Binance Research: Design Flaws Make Augur Vulnerable To Attack
Share this article
Design flaws in Augur (REP) could be exploited by malicious agents to cheat genuine users out of their staked tokens, according a newly published Binance Research report. Low volumes make the decentralized predictions platform susceptible to market manipulation.
According to DappRadar, the Augur platform had only 64 daily active users (DAUs) in the past 24 hours. Approximately $158,000 worth of Ether (ETH) went through its wallets in the same time frame, with many markets having few or no active investors.
Binance Research found that these “incredibly low” volumes and participation rates could make Augur markets easy to manipulate. A user with multiple accounts can trade with themselves – wash trading – to create false impressions and make genuine users vulnerable to a “design flaw attack.”
In a design flaw attack, malicious users would create a new market with a highly-plausible outcome, and use multiple accounts to bet against it. This would attract genuine users to place high bets against the malicious party.
Although ostensibly a normal market, the creator purposefully adds a few flaws to the smart contract conditions to make it impossible to execute. These can include a wrong date or contradictory terms and conditions. According to Augur’s whitepaper, if a market is invalid, users receive equal shares of the pot, regardless of how much they originally bet.
In one example, researchers investigated an active market predicting the future price of Ethereum. According to Binance Research, genuine users “on average, placed nearly twice as much into escrow as the manipulators, so receiving an equal price for all outcomes could cause a loss of over 50% for normal participants, and 100%+ returns for manipulators.”
Is the flaw fixable?
Augur quickly became the most popular dApp on Ethereum when it launched last summer, showing that prediction markets could function without regulatory enforcement or trusted third parties.
To participate, users place their bets in escrow accounts, which are automatically distributed by self-executing smart contracts.
But a new model creates a host of new problems. The interface is highly complicated, and new users have to download the entire Ethereum blockchain before they can participate. The high barrier to entry excludes many potential participants, as Crypto Briefing has previously reported.
Binance Research is confident these flaws can be resolved. One possible solution would be to tighten up the creation process, to prevent creators from designing an invalid market. Augur could also set up a team of validators, with incentives to check that markets are valid.
A simple solution, as the researchers point out, would be to give users receipts for their staked ETH, allowing them to reclaim their wagers minus any transaction fee.
Augur has been aware of these “technical problems” for six months. In a blog post, Augur’s developers said they had been preoccupied with “protocol level problems” and hoped for some of these issues to be solved by later dApps.
That hasn’t happened, and unless it becomes a priority, the predictions market may soon see an exodus of its few remaining users. That’s one outcome we’re willing to bet on.
The author is invested in digital assets, including ETH which is mentioned in this article.