Idea: Coinbase like Nu DAC


I’d like to share a small idea I had today while studying share systems in greater detail, and I would appreciate to hear what you think. The concept is a basic blockchain revenue model based on the Nu codebase, which would allow to sell BTC for NBT in a in my opinion pretty safe way. The same concept could also be applied to other coins and theoretically also to other things.

Note: In the following I will use the term “address” independent of the currency. This is because we will use the same private key for Bitcoin, NBT and the share and currency of this DAC.


Let’s assume we have a share NXS distributed over independent entities (basic assumption for all PoS systems). Every staking and trading NXS shareholder has to be able to recognize transactions on the BTC blockchain, and needs to have the full NBT and of course the NXS blockchain synchronized at any time. Shares are transferable, and perhaps even available for trading on some exchanges.


The currency unit is not really a unit, it is just a ghost of the NBT transaction tree. It can temporarily deviate from it as described below, but any conflict will not harm the system. Let’s call this unit GNBT (ghost NBT).


Shareholders vote on three different parameters:

  • Security rate q: The set price of one share in NBT
  • Conversion rate r: The set price for one NBT in BTC
  • Fee f: Amount of NBT that will have to be sent to block signers

Each of these parameters will be evaluated using the median over the last 10 - 20 blocks. The parameters specified by the voting result will be valid in the following block, not in the current.

Buying / Selling

Every BTC seller must be a shareholder. If a seller, Bob, agrees on the parameters provided by the shareholder-voting and is willing to sell X BTC then he can announce this by burning q * X NSX shares. If no buyer appears within 3 blocks, the offer is invalid and the shares are recreated by the following block minus a small fee.

A buyer, Alice, doesn’t need to own shares, only NBT, which will automatically provide her with the same amount of GNBT. If she sees Bob’s sell offer and agrees on it, then she has to send the amount of NBT she wants to buy as GNBT within 2 blocks to Bob’s address. If their should be many applicants on the bid, the following block finder of the NXS chain will pick one and discard all others. The selected buyer, here of course Alice, now has 3 blocks to send the exact same amount of real NBT to Bob’s address. If she doesn’t send the real NBT, then the deal will also be over, and Bob will get the burned shares back. The GNBT won’t move and Alice won’t be able to use the same NBT output again to take an offer, because it has no counterpart in the GNBT ghost tree. Alice would need to move her NBT and to pay the 0.01 NBT transaction fee as penalty. But now let’s assume she sends the NBT to Bob’s address.

Since NXS staker have both the NXS and NBT blockchain synchronized, they will recognize the NBT transaction and record each confirmation of the NBT transaction on the NXS blockchain. Now Bob has Alice’s NBT, but also still has a certain amount of his NXS burned. Alice should never take an offer where the value of the NXS is not much larger than the amount of NBT in the trade.

Let’s first assume Bob is honest, then Bob will send the correct amount of BTC (according to the rate r set by the shareholders) to Alice. He then also has to send 10% of the fee f as specified by the shareholders to each of the five NSX block signer addresses who validated the NBT transaction. If all this will be done within 720 blocks, and the BTC transaction received 5 confirmation, then Bob will receive back the burned shares minus half of the fee divided by q, i.e.

returned NSX = q * X - 0.5 * f / q

The other 0.5 * f / q NSX will be distributed among the five NXS block signers who validated the BTC transaction just as in the case when Alice sent the NBT.

If Bob denies to send the BTC to Alice, then after 720 blocks Alice will receive her GNBT back on her address, i.e. now she doesn’t own the real NBT anymore, but again has the corresponding GNBT output. She now can decide either to burn the GNBT and to receive Bobs security deposit in NXS or to send her GNBT to another seller who might want to pay the bill for Bob. If he does, including all the fees, then Bobs security deposit will be recreated at the sellers address.

That’s it :wink: Its really very much the Coinffeine idea, but I thought, instead of removing the third party from the trade completely, why not decentralizing the third party itself. Note that this is not an exchange (it doesn’t scale), I would really compare it more to coinbase, but for both seller and buyer. One oracle, the shareholders, set the parameters for the risk (security rate) and cost for both the buyer (conversion rate) and the seller (fee). It is up to both seller and buyer to take the offer and shareholders have to figure out a good trade-off for this. It also avoids the problem of irrational players the Coinffeine model has, since the block signers of the NXS chain are the judges … PoS to rule them all.

Any input is appreciated. Would be a fun project and in my opinion quite interesting for Nu.


I like it as a concept and agree that it would be a fun project.
One question. What happens if Alice sends the NBT to Bob but, for some extraneous reason, they don’t show at his address within three blocks. She still won’t own the NBT but, according to the rules of the network, Bob has played fair.

Is it done programmatically by protocol? How can it be trustless?

1 Like

Yes these tolerances could be increased. I picked the three blocks such that a regular trade takes about 5 minutes, but 10 minutes would also be fine. High traffic is something that just doesn’t work with this model and I would also not make any serious attempt to change that.

Everything you read above happens automatically on the block chain except for the following actions:

  • Setting q, r, f (q and r should come from a datafeed provider with a market ticker script)
  • Signing up for a sell offer
  • Signing up for a buy offer

Everything in between are protocol rules and therefore are always enforced, as long as 50% of the staking shares are honest (just as in any PoS coin). All this sending of GNBT, NBT, BTC and so on can be made completely transparent to the user, who literally could accept such an offer via double click.

EDIT: Well in fact there really would be an order book. Alice doesn’t really accept Bobs offer manually in practice. She would just set the maximal buy price she wants to get and a minimal security rate she wants to see and her client will automatically pick an offer once it becomes available. Likewise, Bob will never really actively provide the sell offer, but also just sets a minimal sell price, maximal security rate and fee and the client will automatically create orders when the shareholder parameters are in agreement.

So you can imagine that there in fact is an order book, but it is hidden. Ideally you imagine this geometrically: Each order creates a half space of the (q, r, f) vector space and the shareholder parameters are a seed point which “randomly” (as determined by the shareholders) walks around within this space and leads to an order execution whenever it hits the boundary of an order.

What’s the revenue projection like? vs BCex

You as a shareholder receive 0.1 * f (as specified by shareholders) in each trade in NBT by the seller, if you sign the block that contains one of the NBT transaction confirmations.

You will also receive a part of the shares of the seller (corresponding to the other half of the fee f) if you sign a block which verifies the BTC transaction of a trade.

So the fee, and therefore the revenue model of the shareholders, is half NBT directly, half a redistribution of the shares.

EDIT: So maybe to clarify: owning shares will earn you nothing. I don’t like this idea and I will not design a system which encourages shareholders to not do their job. You get a part of the revenue if you take part in the block signing process, and in order to do so you have to stake NXS and validate NBT and BTC transactions to enable trading with the DAC.

1 Like

NXS mints though, right? So at least there’s that.

That’s what I mean with block signing process. If you are minting, then you will get some normal block reward every block you find + will be part of the revenues if you validate NBT or BTC transactions. If you only hold the share on an exchange to speculate on the price, then you won’t earn a penny of the revenue.

I need to admit that I have to read this idea again (although I’ve already read it twice). My mind doesn’t seem to be very well suited for getting advanced ideas :wink:
At first and second glance it looks very interesting, though!

How can we be sure that the processes underlying such actions are trustless?
I mean this question is also valid for smart contracts in general.
It seems your idea inspired from Coinffeine is able to implement a decentralized trustless exchange or a blue print close to that.
So I am wondering how can we be sure that the deposit addresses are only controlled by the the AI living on the blockchain unpon which the consensus creation mechanism is guaranteed to be impossible to be compromised unless you do a 50% attack on the PoS.
In other words, how does it differ from a multi-sig deposit address a la B&C which involves humans.

Its not an AI :slight_smile: Soon … But for now its the block signers, who hopefully still are human beings.

There is no deposit, it is really more a shapeshift like scenario. Let’s first look at the Coinffeine model: You and I both have to lock up coins and both agree an their release after the trade. This creates the incentive to play honest as long as your incentive is purely monetary. So if two profit optimizing bots are using this system with each other, then its perfectly fine. However, humans (1) make mistakes and (2) have incentives that go beyond the value of your deposit. For example, if I am a big rich company and you a small startup competing with me then I could burn some of your money by doing this, which would cost you much more (relative) than me.

So it is not trustless, but game theoretically playing honest is the best choice if you want to maximize your money.

The system in the OP puts the parameters of the trade and the handling of the security deposit (the locked coins) in the responsibility of a third party where the third party are the shareholders of the DAO. It is blockchain consensus here which determines where the security deposit will go, and the people who mint the blocks decide (automatically, through software of course) if the trade was performed correctly and route the security deposit accordingly. This works through burning and creating new coins in the blocks.

The obvious disadvantage compared to Coinffeine is that there is another component in the system which will take a part of the profit (through the fee). The advantage however is that one party cannot take into account the own loss and destroy the security deposit of the other party. In fact, as described in the OP, the proposed system does only require the seller to make a security deposit, and not the buyer. There is also no auxiliary credit unit for the buyer he has to be aware of. Buyer and seller never have to trust each other, but only the shareholders, who in turn won’t earn anything from a faulty trade but will lose reputation and future revenue, so its in their strongest interest to validate trades correctly.

B&C is an exchange. An exchange requires to support many different coins in an efficient way. So you basically have two options: You simulate each other asset on your exchange (BTS, ripple, etc), or you enforce everyone to keep track of all blockchains (centralized exchange, method in OP). Now the method in OP surely can be applied to two coins, especially since the BTC wallet doesn’t need to a full node. But with 10 coins only very few shareholders will be willing to synchronize all these and to validate their blocks, so the whole system simply does not scale.

What Jordan now decided to do is kind of the masternode subnetwork approach of darkcoin: You define a subset of your nodes (here the voted signers) who in turn must provide multi blockchain support for a selected set of coins. The internal credit then serves as token messaging system to trigger the exchange functionality and their consumption creates revenue.

The signers are trusted entities and BKS minters have no idea if they tell the truth or not regarding the transactions they perform by analyzing their own data (at some point they surely find out over other channels). Decentralization is achieved through the assumption that the proof of stake ranking process will lead to a set of independent signers. So far I think there is no intrinsic method in place which “ensures” that signers will be different entities (like proof of stake or proof of work), its only something about a BKS deposit, but this of course has to happen in the protocol or its not worth anything. However, as long as signers can be assumed to be independent entities, they allow a decentralized deposit and withdrawal mechanism which is implemented using the multisig approach.

So if I may I would make the following ranking:

Centralization (from decentralized to centralized): Coinffeine < OP < B&C < Shapeshift = Poloniex
Difficulty (from easy to hard): Shapeshift < Poloniex < Coinffeine = OP < B&C
Scalability to many coins (from non-scalable to scalable): OP < B&C = Coinffeine < Shapeshift = Poloniex
Traffic (from slow to fast): OP < Coinffeine < B&C < Shapeshift < Poloniex

But I am open for discussion about these points.

Sorry for the textwall, thinking too much about this stuff recently …


Finanlly I think I get what you are talking about. Very interesting.

Would it be multi-sig?

In case of Coinffeine, where are stored the security deposits?

Which has the best balance, compromise?

No. Nobody except the trading participants will be in charge of their funds at any time, so its only them signing their own transaction. Shareholders only have control about the security deposit, since this is a token on their own blockchain.

Its a double escrow system. Its hard to explain but easy once you understand what it is about. It is realized by taking advantage of partially signed multi-sig transactions. Coinffeine doesn’t require an auxiliary share to secure the trade, but this also means that there is a possibility that funds won’t get released after a successful trade, because one party plays irrational. In the OP method the security deposit (in form of an auxiliary share unit) will always be routed correctly as long as at least 50% of the minting clients behave rational.

I think searching for the best trade-off is not the best approach here. If you are planning to do a trade from one currency to another, you always basically have to answer the questions in this ranking. This is even true outside crypto.

Let’s say I want to hedge against bitcoin and take advantage of the slightest price movements, then a Bitfinex like centralized exchange is and will always be the only choice.

Let’s say I want to exchange a large amount of BTC and NBT with a person which either can be irrational or might hate me, then the method in the OP might be the better choice. If the counterparty is provably rational, then Coinffeine might be the better choice because it is easier from the seller side.

Let’s say I want to pay my pizza (small amount) with NBT but the merchant only accepts bitcoin, then shapeshift is the way to go, because the amount is small and the service is convenient.

Let’s say I want to be ready to sell my giant amount of BTC at any time with an accepted tolerance of 1 minute then B&C will be the ideal choice, as long as signers are independent, because you can be more sure about the safety of your funds than on Bitfinex (how much is your decision).

I think that we will see many different products for many different needs, just as in other areas. Blockchains create one additional tool to build those products, be it in a hybrid fashion or a pure consensus based approach.

Tks for your clarification.

So in the OP’s system, the security deposits are controlled by shareholders.
In case of Coinffeine, they are controlled by whom? both parties (multisig based on both parties: if one side does not the sign the transaction, both loose the security deposits)?
Excuse my ignorance. :smile:

you nailed it. If you are interested, I really recommend to read over this here:

If you scroll down then you will see a detailed description how the partially signed tx transfer process works.

I ll try to read through it carefully.