A bug in Augur is allowing an individual to effectively cheat by exploiting a conceptual vulnerability as well as a technical bug.
Poyo, a pseudonymous individual, was one of the major players in the Democrats v Republicans debate in Augur where a market on who will control the house after the mid-term elections had an expiry date set prior to Democrats actually taking control.
Democrats won, but as far as this specific prediction market was concerned, Republicans were still in control at the time of market expiry.
Obviously everyone thought they were betting on who will win, but Poyo and presumably others wanted to be technically correct, so there was a staking battle. Dems eventually were the winners.
That’s given as background because the current gaming of the market appears to be a follow up. Here too we have a catch in the expiry date.
The question is: “Ethereum Price at the End of March 2019?” However, the market expires at 6:59 PM UTC on March 31st when it is clearly asking about the price of Ethereum at the end of March i.e. 00:00 UTC on the 31st.
So this market is invalid because no one can know at circa 7PM what the price will be 5 hours later at midnight.
Now who exactly decides it is invalid is a whole different matter that can involve staking battles, forks, and a whole lot of things.
But let’s say that the initial reporting of invalid is accepted by all and this market is ruled invalid. In that instance, instead of everyone getting back the eth they’ve put down, all eth is split equally between Yes and No.
To understand why, we have to understand just how this works. So in a centralized system, you have the house itself which says something like they’ll give you $10 for any $1 you bet. Here, it’s a bit more complex. Micah Zoltu, an Augur dev, says:
“Someone escrows 1 ETH. The system gives you a couple of tokens that represent a claim on that ETH. One of the tokens can be claimed for the 1 ETH if YES is the final outcome, the other token can be claimed for 1 ETH if NO is the final outcome.
You then sell your YES token to someone else. Now you can claim 1 ETH if NO is the final outcome, they can claim 1 ETH if YES is the final outcome.
When the market resolves, one of you will have a token worth 1 ETH, the other will have a worthless token.
In the case of INVALID, the system gives the person holding a YES token 0.5 ETH and the person holding the NO token 0.5 ETH.”
In a simplified form, if you sold your 100 No tokens for say 1 eth because you’re very sure the outcome is Yes, when the market is ruled invalid that 1 eth guy gets 50 eth.
So if anyone can escrow 1 eth and get both a yes and a no token, then how do we have odds? Zoltu says:
“Alice puts down 70 ETH and gets 100 YES tokens. Bob puts down 30 ETH and gets 100 NO tokens.
If Alice is right, she’ll get 100 ETH back, thus making almost 50% return. If Bob is right, he’ll get 100 ETH back, thus making over 200% return.
Both of them believe the odds are in their favor, which is why they are betting…
Alice only has YES tokens after the trade. This same trade could be executed like so:
Alice escrows 100 ETH and gets 100 YES tokens and 100 NO tokens. Alice sells Bob 100 NO tokens in exchange for 30 ETH.
Alice had to front 100 ETH, but she got back 30 from Bob when she sold him the NO tokens, so she really only paid 70 ETH for the 100 YES tokens. The system just automates this process so Alice doesn’t have to front extra cash.”
And this is why they can’t just return back the eth. As it’s ruled invalid, you’d think the 1eth guy gets back 1 eth and that’s that, but these tokens can be traded, so you can’t just reverse trades. Zoltu says:
“Imagine Bob bought those NO shares from Alice for 30 ETH, then he sold the NO shares to Carol for 50 ETH (good job Bob!). Bob then walks away and never comes back.
We cannot steal money from Bob (yay for ledgers!), so with our 100 ETH we cannot refund both the 70 ETH to Alice and the 50 ETH to Carol.”
What was difficult to establish here is why did Carol overpay considering 1 eth is one Yes token and one No token. Why didn’t she just escrow it?
This gets a bit complex, but effectively there’s practically a limited amount of Yes or No tokens even though anyone can escrow and can do so throughout the betting time.
Such limit is established by the level of demand for the tokens that the escrower doesn’t want. So Bob doesn’t want the Yes tokens. He could put forth 100 eth and then try and sell the 100 Yes tokens, or he could just buy the No tokens for 30 eth and leave the token “creation” business to market makers.
In effect we have an actual market of supply and demand with supply technically having a ceiling of 100 million eth. Based on the decisions of all these market actors, the odds are created in a decentralized way through the buying and selling of tokens which then have or do not have a claim to the actual eth dependent on the outcome.
Therefore the bug here conceptually is this necessity to split the eth in the event of an invalid outcome. There’s no solution to that because you can’t quite reverse the trades. Meaning this is a flaw conceptually, avoidable by not betting in a market that is likely to be ruled invalid. There’s also a technical bug. Joey Krug, Augur’s founder, said:
“The system in Augur has a built in way to combat this: a validity bond. The more markets are invalid the higher the bond goes, augur targets 1% of markets as invalid. Right now it’s 10%. Why? There’s a bug on chain in the calculation of this bond which makes it too low.”
When someone creates a market in Augur, they have to put down a stake as a validity bond. The more invalid markets, the higher the stake is meant to be, but that’s not quite the case for now due to this bug which will be fixed in the next version.
Not that it would necessarily address much since you need just one big invalid market to make some good money if people can be fooled into participating.
Augur, however, is currently very small with most users being early adopters and presumably smart enough to navigate this very complex dapp.
As it scales, much will have to be ironed out, but for some things it appears only education and raising awareness can be of assistance, unless there is some sort of tradeoff with curators able to flag such clearly invalid markets from showing up on the front-end.
The market would still exist, but in a raw form, thus accessible to only skilled individuals. One could then create a new uncensorable front end, but then there would be choice.
The base protocol itself would still remain decentralized, but if this is going to reach grandma stage then the front-end would probably need some sort of curation.