Bargain: Who wants 6500 dash?

[demo]

https://www.dashninja.pl/governance.html

There are 6 valid budgets proposal of which 1 are funded (total funded payment: 215 DASH).

Next super-block will be 631408 on 5/3/2017, 8:08:04 μ.μ. (1 week 4 days 3 hours 26 minutes) and will provide 6,917.67 DASH for budgets.

6,702.67 DASH unallocated in next super-block.

We have 3580 active masternodes.
I think it is a big opportunity for someone (or for a group of people) who own 350 or more masternodes to propose something the very last minute, vote "yes" instantly without the others to have the time to react by voting "no", and thus win the 6702 - 215= 6487 dash.

The masternode owners who wish to organize such an even, they can pm eachother, in order to discuss and calculate what is the best suitable last moment time in order to propose and vote. It worths also to bomb the budget with several proposals and vote instantly 350 "yes" the very last moments before the budget finalization (budget finalization in 12.1 version happens automaticaly and not manualy) , in order to be sure that the rest masternode operators will not be able to react on this and vote "no". Some 5 dash chunks will be lost that way, but who cares if someone gonna win 6500 dash?

So what do you think? Is it possible such an attack? Shall we organize it in order to show dash's 12.1 deficiencies? The last moments of this month's budget are promised to be hot!

Dash governance is tottaly exposed to organized masternode operators that own more than 10% and they decide to vote the last minute, and this issue is highly related to this, this and this.

 

[lynx]

Sure! Go ahead and make the proposal, I'll support it!

 

[demo]

Sure! Go ahead and make the proposal, I'll support it!

This is not a proposal. This is a conspiracy. You have to find the key persons who all together own 350 masternodes, in order to conspire and organize such an attack. The incentives are a lot, and the prize if this attack succeds huge. We are talking about 143000 dollars, that can be shared among the attackers.

If someone implements this attack and wins the 143000 dollars, or if the core team takes precautions in order to solve that problem, I hope both of them they will give to poor @demo a 5 dash tip for the idea, in order for me to have the required money to propose a "vote with numbers" proposal in the next budget cycle.

 

[demo]

Sure! Go ahead and make the proposal, I'll support it!

By the way, @lynx how many masternodes do you control?

Lets make an unofficial list of all the masternode operators who are interested in this idea. Lets see if we can catch this 350 number.

Is @Otoh interested maybe?

 

[lynx]

This is not a proposal. This is a conspiracy.

Pretty lame conspiracy if you have to publicly announce it IMO.

By the way, @lynx how many masternodes do you control?

You will never know.

 

[Walter]

$143,000 is peanuts in the scheme of things... An attacker (or cartel of attackers) would have nearly $8,000,000 invested in Dash already, why jeopardise this investment for a paltry $143,000? It makes no sense.. Their annual masternode returns are around $800,000 at current prices.

Walter

 

[demo]

$143,000 is peanuts in the scheme of things... An attacker (or cartel of attackers) would have nearly $8,000,000 invested in Dash already, why jeopardise this investment for a paltry $143,000? It makes no sense.. Their annual masternode returns are around $800,000 at current prices.

Walter

If the annual returns of 350 masternodes are around $800,000 at current prices then the monthly returns are $66000. The monhtly prize of this attack is $143000 which is more than double.

And after all, the most important question is this:

Who will be aware of it? How many dash have been lost in lamassu project? Did the price of dash fall because of the 12 month lamassu malfunction and the final lost of 7500 dash from the budget? If not, and if nobody really cared about the lamassu 12 month malfunction, then why the price of dash will fall for just one month malfunction?

Whatever the fall of the dash price will be , it will not fall to zero after this attack for sure. Especially if this attack is kept secret from the media,. This last minute proposal could also be written in a believable way, it could contain a lot of technical jargon or refer to a fake wanna be festival or to some lawyers fake consultancy fees, so that even in case the media arrive, they will find a decent-resembling proposal.

 

[Macrochip]

I will only support this if you put in MY address as recipient.

Oh and prepare for 900 other requests like that. Guess you're shit outta luck with your "conspiracy".

 

[demo]

I will only support this if you put in MY address as recipient.

Oh and prepare for 900 other requests like that. Guess you're shit outta luck with your "conspiracy".

A multisignature wallet address could be used, where you could own one of the signatures.

We dont need 900 requests. The maximum requests are 350, and we have to create at max a 350 multisignature address to put it as the recipient of the proposal.

 

[demo]

Of course a 350 multisig address is the maximum that can happen. The puprose is to have the minimum multisig address, thus target those operators that own 50 or more masternodes, in order the multisig protocol not to be a complicated one.

Creating a Multisignature Address
A 2of3 multisig address can be created by following these steps:[5]

1. Gather (or generate) 3 dash addresses, on whichever machines will be participating, using getnewaddress or getaccountaddress RPC commands (or copy and paste from the GUI).
2. Get their public keys using the validateaddress RPC command 3 times.
3. Then create a 2-of-3 multisig address using addmultisigaddress; e.g.dashd addmultisigaddress 2 '["044322868cb17d64dcc22185ae2d4493111d73244c3668f8ac79ecc79c0ba8d30a6756d0fa20157 709af3281cc721c7f53321a8cabda29b77900b7e4fe0174b114","..second pubkey..","..third pubkey.."]'

addmultisigaddress returns the multisignature address. Be a little careful, the public keys are raw hexadecimal and don't contain checksums like dash addresses do. You can then send funds into that 2-of-3 transaction using the normal sendtoaddress/sendmany RPC commands, or the GUI (or anything that's been updated to recognize multisig addresses).[6]

 

[Macrochip]

Not good enough, because I wouldn't want you involved in handling my ill-gotten funds. Still you're out of luck either way: A proposal has a minimum time to mature (which is several days afaik) before it becomes eligible to any payment. Poor demo. Better luck next time.

 

[David]

This potential problem assumes that the vast majority of masternode owners just sit around and do nothing. Let's think about it:

a) Proposals have to be submitted about 96 hours before superblocks are created. It takes 72 hours for a proposal to "mature" and become valid, and then budget finalization happens around 24 hours before superblocks. Votes after budget finalization don't count. Consequently, we can say that masternode owners have a minimum of 72 hours to vote on any proposal.

b) An "attacker" would need to attract 10% net votes, which at the present time is nearly 450. Now, we're reasonably confident that nobody owns more than a couple hundred masternodes (assuming everybody is honest about how many they own). Even Otoh is down to 76 masternodes (again, according to him). So right off the bat, we're assuming that at least two people have to collude, and that's with ZERO masternode owners noticing the "attack" and voting against it.

c) An attacker (individual or, more likely, a group) would need to possess at least 450 masternodes, which is 450,000 DASH ($9.9 million at today's price). The maximum reward they could get from attacking the budget system is the entire budget amount. After the upcoming 7% reduction, that will be a maximum of about 6,920 DASH ($152,240 at today's price).

d) A successful attack on the budget system would likely crash the price of DASH, at least temporarily. Let's say that such an attack reduces the value of DASH by just 10% (in reality, it would probably be far worse than that). The attackers gain AT MOST $152,200 but lose $990,000 (10% of the value of their $9.9 million holdings).

e) In reality, there are generally many proposals that reach greater than 10% support. In fact, we often see the majority of the budget consist of proposals with greater than 18% support. That means the attackers would have to control even more masternodes to be able to seize the entire budget. In reality, only a small percentage of the budget is usually available to a "barely passing" proposal...usually less than 1,000 DASH. The most that an attacking consortium with $9.9 million worth of DASH could hope to seize is...about $22,000 (1,000 DASH * $22 USD per DASH).

Therefore, an attack on the budget system by a rogue group of masternodes is a) unlikely, and b) not economically feasible.

 

[demo]

A proposal has a minimum time to mature (which is several days afaik) before it becomes eligible to any payment. Poor demo. Better luck next time.

I dont think so. After the budget is finilized, the money goes to the address. There is nothing that can prevent this, in the code. What is this "minumum time to mature" thing? I have never heard of it. Unless you mean that the core team can revert the budget finilization, and refuse some funds to go to an address. Is this possible? And how? A hidden spork maybe?

 

[demo]

a) Proposals have to be submitted about 96 hours before superblocks are created. It takes 72 hours for a proposal to "mature" and become valid, and then budget finalization happens around 24 hours before superblocks. Votes after budget finalization don't count. Consequently, we can say that masternode owners have a minimum of 72 hours to vote on any proposal.

And who decides that a proposal is "mature" and valid?

d) A successful attack on the budget system would likely crash the price of DASH, at least temporarily. Let's say that such an attack reduces the value of DASH by just 10% (in reality, it would probably be far worse than that). The attackers gain AT MOST $152,200 but lose $990,000 (10% of the value of their $9.9 million holdings).

Lamassu caused 7500 dash to be lost from the budget..

Who was aware of it? Did the price of dash fall because of the 12 month lamassu malfunction and the final lost of 7500 dash from the budget? I think not. Nobody really cared about the lamassu 12 month malfunction, so why do you think the price of dash will fall 10% or more for just one month malfunction?

Whatever the fall of the dash price will be , it will not fall 10% after this attack for sure. Especially if this attack is kept secret from the media, like you did with lamassu.

This last minute proposal could also be written in a believable way, it could contain a lot of technical jargon or refer to a fake wanna be festival or to some lawyers fake consultancy fees, so that even in case the media arrive, they will find a decent-resembling proposal.

 

[Macrochip]

I dont think so.

Doesn't matter what you think. What matters is what's true.

There is nothing that can prevent this, in the code. What is this "minumum time to mature" thing?

Yes there is. 72 hours as David has explained above.

I have never heard of it.

That's because you spend more time talking and almost no time actually listening. Permanently spewing ignorant BS is your trademark.

Unless you mean that the core team can revert the budget finilization, and refuse some funds to go to an address. Is this possible? And how? A hidden spork maybe?

No, just common sense and intelligent foresight by our brilliant developers.

And who decides that a proposal is "mature" and valid?

TIME. TIME decides. Look at your watch to know when it is mature.

Pretty ironic that your TIMING attack fails due to a TIME constraint. LOL

 

[demo]

Come on now.. What does MATURE mean?

Where Mature and immature proposals appear?

Can you show me a web page where I can see the mature and the immature proposals?
There isnt any, so the masternode owners do not know that a proposal has been posted, until it appears 72 hours after.

Or do you mean that the automatic budjet finilization does not take into account the proposals that are proposed in the last 72 hours?

If this is the case, can you show me the code for it?

 

[GrandMasterDash]

$143,000 is peanuts in the scheme of things... An attacker (or cartel of attackers) would have nearly $8,000,000 invested in Dash already, why jeopardise this investment for a paltry $143,000? It makes no sense.. Their annual masternode returns are around $800,000 at current prices.

Walter

False assumptions. First of all, US$143k of peanuts, but for sure it would be a bad PR day for dash, it would take a lot to recover from that. Secondly, you assume everyone is motivated by money. Personally, I would happily throw away my MNs in return for wiping out dash, just to rub your face in it.. that would be money well spent.

 

[GrandMasterDash]

This potential problem assumes that the vast majority of masternode owners just sit around and do nothing. Let's think about it:

a) Proposals have to be submitted about 96 hours before superblocks are created. It takes 72 hours for a proposal to "mature" and become valid, and then budget finalization happens around 24 hours before superblocks. Votes after budget finalization don't count. Consequently, we can say that masternode owners have a minimum of 72 hours to vote on any proposal.

b) An "attacker" would need to attract 10% net votes, which at the present time is nearly 450. Now, we're reasonably confident that nobody owns more than a couple hundred masternodes (assuming everybody is honest about how many they own). Even Otoh is down to 76 masternodes (again, according to him). So right off the bat, we're assuming that at least two people have to collude, and that's with ZERO masternode owners noticing the "attack" and voting against it.

c) An attacker (individual or, more likely, a group) would need to possess at least 450 masternodes, which is 450,000 DASH ($9.9 million at today's price). The maximum reward they could get from attacking the budget system is the entire budget amount. After the upcoming 7% reduction, that will be a maximum of about 6,920 DASH ($152,240 at today's price).

d) A successful attack on the budget system would likely crash the price of DASH, at least temporarily. Let's say that such an attack reduces the value of DASH by just 10% (in reality, it would probably be far worse than that). The attackers gain AT MOST $152,200 but lose $990,000 (10% of the value of their $9.9 million holdings).

e) In reality, there are generally many proposals that reach greater than 10% support. In fact, we often see the majority of the budget consist of proposals with greater than 18% support. That means the attackers would have to control even more masternodes to be able to seize the entire budget. In reality, only a small percentage of the budget is usually available to a "barely passing" proposal...usually less than 1,000 DASH. The most that an attacking consortium with $9.9 million worth of DASH could hope to seize is...about $22,000 (1,000 DASH * $22 USD per DASH).

Therefore, an attack on the budget system by a rogue group of masternodes is a) unlikely, and b) not economically feasible.

Before you can make any such claims you would first have to prove who owns what and, frankly, all you have is hearsay. IMO, MNOs are already being screwed because just a handful of people own more than 10% of all MNs... go ahead and prove me wrong because from where I'm sitting, your claims are just as unprovable as mine.

 

[demo]

Or do you mean that the automatic budjet finilization does not take into account the proposals that are proposed in the last 72 hours?

If this is the case, can you show me the code for it?

Ok, although you didnt show me the code, lets suppose that the budget finalization procedure does not take into account new proposals that occured within the last 72 hours.

In that case, the attack has to be combined with a denied of service attack or with irrelevant troll posts attack to all the sites that inform the masternodes about the new proposals. There arent so many those sites. It is this forum, the dashcentral, and the dashninja.pl.

If whithin those 72 days the attackers will manage to distract the attention of the masternodes to other issues, then the attack will be succesfull.

P.S. I am still waiting for someone to show me the code where this 72 hours number exist.

 

[demo]

P.S. I am still waiting for someone to show me the code where this 72 hours number exist.

Or is it 96 hours the value? Is this 96 (or 72) inside the dashd, or is it a sentinel related value?

I wonder, but nobody answers to me (until now).
Security through obscurity....

Futhermore, let me show you two cases where you can see the last minute "yes" spikes.
http://dashvotetracker.com/history.html?ProposalID=122
http://dashvotetracker.com/history.html?ProposalID=124