Decentralized betting protocol Augur is dealing with a situation: fraudsters can illegitimately profit by gaming the system, and thereâs not much its devs can do about it (for now).
Augur co-founder Joey Krug recently addressed community concerns about scammers taking over the platform. Theyâre alleged to be intentionally creating invalid markets en masse, which fool the system into mistakenly distributing profit to the attackers.
For context, Augur is a blockchain-based marketplace for prediction betting, where anyone can open a market on any subject. Token holders are encouraged to come to consensus over the outcome of a particular bet (say, that it will rain in New York on Thursday), and a system of smart contracts distributes the winnings.
Hard Fork spoke with Krug for an inside look at how Augur is responding to the threat, and how it plans to protect users moving forward.
Bad news: not much can be done until Augur 2.0 arrives
Below is one example of the âinvalid marketâ scam. This seems like a standard Augur market, which encourages cryptocurrency users to wager on what they think the price of Ethereum will be at the end of this month ($0-100, $100-1,000, or over $1,000).
The problem is the market expires before the end of March (at 7:59PM) rather than at midnight. It is believed that once this market reaches its expiration date, bad actors could potentially profit even though they made obviously incorrect bets.
Usually, Augur participants rule  markets like these âinvalid.â To exploit this, attackers are said to bet on impossible outcomes, while voting to make the market invalid. This triggers Augur to distribute all funds held in the market equally between participants.
In practice, this process allows scammers to profit when they shouldnât. They can intentionally create invalid markets, bet on the wrong outcomes, and walk away with more cryptocurrency than when they started.
Augur already attempted to plug this loophole with things called âvalidity bonds.â They act as collateral that Augur will confiscate if users try cheat with bad markets.
âWith validity bonds, the idea is you lose money if you create an invalid market,â Krug told Hard Fork. âBut right now the formula to calculate them isnât working properly.â
The problem facing Augur devs is the algorithm that decides how much money is lost when invalid markets are intentionally created isnât configured correctly. Itâs supposed to deter bad actors from attempting the âinvalid market scam,â as the amount Augur takes as punishment is meant to outweigh any potential profit.
âRight now, they donât lose much, and the system is supposed to raise that amount over time until the number of invalid markets decreases, but thatâs buggy, so that will be fixed,â Krug continued.
It canât be fixed, though, without updating Augurâs smart contract code, which is an incredibly difficult process. Any potential patches would need to be made with an âon-chain update,â and Augurâs next one isnât expected until later this year.
âThereâs another fix, too, which is to allow trading on whether a market is valid or not, so in order to profit from it, a troll would have to repeatedly bid for it to be âinvalid,â which could trigger a UI filter to alert users,â claimed Krug. âBut again, that canât be done without an âon-contractâ update.â
Good news: special UI warnings might be a temporary fix
An airtight solution might still be months away, but Krug isnât exactly convinced Augur faces a scammer epidemic.
Get the TNW newsletter
Get the most important tech news in your inbox each week.