Exchanges can easily frontrun

#1

Ok so we're all here, or at least, a good chunk of us, because of the anonymity features. However there's on thing that is bothering me. Given the nature of this project, in certain situations this can be good but also bad.

No one will be able to check funds arriving at exchanges - which is by itself one of the objectives of this project - meaning exchanges can easily frontrun the market without anyone else ever knowing.

If someone makes a deposit of a large amount of coins, odds are that person will most likely dump. However with this and the exchange being the only one aware of the transaction, it can easily manipulate the market. The user who deposited is, we assume, protected and happy since the Zcash protocol did its job and no one knows he sent the coins. However the recipient can easily manipulate the whole market, (ie, dumping before).

Imo, privacy and anonymity are priceless, but this has the potential to scale and turn out to be a serious problem, if we assume the worse happens. Will it be worth using it then?

I like to believe exchanges don't have teh incentive to take this to the extreme and completely ruin things (ie $100 worth of Zcash being worth 5$ the day after, even though it could also happen without the exchange front running) but this is a scenario that can easily happen and the issue here is no one can be held accountable.

I believe a solution could be exchanges accepting anonymous transactions but keeping their own ledger open to the public, like cold and hot wallet amounts? And then users could migrate to those exchanges as they see them as fair? Still it's easy to trick people as there might be one other wallet no one is aware of for example.

What do you think about this situation? I think it's in everyone's best interest not to do this but Gox happened.

#2

I don't think you've grasped transparent and protected transactions. Or whatever the current terminology might be...

#3

Would you care to elaborate? There can be "clear" transactions, but those are optional right? Which means some transactions' details are only available to whoever made those transactions.

"_The pour transaction consumes the input coins by revealing their serial _
numbers, but does not reveal any other information such as the values of
_ the input or output coins, or the addresses of their owner_."

Everyone can do this and make a transaction to an exchange deposit address.

#4

I had not thought about that. What made you think of it? It's probably illegal in most states, assuming exchanges face state law. How is different from bitcoin, et al? It's not illegal if they frontrun based on public knowledge like a blockchain, but how are people (or trade bots) supposed to know if transfers involving current coins are to or from, or if the transfers even involve an exchange? So I would think whatever the exchanges are doing now, they would still do with Zcash, and I don't see how the anonymity and amount privacy would give them more room for abuse.

It's not big deposits or withdrawals from single people where I think the abuse would come from, but from the exchanges seeing the general trend of incoming or outgoing coin and start to buy or sell based on the inside information. I believe there are laws (detailed bureaucratic regulations) that prevent ameritrade, scottrade etc from doing this. For example, you put in a limit order at night that does not go in effect until the next day.

#5

I'm not sure how exchanges verify "private" transactions in general, but there has to be a way.

For example you can purchase and trade Dash and Monero on many markets, both have different algorithms to hide their transactions in their own way and both successfully append the blockchain to verify trades.

#6

Do exchanges accept those kind of payments? Dealing with payments that aren't of the garden variety, publicly visible type would just be an extra hurdle for them and my guess is that they're not bothered to make the extra effort. In their position, I wouldn't either.

#7

He's saying that an exchange can see how much of a coin is in everyone's account, and if a coin increases from deposits, then the exchange can expect to see more sales in the near future, so it would sell it's own private holdings before the new large deposits are sold, thereby driving price down a little ahead of time at the expense of the big depositors who have not yet sold their coin. The exchange could exchange that coin for a coin that their accounts show is probably about going to increase in value. It's front-running by having access to the inside information of the sum total of everyone's accounts on the exchange. I just don't see how it's any different from other coins, unless he knows a way of looking at bitcoin's blockchain and determine if it is about to swing up or down, thereby having access to information that is similar to what the exchanges are seeing, giving people a change to sell a the same time an exchange will try to sell its private holdings.

#8

It's different from Bitcoin or other coins because you can see the addresses on the blockchain via a coin explorer. You only need to know an exchange's hot/cold wallet's addresses and see inputs and outputs.

With Zcash you have no way of seeing transactions on the blockchain. I mean you can but they are obfuscated so it's useless.

This will make the exchange the only entity with knowledge on deposits/Withdrawals and could use it to advantage. Like you said, they could dump before everyone else if they receive a huge deposit. Even though it might be difficult to know that with other coins, it's still possible I guess. With Zcash it should make it impossible.

While exchanges have to follow regulations - which most don't already - this technology might make it hard for someone to prove they're following them or not.

Like I said it's a double edge sword, it protects the original user who sends the coins but the exchange could dump ahead of time. Even ahead of that same user and no one else will know as there is no way to track the amounts transacted.

I came up with this because, with BitShares, for example, Polo only uses the same address for everyone but with a different memo. This makes it easier to track and I could easily see old time whales sending their coins to the exchange and react accordingly. It might be harder with other coins but it can still be done.

It's not that I'm particularly worried about this, in the long run, a good project should sustain these kind of situations, I'm just alerting for the possibility of this event.

#9

It's good to be aware that some unscrupulous brokers and exchanges may engage in front-running, but it's not so much a technology problem as a human one which has existed for hundreds of years.

It will be upto exchanges to decide what services to offer their customers. Some may choose to only accept deposits and withdrawals from transparent addresses, other may allow the use of protected funds.

1 Like
#10

Not on Bitsquare.

1 Like
#11

Not on any decentralized exchange like Bitshares DEX. I can't wait to see them add zcash.