BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS

[BTSdac]

Ok.  Bitusd stays. 


Sent from my iPhone using Tapatalk

1. veryaddress can back N times BTS to creat Bitusd with same ratio in one bolck
2.ratio is average of exchangle prcie between BTS and Bitusd of  recent M confire bolcks
3.creat bitusd and exchange bitusd are two independent process,  create bitusd not mean sell bitusd.  bitusd can been created with one ratio , and can been selled with different ratio

[theoretical]

I have a different solution to the SlingShot attack, which does not involve increasing margins.  I will summarize it in one sentence:

Put a speed limit on the change of the price seen by the logic which forces short positions to liquidate.

Then a temporary rise in price which lasts for a few blocks will only liquidate positions that were nearly out of capital anyway, no matter how high the price is pushed.  A great increase in price can still wipe out all existing shorts, but it happens gradually over hundreds of blocks, and in the beginning only poorly capitalized positions are liquidated.  The speed limit should make it much harder to cause a chain reaction.  People trading manually will have hours to notice what's going on and place profitable Ask orders (either selling BitUSD holdings or entering new, fully capitalized short positions at the higher price).  These new Ask orders will interrupt the positive feedback loop of price increase -> short liquidation -> bid orders -> upward price pressure -> price increase.

I wrote in great detail about this in a separate thread:  https://bitsharestalk.org/index.php?topic=3277.0

[alt]

Unfortunately I have been very busy with other things.. need to get back to code ASAP

Wish  to get bounty  before 2.28 

Cheers, I have got 25 pts 

[alt]

yes,25pts. address below.
And I figured out a bug for the order_match in the same post, maybe you still not test it.

Unfortunately I have been very busy with other things.. need to get back to code ASAP

Wish  to get bounty  before 2.28 

[toast]

yes,25pts. address below.
And I figured out a bug for the order_match in the same post, maybe you still not test it.

Unfortunately I have been very busy with other things.. need to get back to code ASAP

Sent from my SCH-I535 using Tapatalk

[bytemaster]

yes,25pts. address below.
And I figured out a bug for the order_match in the same post, maybe you still not test it.

Unfortunately I have been very busy with other things.. need to get back to code ASAP

[alt]

yes,25pts. address below.
And I figured out a bug for the order_match in the same post, maybe you still not test it.

[bytemaster]

Over the past week many people have identified certain attacks that we must guard against in the initial chain.   The theory behind BitShares XT works very well in a large established network, but early on in the life of a network things break down due to low market depth.    A few simple attacks have come to my attention that must be resolved and I will be posting them each in their own thread.  I would like to use this thread to discuss potential attacks and if an attack warrants in depth discussion I will spawn a new thread to discuss it.

I am not going to place a specific bounty price for finding attacks, lets just say that if you bring something to my attention that makes me realize something new that I will tip very generously up to hundreds of PTS.

This thread is motivated by the discovery of two attacks for which I have found solutions which will impact BitShares XTs rules:

Can I get bounty?   

do this:
buy 100,000,000 usd with 1bts
short 100,000,000 usd with 1bts

then I get 100,000,000 usd, 2bts will be margin call

Yes.... good work (how may PTS did I say I would award you?  my memory tells me 25 but I haven't searched the posts for confirmation). 

[alt]

Over the past week many people have identified certain attacks that we must guard against in the initial chain.   The theory behind BitShares XT works very well in a large established network, but early on in the life of a network things break down due to low market depth.    A few simple attacks have come to my attention that must be resolved and I will be posting them each in their own thread.  I would like to use this thread to discuss potential attacks and if an attack warrants in depth discussion I will spawn a new thread to discuss it.

I am not going to place a specific bounty price for finding attacks, lets just say that if you bring something to my attention that makes me realize something new that I will tip very generously up to hundreds of PTS.

This thread is motivated by the discovery of two attacks for which I have found solutions which will impact BitShares XTs rules:

Can I get bounty?   

do this:
buy 100,000,000 usd with 1bts
short 100,000,000 usd with 1bts

then I get 100,000,000 usd, 2bts will be margin call

[bytemaster]

BTW, thank you for taking the time to answer my questions.  I am trying not to be annoying, but I believe that any attacker will be very sophisticated and use multiple attack vectors in concert.  The cryptocoin ecosystem on the whole is obviously vulnerable to attacks; from malleable transactions stealing 740k BTC from MtGox (not sure if I really believe that, but that's the story anyway) to Dogehouse.org being DDOS'd every other week, attacks happen frequently.  And an exchange adds a large level of complexity on top of a simple cryptocurrency whose only purpose is to transfer value from one address to another.  Attacks that make no sense for Bitcoin could be exploitable for BitShares.

The market limits the volume per block so this would have to be a sustained attack.   It also requires significant coindays destroyed per block.  We shall see how it goes.

[bitbadger]

BTW, thank you for taking the time to answer my questions.  I am trying not to be annoying, but I believe that any attacker will be very sophisticated and use multiple attack vectors in concert.  The cryptocoin ecosystem on the whole is obviously vulnerable to attacks; from malleable transactions stealing 740k BTC from MtGox (not sure if I really believe that, but that's the story anyway) to Dogehouse.org being DDOS'd every other week, attacks happen frequently.  And an exchange adds a large level of complexity on top of a simple cryptocurrency whose only purpose is to transfer value from one address to another.  Attacks that make no sense for Bitcoin could be exploitable for BitShares.

[bitbadger]

A quick attack that is over within a few blocks is not even a viable attack with the current market structure.   Presumably no one would even know which nodes are publishing the market making transactions and of course there is no such thing as an 'undesirable transaction'.

Once again, I am positing an attacker with a large number of nodes at his disposal.  Say half the nodes on the network.  And they all function normally until the attack occurs.  Such an attacker would be able to figure out who is generating large numbers of transactions.  They would have plenty of time to study the market and figure it out before attacking.

What I am calling "Undesirable transactions" are transactions that are forced through the market by bad actors at a time when liquidity has been artificially limited by those same bad actors, and which create values out of the desired norm, such as 1 BitUSD losing its peg to the USD.

[bytemaster]

A quick attack that is over within a few blocks is not even a viable attack with the current market structure.   Presumably no one would even know which nodes are publishing the market making transactions and of course there is no such thing as an 'undesirable transaction'. 

[bitbadger]

Peers that propagate an invalid transaction are disconnected.

Immediately after the first invalid transaction?  What if they are disconnected but then immediately attempt to re-connect?  How long of a memory does it have?  Does it block based on IP or some other identifier?

I think there are plenty of ways to prevent network wide DOS attacks.   There could still be targeted attacks against specific nodes, but anyone who is in the business of making money on active trading would always act through proxies and keep their true server location hidden.

Of course, but if their proxies are knocked off somehow, then it could take a block or two before they establish new proxies and re-connect to the network.  I am suggesting a quick, targeted attack: DOS selected nodes, immediately slam the market, and have everything over within a couple of blocks.  (Block times are what, 1 or 2 minutes, IIRC?) The attack ends, but the blockchain is a couple blocks larger and filled with undesirable transactions.

DOS attacks are readily addressed.

So have they already been addressed, or is it on the to-do list?  Or on the "to think about later" list?

Is there a peer limit?  Is there a peer request rate limiter?  Does the peering mechanism have a counter to the old SYN flood attack? (whether actually based on actual TCP SYN, or the higher-level peering equivalents; I imagine there is a typical handshake "Hey I wanna peer!" "Ok let's do it" .... wait for acknowledgement.... wait some more.... wait how long?  Wait for how many new peers at one time?)

[bytemaster]

Only valid transactions are propagated.

Peers that propagate an invalid transaction are disconnected.

Invalid transactions include those that do not pay the required fee which would be more expensive than any proof of work.   

Any peer that does not report the block headers up to about the present time is either withholding or not connected himself and thus the search for a node that is connected to the present time will continue.

I think there are plenty of ways to prevent network wide DOS attacks.   There could still be targeted attacks against specific nodes, but anyone who is in the business of making money on active trading would always act through proxies and keep their true server location hidden. 

DOS attacks are readily addressed.