That’s totally true when you’re dealing with the custodian and the custodian alone. However people still have lives outside of Nu are subject to legal jurisdictions and all that scary stuff…
I guess the scenario I’m trying to wrap my head around is when we grant a long-time and well-trusted custodian member a large number of NBT (for example, when we did for BhCnQrYrA5LZm871dtMQEXeU93gmqbhdrC, let’s pretend that wasn’t a multi-signature account, or that both signers are in the same legal jurisdiction or otherwise related).
For a few million dollars worth of NBT, if the custodian were to be sued or their spouse were to try to treat the digital currency assets as marital assets subject to a split, I suspect that an aggressive legal team would try to do quite a bit of hoop jumping to try to get their hands on the funds – and their recourse is “hand it over or you’re in contempt of court, so you go sit in jail”…
In short, I’m saying we can trust the custodian, and rightfully so, and still end up in a bind due to the fact that people have real lives…
I think we’re all in agreement that this is a very unlikely situation, however given the fact that it is possible, I’m hoping people smarter than me can either:
a) Explain why this is easy to fix,
b) Explain how this is easy to prevent, or
c) Explain how this actually isn’t possible, and I should take off my tin-foil hat: it’s all going to be OK.
I’m just not really all that comfortable with relying solely on the fact that it’s unlikely. Know what I mean?
What would you propose? Some way for shareholders to vote to destroy a certain output? What would prevent the malicious custodian from just moving the funds around to prevent shareholders from forming consensus fast enough? Pretty much all our contracts are made with exactly this scenario in mind, and the ones that are considered dangerous get collateralized. I think you’ll find the vast majority of our uncollateralized contracts do not carry with them enough funds to be susceptible to costly attacks like legal battles. We also try to spread out our funds amongst many operators, the 2 million NBT grant you are referencing was a very special case and by no means the usual situation (you noted yourself that it was multisig).
I think destroying output would be… scary – I don’t have data to prove it, but I suspect it’s a dangerous direction to go.
But you make a great point:
Do we have a standard way to collateralize contracts? And the amount required?
Or a definition of what exactly constitutes a potentially dangerous contract?
I literally have zero idea of what we could do here or whether this is even an actual possibility. Having some sort of way of enforcing collateralization of contracts that are deemed potentially dangerous seems like a possible direction though?
(I’m genuinely hoping that this thread ends with “OK cool, sounds like we’ve already got this all covered”.)
This isn’t going to end with ‘ok, cool’ because this is the entirety of how Nu works. Bitshares uses a formal definition of collateral which requires an overestimation of collateral and results in a completely illiquid network. We have no formal definition, in fact at our core we have only a 15% reserve, meaning our Nubits aren’t fully collateralized either, same as our contracts. The whole system operates off of fuzzy math, because the share price is a fuzzy thing. Anyway, one of the most interesting concepts (in my opinion) in way of collateralization is the T3 reserve:
Again, sorry for the newbie question, but I have to ask: Is there a reason I shouldn’t be worried at all by that? (Hopefully you’re reading that as me being curious and not trying to be snarky – I swear I’m not trying to be obnoxious…)
So theoretically, if someone was covertly buying up shares, and had a few million bucks to spare (which isn’t that rare nowadays), and they decided “fuck it, let’s mess with these people”, they could basically start granting NBT to their addresses and passing joke motions, etc?
(Again, totally asking out of curiosity – not trying to attack Nu, just want to understand the limits and the potential weaknesses and attack points…)
Well it might be more subtle than that. Someone with $800k can start issuing themselves NBT in small amounts, hoping to go unnoticed, right?
As long as the amounts granted are “small enough” to not undermine the whole project, we would continue with things right?
If this happened (“Holy shit, someone just got granted 50 NBT, but it’s not in anyone’s data feed, and there was no motion on discuss.nubits.com…”), what would we do?
I would prolly sell all my NSR immediately. Also, it would be more like “Why does that grant have 25% support when no one’s voting for it?” It wouldn’t just get granted without people taking notice.
It’s akin to a hostile hard fork of the Bitcoin miners (basically, a 51% attack). Prices would plummet.
Note that if you have 51%, why would you pass a grant? Why not just 6 conf (or 15 conf or whatever) as many double spends as you want? It would take people longer to notice.
OK, so basically if anyone were to abuse the power, you’re saying you at least would throw in the towel saying “this experiment failed”?
Which… sounds like it would set in motion a bunch of events leading to NBT and NSR basically becoming worthless.
So basically, we have to hope that this guy is neither a current shareholder, nor capable of getting 50+% NSRs…
Good point. The only reason I can think is because the money-printing machine is basically clicking a button in the UI, versus double-spending which is a bit more technically involved? (I think?)
Yes, if the network succumbed to a hostile hardfork I would throw in the towel (as I would for bitcoin if all of a sudden core developers and 51% of the miners started making new coinbase BTC at their addresses). Basically, the assumption with Proof of Stake is that the network is constantly being 51% attacked by all the right people.
This is a good point, however there’s a recurring cost to 50% of the mining power, whereas a 51% attack on Nu would be a one-time purchase and then you’re done.
I also don’t have numbers, but I’m under the impression that we’re talking about O($10k USD) per hour to sustain a 51% attack on the current BTC network… which means the joker would need much deeper pockets…
It takes 5001 blocks in any 10,000 block window to pass a grant or a motion. At one minute block times it would take (with 100% of the blocks voting on that grant) at the soonest 3.4 days for someone to pass such a grant. If there’s a system in place monitoring the votes then the network can be alerted to such an abuse and developers may be able to intervene. That might be controversial itself though.
Buying 51% of the NSR network is not just a ‘one time purchase’. Either you’d have to basically be JordanLee, or you’d have to buy up the network, which means prices would skyrocket and people would hold onto their NSR tight. It’s a losing battle.
Let me start by saying I love how many Batman references I get to make in this thread. I hope you guys are laughing a bit with me on this…
Sure, let’s say the price-tag goes up by 10x or even 100x. $100m USD is (unfortunately ) not that much money anymore, so buying these up might be more expensive, but certainly possible.
To avoid the economics conversation there though, let’s just say you’re JordanLee:
Who then decides to trash Nu, for whatever reason…
Are we all in agreement that this is a very real possibility?
To give you some context, I’m hoping to do some very real stuff with NBT, because I think it’s amazing. However it seems to me that an attack on BTC would be absurdly expensive and is therefore much more unlikely, whereas an attack on NBT seems much more likely and much less expensive, so that has me a smidge worried.
I don’t think these things would happen, but if I’m doing something “real” with NBT, people will ask “how expensive and likely is an attack?”, I’d rather say “as unlikely as BTC”, but it seems a bit like the only firm and truthful answer is “welp, there’s this guy, who if he got pissed off, could take down the entire system… he won’t though…”
(I’m definitely hoping I’m wrong, so please someone tell me I am ?)