Pages:
Author

Topic: [BETA]Bitfinex.com first Bitcoin P2P lending platform for leverage trading - page 66. (Read 137528 times)

legendary
Activity: 2128
Merit: 1073
Let me guess: They used doubles instead of integers?
Ruby does have support for decimal floating point:

http://ruby-decimal.rubyforge.org/
http://flt.rubyforge.org/

http://speleotrove.com/decimal/

Please get on with the program, we have 21 century now and repeating the old "floating point is inexact" memes went out of fashion.

Thanks.
hero member
Activity: 686
Merit: 500
Bitbuy
I have a copy on my work computer (Fedora Linux) to process withdrawal.

You should really consider using a separate offline machine for processing withdrawals. Sign the transactions on the offline machine, and then broadcast said transactions with another PC that's connected to the internet. That way you keep a vacuum between the network and your private keys. Also, the transaction signing machine shouldn't be used for anything else, since that could get it compromised.

I have a paper backup

Is that one encrypted as well? If not, where is that one stored?

The wallet is encrypted by a really random passphrase, which is written down on paper (my partner loves papers)

Where is that paper stored?

The link between deposit address and users is stored in the database, which is dumped every hour (that might switch to every day, but not less). This dump is sent to another server, then duplicated across the 2 previously mentioned backup servers.

Sounds good! Does this backup also contain the database which holds the information how much USD and BTC each account holder has, plus open positions if any? I wouldn't want an evil hacker deleting your database like he did with Bitcoinica, with you not knowing who owns what.

mtgox credentials to use the funds there.

Do you use 2-factor authentication on Mtgox?

Thanks for all the answers! Looking very good so far. I might just try your site out Smiley
hero member
Activity: 686
Merit: 500
Bitbuy
Did you change the storage of monetary amounts ?
Because what I saw in Bitcoinica's source was really the typical example of what *not* to do.

Let me guess: They used doubles instead of integers?
legendary
Activity: 1372
Merit: 1008
1davout
Did you change the storage of monetary amounts ?
Because what I saw in Bitcoinica's source was really the typical example of what *not* to do.
hero member
Activity: 868
Merit: 1000
How are backups of the private keys and databases handled? How many physical locations? Are they encrypted? How often is all the data backed up? Who has access to the keys to decrypt the database and private keys?

Thanks for answering all my questions. I'm not trying to be annoying if it looks like that, just want to make some things absolutely sure before I deposit some of my coins again. I've lost too many already Sad

Hi,
Of course you can ask, I am glad you.

So, the bitfinex wallet with the private keys is encrypted. I have a copy on my work computer (Fedora Linux) to process withdrawal. I have a paper backup, 2 digital backup on two of our computers, 1 on a physical drive. The wallet is encrypted by a really random passphrase, which is written down on paper (my partner loves papers) and in a gpg encrypted text file (which file is encrypted by a master password we cannot forget while not being easily bruteforcable). The watchonly copy of this wallet, which contain all the addresses generated by the bitfinex server, is backed up every hour (although there not much point to it).

The backup contains the master key which are enough to control all the addresses that will be later generated. So I don't have to redo the backup each time Armory generate a new deposit address.

The link between deposit address and users is stored in the database, which is dumped every hour (that might switch to every day, but not less). This dump is sent to another server, then duplicated across the 2 previously mentioned backup servers.

These backup processes are automated, and watched by cron jobs so they can be restarted if needed.

Only I and my wife has access to the keys which allow to send bitcoins from the bitfinex wallet, and to the bank and mtgox credentials to use the funds there. There is CURRENTLY NO DEAD MAN SWITCH yet, so if both my wife and I die, well the coins are pretty much lost. We will set up a dead man switch but of course that's something that needs thinking.

If you scan our website you won't find lot of ports opened. We don't let a lot of doors opened.

I'm pretty paranoid when it comes to security so yes, I'd say that your bitcoins are safe. I could not sleep if I had a hot wallet on our servers, and if I wasn't sure of who had the keys to the funds.

Even if they only gain the ability to trade they can drain your account by repeatedly setting up a spread and doing a buy and a sell through your account.  Sure, they'll only get a portion of funds, but you will lose all your funds.

Of course that's true. That's why we did the best to protect the API keys from being accessible. Good luck accessing the API key, our servers are not on rackspace or whatever, there dedicated, we fully control them, and as I said above, we let as few door "opened" as possible.

Any attempt to create an account gave me the error message:

Quote
Correct the following errors and try again.
    * Leverage is not included in the list


maybe you corrected too much of the davout error  Wink


Yep, sorry about that. It wouldn't allow even a small 1:1 leverage Sad That's corrected by our guy, I tested you can set up an account, and change the leverage between acceptable range Smiley

Thanks
Raphael
hero member
Activity: 602
Merit: 500
Any attempt to create an account gave me the error message:

Quote
Correct the following errors and try again.
    * Leverage is not included in the list


maybe you corrected too much of the davout error  Wink
legendary
Activity: 1904
Merit: 1002
Even if they only gain the ability to trade they can drain your account by repeatedly setting up a spread and doing a buy and a sell through your account.  Sure, they'll only get a portion of funds, but you will lose all your funds.
hero member
Activity: 686
Merit: 500
Bitbuy
How are backups of the private keys and databases handled? How many physical locations? Are they encrypted? How often is all the data backed up? Who has access to the keys to decrypt the database and private keys?

Thanks for answering all my questions. I'm not trying to be annoying if it looks like that, just want to make some things absolutely sure before I deposit some of my coins again. I've lost too many already Sad
hero member
Activity: 868
Merit: 1000
I know you hedge orders, but there will be slippage during high volatility. Say I need to be forced liquidated at $10/BTC, because I have a heavy leveraged long position. What happens if someone dumps enough coins in 1 order to crash the price to say 9$/BTC? My position will be liquidated at a lower than intended price and my balance will be negative. If I don't redeposit, the loss is on you. Now this is obviously an extreme example, but it's possible. There are also less extreme examples, like not being able to force liquidate my position because Mtgox trading engine is overloaded (has happened in the past during high volume hours). All of this can cause slippage, which might cause you to lose money.

Yes, in these cases, which will probably happen, the loss is on us. Your balance won't go negative because the system will take the loss and set your balance to 0 (you'll never owe us money with a negative balance).

I know in the long run you'll make money if the fees made by the spreads are high enough to compensate for these losses and more, but what I'm saying is that you shouldn't allow positions that are too big and/or utilize too much leverage for their size if you cannot afford any losses those positions may cause because of slippage. So be very careful, and limit your risk as much as possible. Good luck!

Thanks. The leverage and max size are already restricted, and the settings are conservative for the beta phase (no more than 5000 tradable balance, and 500 btc order). This shouldn't move the price too much Cheesy.

Thanks for it anyway Smiley
hero member
Activity: 686
Merit: 500
Bitbuy
I'm having mixed feeling towards this project. The security measures you have implemented seem really great, and inspire great confidence in your service. Using the source of a service that had some major issues, not so much. I've heard multiple coders and programmers say that the code Bitcoinica was running, wasn't build as it should be, like proper error checks, etc. Maybe you won't get hacked, but what happens if you lose a lot of money due to accounts going negative because of some random bug without the owners paying to bring it back to zero/positive?

Hi Mushoz, I understand this concern, there was a general lack of security features, that we tried to correct to the best, and that's why we're in beta. Hey, we already had a bug with Davout, because no check of the leverage!

First, we invested so reserve funds adnd are ready (able) to take up to 400 btc and 4000 usd loss if shit should happen during the beta. Second, because we don't want to lose money, we checked what we could, especially with the balances and trading system as it is the crucial part of the system, and played with this ourselves to see what we could do and not do. The trading system seems to work as intended. But well, I can't stress enough that this is a beta, there will be bugs. What there won't be is theft of funds, because we check history of trades, deposits,... to match with withdrawal requests.

Finally to answer your specific example: a user balance won't be able to be withdrawn to negative because we would have checked it (and the balances work without bugs). And if it's would be negative because of its opened positions, the position could not go to more than we can afford to lose because we hedge what we can not afford to lose (a matched order is passed to mtgox, we also checked it and it works as intended).

Also, a question: You say you and your lover are in possession of the private keys. What happens when you both die in a car accident or a plane crash or something highly unlikely? Do you have some sort of deadman's switch implemented? Thanks Smiley

Right now: the bitcoins would be pretty much lost. No dead man switch is in place, but we will implement one of course, around the time we'll implement automatic offsite signing of bitcoins transactions. We do not drive though Cheesy

Thanks
Raphael

I know you hedge orders, but there will be slippage during high volatility. Say I need to be forced liquidated at $10/BTC, because I have a heavy leveraged long position. What happens if someone dumps enough coins in 1 order to crash the price to say 9$/BTC? My position will be liquidated at a lower than intended price and my balance will be negative. If I don't redeposit, the loss is on you. Now this is obviously an extreme example, but it's possible. There are also less extreme examples, like not being able to force liquidate my position because Mtgox trading engine is overloaded (has happened in the past during high volume hours). All of this can cause slippage, which might cause you to lose money.

I know in the long run you'll make money if the fees made by the spreads are high enough to compensate for these losses and more, but what I'm saying is that you shouldn't allow positions that are too big and/or utilize too much leverage for their size if you cannot afford any losses those positions may cause because of slippage. So be very careful, and limit your risk as much as possible. Good luck!
hero member
Activity: 868
Merit: 1000
What about the infamous race conditions ?

According to my guy he used a hook called "after_commit" where needed, but I'm currently reviewing the code. Meanwhile if you can execute it that means he didn't do enough!

And please stop or I'll have to pay you for the job you're doing Smiley

(Half kidding, we'll organise a hack prize later, you ready to win it. But don't stop!)
legendary
Activity: 1372
Merit: 1008
1davout
What about the infamous race conditions ?
hero member
Activity: 868
Merit: 1000
I'm having mixed feeling towards this project. The security measures you have implemented seem really great, and inspire great confidence in your service. Using the source of a service that had some major issues, not so much. I've heard multiple coders and programmers say that the code Bitcoinica was running, wasn't build as it should be, like proper error checks, etc. Maybe you won't get hacked, but what happens if you lose a lot of money due to accounts going negative because of some random bug without the owners paying to bring it back to zero/positive?

Hi Mushoz, I understand this concern, there was a general lack of security features, that we tried to correct to the best, and that's why we're in beta. Hey, we already had a bug with Davout, because no check of the leverage!

First, we invested so reserve funds adnd are ready (able) to take up to 400 btc and 4000 usd loss if shit should happen during the beta. Second, because we don't want to lose money, we checked what we could, especially with the balances and trading system as it is the crucial part of the system, and played with this ourselves to see what we could do and not do. The trading system seems to work as intended. But well, I can't stress enough that this is a beta, there will be bugs. What there won't be is theft of funds, because we check history of trades, deposits,... to match with withdrawal requests.

Finally to answer your specific example: a user balance won't be able to be withdrawn to negative because we would have checked it (and the balances work without bugs). And if it's would be negative because of its opened positions, the position could not go to more than we can afford to lose because we hedge what we can not afford to lose (a matched order is passed to mtgox, we also checked it and it works as intended).

Also, a question: You say you and your lover are in possession of the private keys. What happens when you both die in a car accident or a plane crash or something highly unlikely? Do you have some sort of deadman's switch implemented? Thanks Smiley

Right now: the bitcoins would be pretty much lost. No dead man switch is in place, but we will implement one of course, around the time we'll implement automatic offsite signing of bitcoins transactions. We do not drive though Cheesy

Thanks
Raphael
hero member
Activity: 686
Merit: 500
Bitbuy
I'm having mixed feeling towards this project. The security measures you have implemented seem really great, and inspire great confidence in your service. Using the source of a service that had some major issues, not so much. I've heard multiple coders and programmers say that the code Bitcoinica was running, wasn't build as it should be, like proper error checks, etc. Maybe you won't get hacked, but what happens if you lose a lot of money due to accounts going negative because of some random bug without the owners paying to bring it back to zero/positive?

Also, a question: You say you and your lover are in possession of the private keys. What happens when you both die in a car accident or a plane crash or something highly unlikely? Do you have some sort of deadman's switch implemented? Thanks Smiley
hero member
Activity: 868
Merit: 1000

Restriction of leverage values has been added, you can now only set leverage for 1.0 to 10.0

Thanks Davout for helping correcting it!
hero member
Activity: 868
Merit: 1000
Nice, but you could have at least plugged the most obvious security holes of the Bitcoinica source code before re-using it.





Thanks Davout,

I handed over to the developper and meanwhile added a routine to check and correct users leverage.
legendary
Activity: 1372
Merit: 1008
1davout
Nice, but you could have at least plugged the most obvious security holes of the Bitcoinica source code before re-using it.



hero member
Activity: 868
Merit: 1000
hero member
Activity: 868
Merit: 1000
Hi everyone,

Our project has grown quite a lot since when it started. As it is still in active development, I'm moving it to the project development section, and changing the OP to explain what it is now:

Bitfinex offers 3 main functions, working together. There is 3 different types of wallet, each one having a dedicated function.

Meta-exchange
Bitfinex works as a meta-exchange. It allows you to acess the orderbooks of others main bitcoins exchanges to have the best liquidity possible, while keeping fees lows. You can see the global orderbook of bitfinex combining all orderbooks available (level 2 order book).

The three main functions of Bitfinex
Bitcoins exchange

The exchange part works like any regular bitcoins exchanges: you put your offer to buy or sell bitcoins, on the global orderbook. You can choose to execute your orders only on mtgox, or only on bitfinex, for example; that's the routing feature. When an order is matched against another, it is executed.
The exchange wallet type is used for this feature.

Margin trading

Our margin trading feature is unique in the Bitcoin world. Basically, it allows you to borrow funds from lenders (see next feature) to trade bitcoins. If you make a profit, you get the profit and pay the depositor interests. If you make a loss, you reimburse the depositors the whole borrowed amount.
For example, let's say you want to open a long position for 100 bitcoins. That means you want to buy 100 bitcoins hoping to the price will go up. The system will borrow for you 100 * the bitcoin price US dollars (let's say 1300 USD) from lenders, at the best rates available. Your position will have a maximum period (defined by lenders), after which you will have to reimburse the 1300 USD (close the position). Each hour you will be charged an interests rate going to your(s) lender(s). If later you want to increase your position, you can borrow more funds, which will have there own maximum period.
At any time before the expiration date, you can close your position. This will reimburse your lender, and you will keep the profit.
The same goes for short position (selling bitcoins), where you borrow bitcoins instead of dollars.
If there is no lender available, you will not be able to open your position. Your order status will be "NO RESERVE ACTIVE", which means that it will be executed as soon as there is funds available.
The trading wallet is used for margin trading. It does not serves the purpose of buying or selling bitcoins, it serves only as margin requirements; that is, even if you have 1000 US dollars in this wallet, if you open a 10 BTC long position, you will borrow the needed USD. Funds in this wallet are to cover for eventual losses that may occurs. When the losses covers almost all your wallet balances, you may get a margin call and have your position force-closed to avoid further losses.

Lending

Our lending feature goes hand to hand with the margin trading feature described above. If you don't feel like a trader and/or prefer safer investments, this feature is for you. Bitfinex allows you, using your deposit wallets, to lend bitcoins and/or dollars to traders. You can put offers with your chosen terms (which rates, for how long, and how much). When an offer is taken by a trader, the money in your wallet will be used to buy or sell bitcoins, and a loan will be opened. When the loan expires (the trader closes his position), bitcoins are bought or sold back and money is reimbursed to your wallet.

You don't have the exchange risk when you lend with bitfinex. The exchange risk is taken on by the trader, and, in case his position loses money, he will cover the loss with funds in his trading wallet. If by any chances losses are greater than what the trader can afford, the loss is on Bitfinex, we will cover for the missing amount.
You can then see how the risks are minimal, while the rates are great (bitcoins price being very volatile, traders can afford to borrow at a high premium)

Security

When it comes to security, we're always paranoid. We have unique security features in the bitcoin world, which are:

  • A watch-only wallet (cold wallet) on the production server, to monitor bitcoins transactions without giving keys to spend them
  • Trade only exchanges API keys
  • Automatic backup of the database once a day
  • Duplication of backup data automatically across 3 servers
  • Paper backup of wallet and exchanges keys and passwords

Cold wallet:

Your bitcoins are stored in cold wallet only, and the servers only use watch-only wallet, powered by Armory, to monitor deposit and balances. We have a bitcoind (official daemon) running only to handle the blockchain transactions), and the wallet is handled by the Mav Armory Server script (open-source, you can find it here: https://github.com/thedawnrider/BitcoinArmory-Daemon).
All bitcoins withdrawals requests are processed manually, once a day, every business day.

Trade-only API Keys:

The API keys (like currently the Mtgox API key) are stored encrypted on one of the production server. This key provides only right to get balances and buy and sell bitcoins on Mtgox. That's why you are able to deposit instantly using mtgox codes, but the mtgox code withdrawals are handled manually.

Automatic backup of the database

Once a day, the database of the platform is backed up, encrypted and compressed as an archive. The passwords of users it contains are encrypted

Duplication of backup data

As soon as a new backup is ready (database, log files,...), it is sent to others servers in 2 several physical location.

Paper backup of wallet and exchanges keys

These crucial informations are printed on paper, which is kept with us in a physical wallet in bitfinex place. As well, the cold wallet is printed on paper, and Armory (the bitcoin client we use) allows to restore wallet from paper if needed.

Questions?
If you have others questions or suggestions to make, it will be a pleasure to receive them on [email protected]!
Pages:
Jump to: