ALP tends to get ramped up. My first ALP grant was like $150 or something. Once I had a logo and a website and a bunch of time and energy committed, shareholders started increasing my allowed trust.
It will be difficult and probably costly for NU to pursue any bad actors. That is why we have to be really careful for what and who we are voting for. Of course the risk is always there, this is a risky business.
A good reputation though is always a good advisor
That’s totally true when you’re dealing with the custodian and the custodian alone. However people still have lives outside of Nu are subject to legal jurisdictions and all that scary stuff…
I guess the scenario I’m trying to wrap my head around is when we grant a long-time and well-trusted custodian member a large number of NBT (for example, when we did for BhCnQrYrA5LZm871dtMQEXeU93gmqbhdrC
, let’s pretend that wasn’t a multi-signature account, or that both signers are in the same legal jurisdiction or otherwise related).
For a few million dollars worth of NBT, if the custodian were to be sued or their spouse were to try to treat the digital currency assets as marital assets subject to a split, I suspect that an aggressive legal team would try to do quite a bit of hoop jumping to try to get their hands on the funds – and their recourse is “hand it over or you’re in contempt of court, so you go sit in jail”…
In short, I’m saying we can trust the custodian, and rightfully so, and still end up in a bind due to the fact that people have real lives…
I think we’re all in agreement that this is a very unlikely situation, however given the fact that it is possible, I’m hoping people smarter than me can either:
a) Explain why this is easy to fix,
b) Explain how this is easy to prevent, or
c) Explain how this actually isn’t possible, and I should take off my tin-foil hat: it’s all going to be OK.
I’m just not really all that comfortable with relying solely on the fact that it’s unlikely. Know what I mean?
What would you propose? Some way for shareholders to vote to destroy a certain output? What would prevent the malicious custodian from just moving the funds around to prevent shareholders from forming consensus fast enough? Pretty much all our contracts are made with exactly this scenario in mind, and the ones that are considered dangerous get collateralized. I think you’ll find the vast majority of our uncollateralized contracts do not carry with them enough funds to be susceptible to costly attacks like legal battles. We also try to spread out our funds amongst many operators, the 2 million NBT grant you are referencing was a very special case and by no means the usual situation (you noted yourself that it was multisig).
I think destroying output would be… scary – I don’t have data to prove it, but I suspect it’s a dangerous direction to go.
But you make a great point:
Do we have a standard way to collateralize contracts? And the amount required?
Or a definition of what exactly constitutes a potentially dangerous contract?
I literally have zero idea of what we could do here or whether this is even an actual possibility. Having some sort of way of enforcing collateralization of contracts that are deemed potentially dangerous seems like a possible direction though?
(I’m genuinely hoping that this thread ends with “OK cool, sounds like we’ve already got this all covered”.)
This isn’t going to end with ‘ok, cool’ because this is the entirety of how Nu works. Bitshares uses a formal definition of collateral which requires an overestimation of collateral and results in a completely illiquid network. We have no formal definition, in fact at our core we have only a 15% reserve, meaning our Nubits aren’t fully collateralized either, same as our contracts. The whole system operates off of fuzzy math, because the share price is a fuzzy thing. Anyway, one of the most interesting concepts (in my opinion) in way of collateralization is the T3 reserve:
Interesting – wasn’t aware of that.
Learning more and more Any chance you can point me at something to read about how this all works? Maybe I overlooked something?
It’s all ad-hoc. We’re still trying to figure it all out ourselves.
Have you seen this one?
Gotcha.
Out of curiosity, do we have any idea who the major shareholders are? Or guarantee that no single individual “owns” more than 50% of the shares?
The only guarentee we have is that each share was compensated with at least $0.002 that was put into Nu Coffers.
Again, sorry for the newbie question, but I have to ask: Is there a reason I shouldn’t be worried at all by that? (Hopefully you’re reading that as me being curious and not trying to be snarky – I swear I’m not trying to be obnoxious…)
Back of the envelope math:
- 820,586,132 NSR (blockexplorer.nu) * $0.002 USD == ~$1.6m USD
So theoretically, if someone was covertly buying up shares, and had a few million bucks to spare (which isn’t that rare nowadays), and they decided “fuck it, let’s mess with these people”, they could basically start granting NBT to their addresses and passing joke motions, etc?
(Again, totally asking out of curiosity – not trying to attack Nu, just want to understand the limits and the potential weaknesses and attack points…)
Sure, someone who invested $800k could go ahead and crap their investment down the tubes to absorb our $200k buy side liquidity.
Well it might be more subtle than that. Someone with $800k can start issuing themselves NBT in small amounts, hoping to go unnoticed, right?
As long as the amounts granted are “small enough” to not undermine the whole project, we would continue with things right?
If this happened (“Holy shit, someone just got granted 50 NBT, but it’s not in anyone’s data feed, and there was no motion on discuss.nubits.com…”), what would we do?
I would prolly sell all my NSR immediately. Also, it would be more like “Why does that grant have 25% support when no one’s voting for it?” It wouldn’t just get granted without people taking notice.
We don’t have plans for that event. It is a known risk, but has always been considered very remotely possible.
It’s akin to a hostile hard fork of the Bitcoin miners (basically, a 51% attack). Prices would plummet.
Note that if you have 51%, why would you pass a grant? Why not just 6 conf (or 15 conf or whatever) as many double spends as you want? It would take people longer to notice.
OK, so basically if anyone were to abuse the power, you’re saying you at least would throw in the towel saying “this experiment failed”?
Which… sounds like it would set in motion a bunch of events leading to NBT and NSR basically becoming worthless.
So basically, we have to hope that this guy is neither a current shareholder, nor capable of getting 50+% NSRs…
Good point. The only reason I can think is because the money-printing machine is basically clicking a button in the UI, versus double-spending which is a bit more technically involved? (I think?)
Yes, if the network succumbed to a hostile hardfork I would throw in the towel (as I would for bitcoin if all of a sudden core developers and 51% of the miners started making new coinbase BTC at their addresses). Basically, the assumption with Proof of Stake is that the network is constantly being 51% attacked by all the right people.
This is a good point, however there’s a recurring cost to 50% of the mining power, whereas a 51% attack on Nu would be a one-time purchase and then you’re done.
I also don’t have numbers, but I’m under the impression that we’re talking about O($10k USD) per hour to sustain a 51% attack on the current BTC network… which means the joker would need much deeper pockets…
It takes 5001 blocks in any 10,000 block window to pass a grant or a motion. At one minute block times it would take (with 100% of the blocks voting on that grant) at the soonest 3.4 days for someone to pass such a grant. If there’s a system in place monitoring the votes then the network can be alerted to such an abuse and developers may be able to intervene. That might be controversial itself though.