Binance uncovers “design flaw attack” for Augur prediction markets
A design flaw in Augur allows ambiguous prediction markets to be gamed for profit, according to Binance Research.
A design flaw in Augur allows ambiguous prediction markets to be gamed for profit, according to Binance Research. Furthermore, the report detailed other issues that “plagued” the Augur platform, including prediction market wash trading, low liquidity, and limited participation rates.
In an Apr. 1st report, Binance Research has uncovered a myriad of issues with Augur, the Ethereum-based decentralized prediction-market platform, including evidence of wash trading on prediction markets, limited user participation rates, low liquidity, and a concerning design flaw where attackers can potentially scam honest users.
Understanding Augur’s “Design Flaw”
The flaw revolves around creating prediction market that resolve as “invalid.” According to the Augur white paper, an invalid market is one that is “not suitable for resolution by the platform—for example, because it is ambiguous, subjective, or the outcome is not known by the event end date.”
However, these invalid markets are sometimes difficult (or subjective) to identify. Malicious actors can take advantage of this for profit.
When a market resolves as invalid, bettors in that market are paid out at “equal values for all possible outcomes.” For example, a market with two outcomes would have the reward split equally between both outcomes. A market with three outcomes would have it split three ways, and so on.
Yet, because some prediction market outcomes differ in probability, the cost of betting on each outcome also differs. By creating markets (which are likely to resolve as invalid) where one outcome is highly likely and the other unlikely, an attacker can place bets on the unlikely outcome and profit from honest participants when the market is deemed invalid.
The warning message displayed by Augur.casino, as of Mar. 31st, 2019, describes the issue succinctly:
“If a market resolves as invalid, each share is refunded to traders in equal amounts. If the reporting start time (UTC) isn’t after the actual end of the event, or if the title/description and reporting start time don’t match up, there is a high probability that the market will resolve as invalid.”
Example of an Controversial Market
One example of an at-risk market is one with volume surpassing 4,000 ETH. The market is set to expire on Apr. 1st, 2019 at 1:59 AM (UTC +8). Yet, in the additional details section, it states “General Price of Ethereum Cryptocurrency at end of day March 31st, 2019 UTC.”
Because the “title/description and reporting start time don’t match up,” there is a chance this market will resolve as invalid. As stated by Binance Research:
“The fact that the market specifies one end date in the title/description and a (slightly) different one in the expiration date renders it invalid, allowing the poll’s creator to purposefully bet on the losing outcome and get paid out regardless.”
Based on the above values, if the market resolves as invalid, bets on each outcome would resolve at a value of approximately 0.33, meaning that bets on “$1000 or above” and “$0 – $100” would result in a 65 percent gain while bets on the most likely outcome, “$100 – $1000,” would result in a 46 percent loss.
That said, the report only cited one past example of the flaw. Yet, that market resolved normally even though it was both purposefully vague and included a potential date conflict, suggesting that on-chain governance is capable of dealing with some of the issues raised.
Combating Bad Actors
The way Augur currently combats this problem is through a combination of mechanisms. First, a market creator must provide a “validity bond,” an amount staked by the market creator that is slashed if the market resolves as invalid. However, market behavior indicates that the cost of these bonds is low enough where users can “repeatedly create bogus markets at a fixed cost,” according to Binance Research.
The second way (along with other ways) Augur solves the issue is through the dispute mechanism. If the settlement of the market is disputed, then REP holders can vote to decide which outcome is correct. In some circumstances, even if a market should technically be ruled as invalid based on Augur’s documentation, voters may decide that a market with tricky wording resolve based on voters’ reasonable interpretations. As such, this pits “code as law” ideologists against “pragmatic” voters, as said by Binance Research.
Response from the Community
The community has known about the exploit—at the latest—since Mar. 19th, with one popular Reddit post titled “Augur is being gamed!” garnering significant attention. Other crypto media outlets have also covered the exploit since Mar. 20th.
On Mar. 19th, Joey Krug—a core developer for Augur, a co-chief investment officer at Pantera Capital and co-founder of Beam—explained that concern over the exploit was overblown:
1) Almost all of these purposefully confusing markets are being created by one person, not a bunch of people. The activity on those markets is also by one person / address. https://t.co/9jLIeGqun9
— Joey Krug (@joeykrug) March 20, 2019
Furthermore, the core developer tweeted that a new category for “invalid” bets will become tradeable in the next version of Augur, effectively addressing the exploit:
This will be fixed in v2 of augur.
3) Invalid will be a separately tradable in v2. So markets where this is happening can be easily filtered out, and people trying to do the attack described in the OP would auto trigger the filter by virtue of their trading invalid.
— Joey Krug (@joeykrug) March 20, 2019
Augur’s Progress on Addressing the Flaw
According to Binance Research, the Augur team has already identified the attack mentioned, as well as other potential improvements for version 2 of the platform. However, the report also criticized the project for failing to address these issues in a timely fashion:
“The Augur team has already admitted that these technical problems were on their radar 6 months ago, but little action has been taken to protect users.”
The report also provided several potential solutions to the attack, including a price-based refund mechanism, clearer warnings and disclosures, and even a new “market validator” category of participant. Allegedly, if these issues aren’t resolved:
“While Augur is a strong use-case of blockchain, if some of these issues are not handled properly moving forward, the Augur ecosystem could be left with only its malicious actors and bystanders, as honest participants [are left] repeatedly losing funds and then leaving the ecosystem,” said the report.