings permanently & prove full decentralization.

Offline btsindex

Re: SMARTASSETS SCAMS
« Reply #2 on: August 20, 2018, 03:34:45 pm »
you could create a similar multi-party ownership of a private MPA with a group of community trusted entities

Yep. That should work! If you trust all individuals of a group you can probably trust the group. Thanks!

you could transfer ownership of the MPA to null

So null is like noone's account? It looks like a regular bts user.

Offline JonnyB

  • Hero Member
  • *****
  • Posts: 636
    • View Profile
    • twitter.com/jonnybitcoin
Re: SMARTASSETS SCAMS
« Reply #3 on: August 20, 2018, 03:48:47 pm »
@btsindex
Yes you are correct and the only smartcoins I have ever trusted are bitUSD and BitCNY.
Even these have issues with lack of liquidity and short squeezes.
The price feed accuracy, decentralisation and reliability are so so important.
Even BitBTC has blackswanned.
I run the @bitshares twitter handle
twitter.com/bitshares

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12895
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Re: SMARTASSETS SCAMS
« Reply #4 on: August 20, 2018, 04:13:50 pm »
Can you trust a committee account? OMG NO.
Registering new users costs nothing. It's easy to create a new committee account, fill it with fake users, maybe add some "reliable" accounts and then 1 & 2 & 3
While I agree with multisig accounts not adding to security by default,
the committee-account (and witness-account) are different in that the blockchain adds accounts to those accounts
according to governance.
There is no simple way to 'create a new committee' account.
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline btsindex

Re: SMARTASSETS SCAMS
« Reply #5 on: August 20, 2018, 04:49:22 pm »
the committee-account (and witness-account) are different in that the blockchain adds accounts to those accounts
according to governance.
There is no simple way to 'create a new committee' account.

Thanks! Updated the post. I was talking about multisig accounts and mistakenly called them committee accounts. Now i see the difference.

Offline Customminer

  • Hero Member
  • *****
  • Posts: 627
  • Bitshares FTW!
    • View Profile
  • GitHub: grctest
Re: SMARTASSETS SCAMS
« Reply #6 on: August 20, 2018, 07:26:06 pm »
you could transfer ownership of the MPA to null

So null is like noone's account? It looks like a regular bts user.
Sending anything to null is the same as burning/destroying the item - by transfering asset ownership to null you destroy the owner permissions/keys & nobody else is in control of any of the MPA settings from that point onwards.

Online sschiessl

Re: SMARTASSETS SCAMS
« Reply #7 on: August 20, 2018, 08:56:57 pm »
you could transfer ownership of the MPA to null

So null is like noone's account? It looks like a regular bts user.
Sending anything to null is the same as burning/destroying the item - by transfering asset ownership to null you destroy the owner permissions/keys & nobody else is in control of any of the MPA settings from that point onwards.

Almost the same. Sending to null is a one way street for an UIA if it.doesnt have issuer can transfer flag, truly lost forever (not considering during protocol upgrade). If you burn UIAs the issuer can issue them again.

Offline abit

  • Committee member
  • Hero Member
  • *
  • Posts: 3622
    • View Profile
    • Steemit Blog
  • BitShares: abit
  • GitHub: abitmore
Re: SMARTASSETS SCAMS
« Reply #8 on: August 20, 2018, 10:25:23 pm »
you could create a similar multi-party ownership of a private MPA with a group of community trusted entities

Yep. That should work! If you trust all individuals of a group you can probably trust the group. Thanks!

you could transfer ownership of the MPA to null

So null is like noone's account? It looks like a regular bts user.
Please be careful, it's "null-account" (id 1.2.3), not "null".
https://cryptofresh.com/u/null-account
https://cryptofresh.com/u/null
BTS account: abit
BTS committee member: abit
BTS witness: in.abit

Offline akledirs

Re: SMARTASSETS SCAMS
« Reply #9 on: August 21, 2018, 08:18:42 am »
btsindex, why you not change rights for your smartassets? Such activities may rise up cost BTS, it popularity. I hope you create this assets not for cheat.
There is smartasset - GRIDCOIN, in which not right of issuer create blacklist, return themselves, but there is right switch give feed of delegate - now sw.on)
« Last Edit: August 21, 2018, 12:50:50 pm by akledirs »

Offline btsindex

Re: SMARTASSETS SCAMS
« Reply #10 on: August 21, 2018, 09:25:14 am »
btsindex, why you not change rights for your smartassets? Such activities may rise up cost BTS, it popularity. I need you create this assets not for cheat

Sure, no problem. Just disabled the Issuer may transfer asset back to himself permission for INDEXDJI, INDEXSPX, INDEXNASDAQ.

Also other permissions:

Require holders to be white-listed
Let's say at some moment an asset owner enables corresponding flag and whitelists only himself and current buyers. So other holders can't sell the asset. I haven't tried that, but it seems that it's also possible to use that flag to cheat. Disabled.

Issuer must approve all transfers
Does it also include buying/selling? Disabled

Keep in mind, that it doesn't make the assets "secure".

I'm thinking about transferring the assets ownership to null-account. It's probably a good idea if witnesses or committee members provide prices so you don't need to manually add price-feed producers. Null-account is probably also a good option for honest ICOs via user-issued assets. Like creating an asset, issuing coins to a specific account, then transfer the ownership to the null. Need to experiment with that...

Offline akledirs

Re: SMARTASSETS SCAMS
« Reply #11 on: August 21, 2018, 12:57:42 pm »
I think, that transfering asset to null-account will lead to the impossibility of withdrawal from fee pool. Main idea for issuer of creating and owning smartasset - income from fee pool.

Offline akledirs

Re: SMARTASSETS SCAMS
« Reply #12 on: August 21, 2018, 01:07:50 pm »
The less access rights the owner has left, the more secure the asset. For a better security of the asset, it is better to include the submission of quotations by the witnesses and disable the right of access to change this option. Another unobvious moment - the right of access to a change in the market commission - you can still establish it at 99%.

Offline btsindex

Re: SMARTASSETS SCAMS
« Reply #13 on: August 21, 2018, 02:09:36 pm »
For a better security of the asset, it is better to include the submission of quotations by the witnesses and disable the right of access to change this option.
Yeah! That would be awesome. The problem is an asset owner can disable corresponding flags later. Flags are not fixed. Permissions are fixed (you can change them only once)

Corresponding permissions are the same as flags:
Allow witnesses to provide feeds
Allow committee members to provide feeds


They are activated by default. You can disable them, but that's not what we actually want, right? It's not like if those permissions are active, the corresponding flags are also active all the time.

Another problem is how to engage witnesses or committee members in publishing prices. What if an asset owner is not a witness and all witnesses stop publishing price. In such case the asset becomes frozen.

Another unobvious moment - the right of access to a change in the market commission - you can still establish it at 99%.

Haha! You mean making the market fee like 100%? What a wonderful idea! I'll add it to the main post.
« Last Edit: August 21, 2018, 02:41:46 pm by btsindex »

Offline Customminer

  • Hero Member
  • *****
  • Posts: 627
  • Bitshares FTW!
    • View Profile
  • GitHub: grctest
Re: SMARTASSETS SCAMS
« Reply #14 on: August 21, 2018, 02:59:00 pm »
Another problem is how to engage witnesses or committee members in publishing prices. What if an asset owner is not a witness and all witnesses stop publishing price. In such case the asset becomes frozen.

Getting price feeds for private MPA from witnesses is difficult, I've found that even with multi price feed script coverage that some witnesses don't publish price feeds for Hz. I've managed to get approx 12 feeds, but 20+ would be preferable..

Another unobvious moment - the right of access to a change in the market commission - you can still establish it at 99%.

Haha! You mean making the market fee like 100%? What a wonderful idea! I'll add it to the main post.

https://github.com/bitshares/bitshares-ui/issues/1369 There's UI changes coming which will at least notify users if this high a market fee is implemented.