Topic: [OFFICIAL]Bitfinex.com first Bitcoin P2P lending platform for leverage trading - page 115. (Read 723861 times)

I just hope that your bot isn't costing me (as someone who isn't using it) money in the end. In one way or another.

That would depend in large part on what minimum rates people set. The default minimum rate on MarginBot is 0.05% per day (18.25% per year). The non-configurable minimum rate on FRR loans is 0%. If you were to switch all current FRR auto-lenders over to using an aggressive undercutting bot with a non-configurable 0% minimum rate, then yes, they'd clear out all the swap demands on the book and make it so that no offers above 0% get taken except when there's enough demand to bust the wall.

Of course, gradually the auto-lenders would log in, see that the party is over, and withdraw their funds. This would allow rates to start rising again; possibly quite rapidly, depending on how many fixed-rate lenders called it quits too.

Whatever you guys do about the FRR situation, I would strongly encourage you to require auto-lenders to explicitly choose a minimum rate for their offers. Providing a default risks recreating the wall at that rate, or at least distorting the market towards that rate. You may also want to consider allowing (or requiring) borrowers to explicitly choose their maximum auto-borrow rate (instead of the current fixed %1 per day), so that we better incorporate borrower preferences as well.

Having thought about this some more, I'm going to take my own advice and remove the default minimum rate from my bot, and require users to set it themselves. HowardF, you may want to consider doing the same with yours.

Step 1: Get your email account compromised.

Step 2: Attacker uses password reset form: "Reset your password -- Enter your email address -- Click here to reset your password", so they now have your account credentials... you don't, just them.

Step 3: Attacker sends a nice email to support@bitfinex asking for the 2FA to be disabled, and is able to follow up with any further exchange of emails.

So in the event of an email security failure, your security model ends up resting largely on the idea that your support staff can tell apart a hacker from a real user. If they ask sufficiently probing questions before complying, maybe that isn't too bad an assumption (it's still a bit dodgy from a formal security point of view, but pragmatically might at least pass a sniff test), but it would be reassuring to know that there's some sort of actually-rigorous process employed to be certain that you're talking to the real account holder.

For verified accounts, you have identity-establishing documents to refer to. I'd feel comfortable ticking a box that said "Please require me to provide that same sort of documentation again before disabling my Authenticator".

PLEASE ANSWER EVERYONE
How long does it take from the day you request a USD withdrawal until you receive the payment? What's your experience (regular & not express) with Bitfinex withdrawal times?

Thanks in advance.

I will say, I don't particularly want to get involved in the FRR debate though.  I'm pretty sure you guys are gonna do what you're gonna do, and my opinion won't much change that.  I just wanted to get involved to the extent that I didn't really want my bot used as the talking point in saying people will "take what they can take" and implying that people are ok with FRR.  I personally feel it's extremely damaging to the swap market, but that's just my opinion FWIW.

On the other hand, feel free to use my Bot as a talking point for any other discussions you wish to have.   Free publicity is free publicity....   

and of course they compete... they compete by setting an unnatural, unmanaged wall above which no other loans will go out, thereby creating a high limit I can't go above.

but it would be competition without a massive wall that us active investors are FORCED to stay below if we want any worthwhile returns at all.  The wall is the high limit of returns I can make at a given time, with or without a bot.  Without the FRR, there would be no high limit, just active competition.

It is not "enough", in that it takes more than just an email, it takes an email to a person who will then respond to that email, it is not an API. Secondly, removing 2FA does not grant you access to the account, you would still need the log on credentials. Thirdly, knowing WHICH email it is you are supposed to spoof is not automatically granted.

If you, are targeting a specific account, as an attacker, if you were to spoof a 2FA disable request for every likely email, this would be obvious to the human who is receiving the emails, and would raise a red flag. So, if they A. Get your login credentials, B. Obtain the email address you used to open your account, C. Spoof the email succesfully THEN they could access your account. Which means that they have to 1. Get your login credentials, 2. Defeat the 2FA.

So, if I add all that and make it compete with you for being active, you will see higher or lower rates? In other words, the more effort you put in (writing a bot), the better your returns. Those who "set and forget", won't make as much, but more importantly, they will not compete with you who do want to actively manage (via bot) your positions.

I agree, and those who are creating a massive wall, by definition, while the wall is there, are getting nothing. So people who use the FRR choose to get whatever they can get, in exchange for not having to manage it. A bot, of course, will be much more useful, and will give you better returns. Instead of having to compete with those people, whose funds are NOT active, you are able to get in front of them, and have your funds be active.

With no FRR, everyone who chooses to manage their funds with a bot would prioritize active over inactive, and you would see more competition.

my withdrawal got stuck in the processing phase 

yeah, if you go to the original thread at:

https://bitcointalksearch.org/topic/m.9608362

I posted my daily return % After Fees, and you can see that Sukrim posted his daily returns from using the FRR 30 days on autorenew as well, for comparison.

I will try to get together a more complete list of my returns over the last few months to post there later today, but one problem I have with returns is I still use my main account (which is where my stats come from ) for other things, like occasional day trading and paying bills, etc, so the stats before mid October aren't 100% pristine (i used to occasionally pull money in and out during the lending day basically, which would tweak the stats a bit).  I can give pretty much pristine stats through about 15th of Oct though, so I will definitely post those.

EDIT: I should point out Sukrim's post is on EU time, so his stats show the date one day off of mine, ie: My Nov 1 = his Nov 2....

Thanks for development efforts. Would you like to let us know your current 30 days return? I would like to compare the performance my own lending bot to decide whether to change the bot.

Word of advice: never use market order buy/sell options.

They are fairly buggy. For example: in the orderbook are orders available. So you put 1 btc market buy order. Nothing happens for a second or two, no change in the orderbook either.. So you put another market buy order. Another seconds pass with the result that BOTH your market buy orders were awarded TOP prices well above what was in the orderbook 8 seconds before when you placed the orders. It is as if this was a competition...

Or worse: click "market buy" for a smaller sum repeatedly. You will SOON find that your active orders are full of LIMIT buy orders and you have NO CLUE WHY.

So, this is my bug report for today.

Also... my bot has already garnered enough attention to be forwarded to BFX people?  Nifty!   

Exactly.  FRR encourages building a massive wall at a specific rate, rather than a natural rate competition over a range of loans...  it is very much the opposite of finding an actual fair market value.

As the author of this bot, I'd like to point out this bot was originally developed specifically because of how frustrating the FRR is.  It's not a "something  rather than nothing" philosophy so much as  "FRR wall breaks realistic lending rates, and keeping my money lent 100% of the time at least improves my return a little bit".  I do very much care about the rate, I just came to accept most investors are lazy and will dump everything into FRR auto renew and never think another thought about it, and I had to figure out a way to combat that as  best I could...  I would also point out the 30 day returns with this bot are almost always much higher than FRR set and forget lenders returns are...

Well, no time like the present:

cascadebot: A simple (but effective) lending bot for Bitfinex

Since a mail by an address of the account owner seems to be enough to get rid of 2FA, please look into various ways to spoof this (http://en.wikipedia.org/wiki/Email_spoofing) - hopefully you are aware that it is fairly trivial to send convincingly looking mail from any address...

Speaking of bots, I'm testing one that I just wrote (to be released soon), and I'm getting "Max retries exceeded" way before hitting the 60 requests per minute limit specified in the API documentation. The strange thing is that the bot has been running fine all day, but choked twice in a row just now. Is there some other hidden limit that I'm running afoul of?

EDIT: Nevermind, it looks like it was just a regular connection error. Wording of the exception threw me off.