Augur Developer’s Dilemma in Fixing Vulnerability in Bettors Prediction Market
Augur CEO Joey Krug admitted the platform’s betting system had a vulnerability that has been exploited by scammers.
Bet on Impossible Outcomes
In a series of Tweets, Krug admitted that a malicious actor has taken advantage of a vulnerability in the best-known prediction market by taking advantage of deliberate ambiguities in phrasing in certain markets to game the system and make illicit profits.
Krug responded specifically to a post in Reddit title “Augur is being gamed!” by a user Singlefin 12222.
This is kinda fake news for a few reasons. #ethereum @AugurProject
1) Almost all of these purposefully confusing markets are being created by one person, not a bunch of people. The activity on those markets is also by one person / address. https://t.co/9jLIeGqun9
— Joey Krug (@joeykrug) March 20, 2019
According to user Singlefin 12222, malevolent individuals have been able to make profits by betting on impossible outcomes before they vote to make the market invalid. By using that method they automatically trigger Augur’s system to distribute the market’s collected money to all the participants.
Singlefin 12222 explained:
“They create a bet with a ‘very subtle mistake’ in the description. Then, they put a bet on the outcomes that will not win, staked REP on the market being invalid and voila! All staked funds will be distributed equally, which meant those that bet on the wrong outcome would also get the money.”
Augur is a prediction marketplace that’s been lauded as among Ethereum’s most promising dApps and is among the very first ICOs.
It lets people create and bet on just about anything. The aggregate of bets hypothetically establishes a reliable source of predictive knowledge. To ensure the markets resolve accurately, there is a distributed network of “reporters,” i.e., holders of Augur’s REP token who stake money to verify the results of each market.
While the system looks good in theory, someone or a group of people have exploited a vulnerability by marking markets with ambiguous phrasing as invalid, which kills the market and forces the entire bet to be returned evenly as opposed to proportionally to the market creators and bettors.
Not Any Time Soon
The Augur CEO has promised a solution which comes with the total repair on Augur v.2. Unfortunately, the upgrade doesn’t look to be happening any time soon. He said though that the team had created a temporary solution to the issue that involves implementing basic UI messages that will warn users anytime they interact with a potentially fraudulent market.
Krug stated:
“These aren’t things to be rushed. I think it’s probably easier to address UI side, by warning people about this stuff more.”
Krug has asked users to be on the lookout for scammers and stay alert by paying attention to the details of various markets (bets) until the company launches Augur v.2.