Author

Topic: BitShares XT - Security against Market Manipulation FIND ATTACKS FOR TIPS (Read 1613 times)

full member
Activity: 156
Merit: 100
BitShares XT and BitShares Me

great
newbie
Activity: 5
Merit: 0
newbie
Activity: 22
Merit: 0
Where can I find Bitshare XT whitepaper ?
sr. member
Activity: 256
Merit: 250
Alt got a tip worth about 300 dollars for pointing out a potential attack!

https://bitsharestalk.org/index.php?topic=3130.msg40793#msg40793

Lots more to be had if anyone can find attacks or flaws or improvements!
sr. member
Activity: 256
Merit: 250
BitShares XT, the test version of Bitshares X bank and exchange, is currently in development.

Invictus generously rewards anyone able to point out potential attacks, market manipulation and even general flaws in the system. Even good suggestions for refining the rules will be rewarded.

https://bitsharestalk.org/index.php?topic=3130.0


Over the past week many people have identified certain attacks that we must guard against in the initial chain.   The theory behind BitShares XT works very well in a large established network, but early on in the life of a network things break down due to low market depth.    A few simple attacks have come to my attention that must be resolved and I will be posting them each in their own thread.  I would like to use this thread to discuss potential attacks and if an attack warrants in depth discussion I will spawn a new thread to discuss it.

I am not going to place a specific bounty price for finding attacks, lets just say that if you bring something to my attention that makes me realize something new that I will tip very generously up to hundreds of PTS.

This thread is motivated by the discovery of two attacks for which I have found solutions which will impact BitShares XTs rules:

Attack 1)  The SIDS Attack   (Sudden Instant Derivative Sack)

In this attack any user who is around when the blockchain is first launched can issue themselves $1 billion BitUSD as a long position with a short position of $1 billion BitUSD backed by 1 BTS.   It doesn't matter what the future consensus is, the short position will be blown out in a massive way and leave billions of BitUSD laying around with no backing.  

The solution to the SIDS Attack is two fold:  

   a) no market trading will be allowed for the first N days to allow enough people time to enter bids and asks that arrive at market consensus.
   b) no market trading will be allowed anytime either side of the order book has a depth below D% of the share supply.

This rule effectively states that for blockchain based trading to occur in an automated way there must be a quorum of shareholders agreeing on the price.  This does not prevent private parties from transferring BitUSD or BTS to other users or arranging manual trades.  It simply prevents any manipulation of the price that could result in margin calls at unrealistic prices.

The values for N and D are subject to debate, but my gut feeling is that N should be 14 days and D should be 5%

Attack 2)  The SlingShot Attack  (Other names welcome)

   In this attack, the attacker will place a large short order close to 2x above the current ask.  Under normal conditions this order would never be filled.   Then the attacker starts buying to push the price up until he triggers a short squeeze.   The short squeeze starts a chain reaction that pushes the price clear up into the attackers short position.  Then the price falls back to where it should and the attacker covers their position with a 50% gain.  Whether this attack is profitable or not depends upon how big of a short squeeze the attacker can trigger and how little is required to kick off the squeeze.  

I have been thinking long and hard about the SlingShot Attack and have concluded that the only solution is to increase margin requirements.  As it exists today, if someone wants to short 1 BitUSD the most they risk is 1 BitUSD.   On a traditional exchange, if you want to short something your potential losses are infinite because if you run out of margin then they can come after your savings, your house, and your future income.    The SlingShot Attack is much harder if the margin requirements make the probability of a short squeeze much lower.  

Lets assume a very conservative amount of margin, 10x.   To perform the SlingShot attack would require pushing the price up 9x and would reduce the attackers gain from a maximum of 50% to a maximum of 5%.    If you then combine this increase in margin requirements with the automatic market freeze anytime the depth fell below the required threshold and you will be unlikely to walk the book enough to trigger a short squeeze without suspending trading.

   What is the impact of requiring a larger margin for short positions?  People will still go short, but the amount of leverage they can apply will be reduced significantly.  BitUSD will still be created and thus will still trade.  Instead of the marketcap of BTS being 2x the value of the trading BitAssets it would now be at least 10x the value of the BitAssets traded.    Thus increasing margin requirements should only limit the ability to go short and have little influence on the price people are willing to go short.  Shorts will feel much more secure knowing that other shorts are less likely to end up in a squeeze which will balance out with the added risk of losing up to 10x the amount you shorted.  

    Based upon these two attacks and the need for significant market depth before the chain can be 'secure' I am starting to conclude that market depth is more important than transaction volume in limiting the number of BitAssets per chain.   For this reason I am thinking that the BitShares XT network should have only 2 BitAssets (Gold and Bitcoin).   We want to focus the trading efforts and market depth on two assets rather than spreading the network thin.   Once we understand the security implications future chains are likely to start with a larger user base, deeper markets, higher initial valuation, and thus able to support more assets securely.

Please let me know of any other attack ideas you can come up with and what your thoughts are on these rule refinements?
Jump to: