Tag: 51% attack

Augur disputes all the way down (plus Veil, ETC)

Good morning,

Apologies for being a day late. To be completely honest, I forgot what day it was yesterday and didn’t realize until after dinner that I missed publishing a member post. Sorry about that!

Hope you all had great breaks. I for one am happy to be back at it.

On to the update:

Augur disputes

Disclosure, I hold a tiny bit of REP

In December, the creator of the Augur market for predicting which party controlled the House after the mid-terms reported that Republicans was the correct answer, despite Democrats winning the the majority. S/he justified this decision by saying that at the time of the market’s close, Republicans still had the majority. I wrote:

What happens now? REP holders are allowed to dispute this result starting next Wednesday, December 19th. The mechanics of the dispute phase (and all of Augur to be honest) are pretty complicated, but in short this is how it works:

  1. A market outcome is reported, that outcome becomes the “tentative outcome”
  2. REP holders are allowed to dispute the outcome
  3. If enough REP holders choose another outcome, that outcome becomes the “tentative outcome”
  4. Back to step 2 until nobody successfully disputes

This can go on for some time, as Robert Miller pointed out to me yesterday. A market on whether the weather was good during the Bastille Day parade was disputed fifteen times.

A month has passed and the market still has not resolved. After the initial decision of Republican, a successful dispute turned the decision to Democrat. Until another successful dispute turned it to Republican. And then Democrat, then Republican, and now we’re waiting for the next dispute window to open at which time I’d expect another successful dispute from Democrats. You can see the riveting sequence here.

What I didn’t cover in my prior post on the matter was what happens if the disputes go on forever. As I mentioned, the Bastille Day parade had been disputed fifteen times; it is still being disputed!

When a dispute goes on for long enough, things get weird. First, some background:

A market is successfully disputed when a “dispute bond” is filled. A dispute bond is REP staked in favor of a particular decision in a disputed market. It is “filled” if it meets the threshold to overturn the current decision. It gets more expensive to fill a dispute bond each round. You can see this in action in the House market.

Once a dispute bond reaches a size of 2.5% of all REP (275,000 REP), a fork occurs. Today, there is one Augur network where all the markets live; where REP is the native token. When a fork occurs, that Augur network turns into n networks with n native tokens where n is the number of outcomes in the market that triggered a fork.

So if the House market leads to a fork, Augur as we know it dies and in its ashes we have:

  • Democrats Augur
  • Republicans Augur
  • Invalid Augur

And users have to choose where they irreversibly move their REP, turning it into dREP, rREP, or iREP (made up names). It’s quite a cool mechanic (but my inner Marie Kondo is already getting stressed by the potential clutter of dead Augur universes)!

Anyways, this isn’t particularly likely to happen anytime soon. The size of a dispute bond in the upcoming round for the House market is ~1500REP. So we’re still several rounds away from seeing a fork.


In related news, Veil, a company that hopes to make Augur much easier to use, just announced they would be launching to mainnet soon (on Jan 15).

Instead of using the cumbersome interface that augur.net directs users to, Veil wants to provide a user experience more similar to the non-crypto webapps we use every day. From the announcement:

Veil makes trading faster and cheaper. Ethereum transactions are slow, so we’ve used the 0x protocol to speed up trading and minimize the number of transactions you need to send. Veil order creation and cancellation happens off-chain, and Veil pays gas to persist trades to Ethereum.

Veil helps you get paid faster. Augur’s decentralized oracle system ensures markets are resolved correctly, and it’s a necessary component of a trustless network. But the finalization process can take weeks to complete. Veil introduces a feature for supported markets we call instant settlement. That means you can redeem your Augur shares for ETH as soon as the market expires. Veil has high confidence that the markets will be reported on and settled correctly, so we let you sell your Augur shares to Veil immediately at the reported price rather than waiting for finalization in Augur. Instant settlement is optional, but the idea is to let you choose your own level of trustlessness.

Big quality of life improvements. When a market looks like it will resolve in your favor, you can just claim your winnings instead of waiting for your shares to get unlocked following what can be a lengthy resolution period. For this convenience, you give up a few points of profit. To use the House market as an example, a decision of Democrat means that Democrat shares are worth 100% probability. Today, they are only worth ~95% because there is a (I guess ~5%) chance that the market will end up resolving Republican.

From what I can gather, using Veil’s instant resolution means that you just say alright, I’ll take the 95% price (and give Veil 1% for the convenience) to get my money out now instead of n dispute periods later.

This is just one of a few important ways Veil is trying to abstract away the complexity of using Augur. I hope they are successful because if they are, it’ll motivate more people to try to build these businesses which seem like the happiest path to getting an order of magnitude more users interacting with smart contracts. There are, of course, legal and regulatory headwinds for businesses like these (Veil will be blocking US users), but the more businesses that try, the clearer the path will be for experimenters.

ETC 51% attacked

When one uses a cryptocurrency, one expects one’s transactions (e.g. sending, receiving) will be accurately recorded in the blockchain. If transactions are not accurately recorded, why would one feel comfortable holding any of that cryptocurrency? One’s balance might disappear.

Most blockchains don’t have this problem most of the time. But it can happen in proof-of-work blockchains when one entity possesses over 50% of the hash power dedicated to validating transactions for that blockchain. Because they have the majority “say,” they can rewrite history. This is called a “51% attack.”

Ethereum Classic was the latest victim of such an attack. You can read Coinbase’s original disclosure here, Hosseeb’s thought provoking thread here, and a recent post mortem from Ethereum Classic here.

Among the useful lessons from this attack:

  1. 51% attacks have happened almost exclusively on proof-of-work cryptocurrencies that use the same mining algorithm as another cryptocurrency (in this case, Ethash, dominated by Ethereum)
  2. The victims of 51% attacks are exchanges (the attacker sells coin A for coin B on the exchange and then rolls back the transactions, stealing coin A from the exchange)
  3. Users and the market don’t seem to really care (ETC was down only modestly following the attack)

McIntyre made a list of possible next steps for ETC in his post-mortem:

We wrote a list of options and priorities for the ETC community and developers to debate, write ECIPs if necessary, and implement over the near future:
1. Create a monitoring and alert system for ETC so attacks may be seen faster to alert the ecosystem.
2. Continue the recommendation for users and operators to use a significantly higher confirmation time, 2500 to 5000 depending on the type of transaction.
3. Study the possibility of implementing deep-reorg-protection.
4. ECIP1043: The purpose of this ECIP is to set a limit on the maximum size of the DAG to its initial state and no longer increase it on an epoch schedule.
5. We will not apply any changes hastily without proper research and analysis and will continue to whether (sic) the storm.
6. The above + wait for ETH to change to ProgPoW or PoS; making ETC the dominant chain in that PoW niche.
7. Change PoW algo to be dominant in a new PoW niche and minimize NiceHash renting attacks.
8. Two of the options under analysis are ProgPoW and Keccak256 (ECIP1049).
9. We will not reorg the chain or revert the events on chain under any circumstance.

What’s interesting about ETC is that any attempt to recover funds (9) from a 51% attack is diametrically opposed to the ethos of ETC. So one would expect that no matter how bad attacks get (if they persist), the ETC community would not support recovery. So to actually materially reduce the risk of future 51% attacks, they need to do (6) or (7): wait for ETH to switch off Ethash or change ETC’s mining algorithm to something unique.

Both options seem fine, but if I were a holder of ETC (I am not) or any minority PoW coin (also not), I’d be very nervous. Given that exchanges are the primary victim of 51% attacks, minority PoW coins are the coins that get 51% attacked, and liquidity is critical for the price of any coin, I’d expect high risk of exchange delistings leading to declining liquidity leading to declining prices.