Spectre.ai security bounty scheduled!
Spectre.ai is pleased to announce its security and bug bounty aimed at protecting the project’s decentralized, autonomous liquidity pool (DALP). For this bounty, we are teaming up with Mike Boutwell, a technology consultant in the blockchain space who runs CryptoAdvisors and who was a a network engineer at First Data Corporation and network administrator at T-Systems. Adam Dossa an ex. Executive Director from Morgan Stanely, who has been instrumental in our smart contract construction and audits, will also be on call for bounty related audits. Before details of the program are outlined later in this communique, we would like to describe the potential vectors of attack and the defense measures Spectre.ai is taking. The bounty goes live on 15th December, 2017.
Attack vector 1: Robots
A concern for some maybe that robots can attack and deplete the underlying liquidity pool, in our case the DALP. The practicality of this, however, is far more difficult and in certain instances, impossible, if the structure of the trade contracts available on the system simply obviates any such threat. In our case, we offer Smart Options and ULC-CFD trade contracts. The former are simply digital options built on the blockchain. These have binary outcomes and resulting payouts (70–90%+ upon win and 100% loss of the capital invested in that trade, upon loss). There are two types of strategies robots can take, short term and long term, to try and exploit these contracts.
A robot could be created to benefit from latency across price feeds. Although the likelihood of this is low owing to the harmonization measures quote feed providers around the world have taken over the past 5 years, in the rare event a trader can obtain access to a raw price feed which gives them, at best, a 1 second ‘glimpse into the future’; a feed that is faster than the one we are streaming and oraclising to determine trade price/time stamps, this advantage would only translate to higher win-rates if we offered expiry of 10–30 seconds and generally under a minute. However, the shortest expiry on Spectre.ai is 5 minutes which means any price advantage that such a robot would obtain would be dramatically eroded as the option reaches maturity, owing to price volatility. The price of an underlying asset simply doesn’t move enough in 1 second (even during periods of heavy news), thereby affording a buffer high or low enough (depending on a short or long position), guaranteeing an outcome over a 5-minute window. This is why most institutional latency or volatility arbitrage run by institutional trading desks at major banks and hedge funds actually occurs in milliseconds and at very large order sizes as the arbitrage opportunity in pips is tiny and doesn’t last long.
This brings us to long term robots. In the digital options space, ‘long term’ can be an expiry of 1 hour or more and often as long as end-of-day or end-of-week. As time value increases in any digital option, the more difficult it becomes to predict the trajectory of an underlying asset as long as it is liquid. This is why bucketshop binary brokers price payouts much lower for short-dated options which expire in 30 seconds-3 minutes, but are able to payout far higher on longer duration trades. The only way a robot could accurately predict (in a sustained manner) longer term moves in price is to take a digital options position on Spectre.ai, say, long EUR/USD 60 minutes and then trigger a institutional-size buy order in the actual currency markets in order to ensure the euro rises vs the dollar. This exercise, while in theory could work, assumes the party engaging in this ‘self-fulfilling’ abritrage is not a rational counterparty. The amount that a robot would need to purchase in the currency (or even equity/etf/bond) markets would be in the millions in order to affect price, given the sheer intraday volume turned over. All of this, in order to win a trade in the range of $1–2,000 or ETH equivalent is illogical. Spectre.ai allows trade sizes as a fractional proportion of the size of its DALP as part of its risk management algorithms; in short, such an arb trade’s risk-reward is skewed dramatically to the downside which means its win-rate would need to be sky-high in order for expectancy of such a bot to be positive.
If Spectre.ai allowed open ended trade sizes, then in theory this would work but Spectre.ai doesn’t and so it doesn’t work. One could argue that it could work on poor liquidity cryptocurrencies or assets or in low liquid hours such as the MOC effect. The answer to that is ‘yes’, which is why Spectre.ai won’t allow trades on these but only on the deeply liquid cryptos and assets, the price of which can’t be influenced by even a syndicate of retail traders, just to win a few thousand dollars on the platform.
Expanding the above scenario to even longer expiry trade contracts, say a few days, weeks and even months, the firepower required to create a self-fulfilling prophecy is so high that it completely negates the relatively small payoff and skews the risk/reward of such an “arb-trade” miserably to the downside. Moving on to the ULC-CFDs in platform, owing to entry spread, there is no short term latency arbitrage opportunity despite their being no concept of time value in a CFD (all positions are open until they hit a take profit or stop loss level).
The creators of Spectre.ai successfully run Signal Hive (www.signalhive.com) where years of data validates the above. During our integration to Testnet in December 2017, as part of our bug and security bounty, we welcome any traders to attempt to attach bots to their trading account and disprove us.
Attack vector 2: DDOS and site hacks
There are two sub-vectors of potential attack in this category. DDOS attacks on the actual trading platform housed on distributed servers at major data centers and HFT (high-frequency-trade) ‘glut’ attacks on the transaction and verification bridges inside the Spectre Dapp.
As for the the first sub-vector, DDOS attacks, Spectre.ai has already invested in DDOS Cloudflare protection and has installed a range of intrusion detection mechanisms that have successfully warded of a range of low level attempts during its ICO. Cloudflare technology also allows us to mitigate DDoS attacks (UDP/ICMP protocol, SYN/ACK, DNS, NTP amplification and Layer 7 app-level).
As for the a potential HFT attack, a trader may attempt to attack the trade terminal with thousands of trades, effectively creating a blockage in the transactions and verification bridge of Spectre.ai, thereby creating a DDOS-type scenario and bringing down the system. While in theory this may work, in practice, however, Spectre.ai transactions bridge simply shuts off any bot that attempts to forward a certain amount of trades per second. As a first measure, the account is flagged, should a repeat attempt at this happen, the account is then is banned and I.P blacklisted.
Attack vector 3: Liquidity pool hacks
After the DAO hack incident, the protection of funds both on a firm level but also operational (DALP) level is our top priority. While the liquidity pool appears as one singular unit or ‘bag of money’ to traders inside the Spectre.ai platform, its actual form is far from just money stored in an ethereum wallet. We are using a tri-layer liquidity protection protocol as outlined below.
The DALP is protected by a tri-layer security system consisting of four tranches. Security from hacks, followed by foreign exchange volatility risk management are the primary directives in this program. This is in order to ensure the long term protection of the pool which ensures that there is always a counterparty for trades and connected Dapps.
The primary pool, which represents 20% of the DALP is the pool with which traders transact with at all times. This is denominated in ETH. In the unlikely event of depletion, driven by sustained trader wins, liquidity from the secondary pool (also ETH denominated and MultiSig) is transferred over with approval from a blockchain escrow agent. Should both the primary and secondary tranches be depleted, Spectre’s backup tranche kicks-in. This tranche, also MultiSig, is BTC denominated in order to hedge from overexposure of pool funds to ETH price risk. While ETH is relatively resilient and is growing in adoption, Bitcoin has significantly higher traded volumes and market capitalization resulting in less price volatility.
Finally, the fourth tranche, which holds 30% of pool funds, is the emergency tranche and is parked 20% in U.S dollars and 10% in physical gold; both of which lie in a London, U.K Barclays security protected bank account (or in another European country) for which access is granted through an escrow agent. The USD component protects the overall pool from pure crypto-currency exposure price swings (especially sell-offs which can happen given the meteoric rise in asset prices in the space). The gold component protects the pool, to some degree, from inflationary pressures in the economy. All MultiSigs are Gnosis technology. The majority of teams that conducted ICOs over the last few months (e.g.. Golem, Aragon, Civic, district0x) are using instances of the Gnosis MultiSig wallet, holding a combined value of more than $2bn worth of Ether and tokens. As an additional security measure, “Ledger Nano S” hardware wallets will be used as one of the signing party and these will be physically secured.
Attack vector 4: Trojans
Another potential avenue of attack could be a trojan strategy. This would manifest itself in a Dapp created by a 3rd party that would effectively deplete the DALP over time via our Dapp store. The measures we have taken to secure the Dapp store from this are the following:
a) All Dapp smart contract code is audited for such attacks. Unnecessarily complex code is rejected. If it’s not understood by us, it won’t go live.
b) Each Dapp is tested for between a period of 6–12 weeks before receiving approval to go live. Tests include draw-down, variance, VAR (value at risk) among others.
c) If a trojan is suspected despite passing/clearing our audit check, we reserve the right to shut the app down immediately.
Spectre.ai security and bug bounty details
Launch Date: c.15th January, 2017 — Partner: Hackerone
— — — — — — — — — — — —
- Use the demo platform, play with it, trade with it etc
- Report all potential bugs
- Reward (0.1 BTC per qualifying bug)
— — — — — — — — — — — —
- Have people attempt to crack the liquidity pool (the platform will be connected to Testnet (ropsten)
- All security design/details will be made public and available for the participants
- Medium prizes for those that find flaws (0.2–0.3 BTC per flaw)
- Large prize for someone who games the system (1–10 BTC for successful proof of gaming the system by achieving a sustained win rate of over 70% across a range of similarly constructed trades)
To receive prizes, the disclosure form must be filled out (requires an email confirmation)
- Contact info in case dev team has questions
- Select (bug, hack, or gaming the system options)
- Description of issue, with as much detail as possible
Participants only get paid out if they provide the info regarding a bug or hack. For the largest prize, one requirement is to also assist on creating a solution.
Please send an email to firstname.lastname@example.org in order to register for the bug bounty. Closer to the date, a detailed manual for bounty hunters will be published and the games can begin!