Pages:
Author

Topic: Reverse-engineering and documenting Bitcoinica (Read 3122 times)

full member
Activity: 210
Merit: 100
The information changes all the time and the call to fetch it is not authenticated.
What bothers you exactly ?


Okay, so Bitcoinica wasn't actually logging in (authenticating) every 5 seconds. I guess that's the part that gave me the "Deer in headlights" confusion.  Cheesy

Thanks for clarifying this for me, davout.
legendary
Activity: 1372
Merit: 1008
1davout
The information changes all the time and the call to fetch it is not authenticated.
What bothers you exactly ?
full member
Activity: 210
Merit: 100
I'm not sure if I'm reading the pasty correctly: http://pastie.org/4257541

Was Bitcoinica logging into MtGox every 5 seconds?
Yep, to fetch the orderbook and compute their ticker buy and sell prices.

Considering that all this data is available from MtGox, Intersango, and most exchanges with no authentication required...

Is there an advantage to authenticating 17,280 per day to collect the same public information?
legendary
Activity: 1372
Merit: 1008
1davout
I'm not sure if I'm reading the pasty correctly: http://pastie.org/4257541

Was Bitcoinica logging into MtGox every 5 seconds?
Yep, to fetch the orderbook and compute their ticker buy and sell prices.
full member
Activity: 228
Merit: 100
Hey,

thank you all for sharing!
I will be looking into it, and probably rebuilding it in PHP.

Let's see how it goes Smiley


the best,
talpan
full member
Activity: 210
Merit: 100
I'm not sure if I'm reading the pasty correctly: http://pastie.org/4257541

Was Bitcoinica logging into MtGox every 5 seconds?
legendary
Activity: 2940
Merit: 1333
That risk can be lessened by matching trades.  So for every person that goes long 1BTC you need another person to go short 1BTC so your position is flat.

I'm not sure if Bitcoinica did it this way or not. So as a user you say to the system I want to go long BTC. Your trade is only fulfilled when it is matches with the opposite trade.

If a match is not found the trade goes unfulfilled. I guess you could use the price to encourage people to trade one way or the other.

This is a complicated risky business.

Sure, you can reduce the risk by matching trades, which is why in my example they only had 1 customer...

But even with matched trades, it the price moves too far you end up liquidating the losers' positions (you pretty much break even on those - you can use the money they lose to pay the winners, and keep the spread for yourself) but then you're left with an unbalanced book.  The winners still have positions which now aren't matched by anyone taking the opposite position, since they've been liquidated and so I guess you have to pass their positions on to your hedging accounts at gox.
sr. member
Activity: 262
Merit: 250
Here's how I think it works. You would have 2 hedging accounts one in $ the other in BTC (Because we are buying and selling against the dollar). These accounts would be at MtGox

i.e. Dollar account $10,000
Bitcoin account 10,000BTC

To perfectly hedge each trade we have to buy and sell from our hedging accounts to match the trade.

So in your example. He deposits 1BTC and sells (goes short) x10 on BTC. So he is short 10BTC.

The Bitcoinica clone would also have to sell 10BTC, i.e. convert 10BTC from the bitcoin account into the dollar account.

That way if the price falls the profit the trader makes is made up by the gains in the dollar account.

Can anyone correct my logic here ?

That makes sense, and is I guess how it worked.

Assuming the price of BTC started at $10 and ended at $1, when the customer closes his position you can buy back the 100 BTC for the $100 you made by selling 10 BTC when the customer first shorted, so you end up with $10k and 10k BTC again.

The problem is that now your 10k BTC are worth only $10k, whereas before they were worth $100k.  You've lost $90,000 on the deal by being long BTC while the price crashed.  Maybe this is why Bitcoinica borrowed BTC from customers, so they wouldn't be exposed to the currency risk.

That risk can be lessened by matching trades.  So for every person that goes long 1BTC you need another person to go short 1BTC so your position is flat.

I'm not sure if Bitcoinica did it this way or not. So as a user you say to the system I want to go long BTC. Your trade is only fulfilled when it is matches with the opposite trade.

If a match is not found the trade goes unfulfilled. I guess you could use the price to encourage people to trade one way or the other.

This is a complicated risky business.
legendary
Activity: 2940
Merit: 1333
Here's how I think it works. You would have 2 hedging accounts one in $ the other in BTC (Because we are buying and selling against the dollar). These accounts would be at MtGox

i.e. Dollar account $10,000
Bitcoin account 10,000BTC

To perfectly hedge each trade we have to buy and sell from our hedging accounts to match the trade.

So in your example. He deposits 1BTC and sells (goes short) x10 on BTC. So he is short 10BTC.

The Bitcoinica clone would also have to sell 10BTC, i.e. convert 10BTC from the bitcoin account into the dollar account.

That way if the price falls the profit the trader makes is made up by the gains in the dollar account.

Can anyone correct my logic here ?

That makes sense, and is I guess how it worked.

Assuming the price of BTC started at $10 and ended at $1, when the customer closes his position you can buy back the 100 BTC for the $100 you made by selling 10 BTC when the customer first shorted, so you end up with $10k and 10k BTC again.

The problem is that now your 10k BTC are worth only $10k, whereas before they were worth $100k.  You've lost $90,000 on the deal by being long BTC while the price crashed.  Maybe this is why Bitcoinica borrowed BTC from customers, so they wouldn't be exposed to the currency risk.
sr. member
Activity: 262
Merit: 250
What if you only have one customer.  He deposits 1 BTC and shorts at 10x leverage.  Then the price of Bitcoin drops by a factor of 10 and he closes his position.

His balance is now 100 BTC.  Where do you get the coins from to pay him?

Yes. I was thinking about this too. It's where hedging comes in.

Here's how I think it works. You would have 2 hedging accounts one in $ the other in BTC (Because we are buying and selling against the dollar). These accounts would be at MtGox

i.e. Dollar account $10,000
Bitcoin account 10,000BTC

To perfectly hedge each trade we have to buy and sell from our hedging accounts to match the trade.

So in your example. He deposits 1BTC and sells (goes short) x10 on BTC. So he is short 10BTC.

The Bitcoinica clone would also have to sell 10BTC, i.e. convert 10BTC from the bitcoin account into the dollar account.

That way if the price falls the profit the trader makes is made up by the gains in the dollar account.

Can anyone correct my logic here ?

legendary
Activity: 2940
Merit: 1333
What if you only have one customer.  He deposits 1 BTC and shorts at 10x leverage.  Then the price of Bitcoin drops by a factor of 10 and he closes his position.

His balance is now 100 BTC.  Where do you get the coins from to pay him?
legendary
Activity: 1078
Merit: 1003
How do you get the loser to pay their debt ?

You liquidate his position before his account runs out of money. Simple really. The only problem appears when you can't liquidate him fast enough..

But you've extended him a loan of 10BTC against his 1BTC. So are you saying you liquidate him at 1BTC of losses ?

No, you do it even sooner, because if you do it at 1BTC losses then you risk not being able to liquidate fast enough and you as the exchange incur losses from his position.
legendary
Activity: 1372
Merit: 1008
1davout
How do you get the loser to pay their debt ?

You liquidate his position before his account runs out of money. Simple really. The only problem appears when you can't liquidate him fast enough..

But you've extended him a loan of 10BTC against his 1BTC. So are you saying you liquidate him at 1BTC of losses ?

With 1:1 leverage you can let the customer have a 100% loss basically.
With 10:1 leverage, you need to force-liquidate the position as soon as there is a small price movement in the opposite direction of the postion in order to *at least* get the amount that was loaned. The house reimburses itself and the customer loses everything.
hero member
Activity: 566
Merit: 500
^^ yup
sr. member
Activity: 262
Merit: 250
How do you get the loser to pay their debt ?

You liquidate his position before his account runs out of money. Simple really. The only problem appears when you can't liquidate him fast enough..

But you've extended him a loan of 10BTC against his 1BTC. So are you saying you liquidate him at 1BTC of losses ?
legendary
Activity: 1078
Merit: 1003
How do you get the loser to pay their debt ?

You liquidate his position before his account runs out of money. Simple really. The only problem appears when you can't liquidate him fast enough..
sr. member
Activity: 262
Merit: 250
davout, or anyone really. I have a question about the business model, although it may come from a misunderstanding on my part.

Let's say you're offering 10:1 margin.

Just 2 customers for simplicity, both charge there accounts with 1BTC and therefore have 10BTC to play with (due to the 10:1 margin)

Customer A goes long on Bitcoin i.e. Buys 10BTC (remember the 10BTC is borrowed money)
Customer B goes short on Bitcoin i.e. Sells 10BTC.

Now this looks perfectly balanced, as the BTC price moves up and down your position as a bitcoinica clone is flat (Bitclonica ?)

Now say they both close their positions, one of them will be in profit, the other in loss. How do you get the loser to pay their debt ?

In fact, couldn't I just keep opening Bitclonica accounts and go long and short at the same time and never pay off my losing accounts ?

Then my second concern is hedging.

Say you now have 10 customers, 9 are long 1 is short. Let's say the 9 customers are winning how would you effectively hedge your own position ?





legendary
Activity: 1372
Merit: 1008
1davout
As a side note, I have not witnessed a single incident of Bitcoinica that was caused by a Rails security vulnerability or by the 17 year-old developer's code. The hacks were were related to mail servers, infrastructure break-ins (Linode) and general stupidity (source code containing api key).
This.

Also please let the trolls die. A part of me boils with nerd rage when I see some retarded things written about Ruby or Rails but I refrain from answering because it's a pure loss of time.


A brief skim at the source code however makes me realize the code is using floats (.to_f) rather than Ruby's BigDecimal class. This worries me because floats are prone to rounding errors, BigDecimal is perfect for monetary transactions as it keeps precision.
Yes, this is a concern for me. I don't care if floats are only used for display purposes (and not storage), but it starts bothering me when I see them everywhere as a sign of developer lazyness.
member
Activity: 109
Merit: 10
Sure there are sites that use Rails such as Twitter.  The primary reason why I say it's less proven is because I don't see very many financial websites using Rails.

Etrade, Ameritrade, Chase, Bank of America, PayPal, etc. don't use Rails.

But, I am willing to give Rails the benefit of the doubt and maybe I am wrong this time.

This most likely because when the back-ends of those companies were built, Rails was not seen as a viable tool at the time. Rails was released in 2004, and most of those companies were founded before this time.

As a side note, I have not witnessed a single incident of Bitcoinica that was caused by a Rails security vulnerability or by the 17 year-old developer's code. The hacks were were related to mail servers, infrastructure break-ins (Linode) and general stupidity (source code containing api key).

A brief skim at the source code however makes me realize the code is using floats (.to_f) rather than Ruby's BigDecimal class. This worries me because floats are prone to rounding errors, BigDecimal is perfect for monetary transactions as it keeps precision.
legendary
Activity: 1120
Merit: 1152
The trick is that if strings are immutable, and short strings are guaranteed to have unique memory locations, the a == "foo" comparison can actually be implemented as a direct pointer comparison rather than a slow string comparison. This is basically just as fast as a traditional enum, and in practice takes up the same amount of space. (integers in structures are usually not packed) Of course, comparing three letters is pretty quick as well, especially in the context of an interpreted language. FWIW if I'm not mistaken Python strings work this way, and it's considered "Pythonic" to use strings to replace enums.

Premature optimization is the root of all evil.
Premature optimization may be the root of all evil, but only if it makes the code harder to read, aka replacing the strings with status numbers. Enums doesn't reduce code readability, as it is essentially the same as strings, (except without the quotes). Secondly, enums are superior to strings because they are strongly type checked to prevent any undefined behavior, which may result from typos. In addition, IDEs can recognize enums and provide additional features such as auto completion and error detection, which boosts productivity.

See, in a strongly typed language, I'd agree with you. But Ruby and Python are dynamically typed, which greatly reduces the advantages of traditional enums because there is no mechanism to type-check them anyway.

Note though, the actual preferred Ruby enum approach is apparently symbols - as notme mentioned, see http://stackoverflow.com/questions/75759/enums-in-ruby - which are pretty much immutable strings with some syntactical sugar. (and potentially namespacing) Still using strings may make sense in some cases, like interfacing to external code. Python meanwhile doesn't even have the concept of a symbol.

Is dynamic typing system the right approach? That's a very complex question... For one thing, remember that typing systems can be a lot more complex than the simple C/C++ model of mostly incompatible types. Look as Haskell's inferred typing for instance.
Pages:
Jump to: