You are viewing a single comment's thread from:

RE: A system to pay for everything with upvotes

in #steem7 years ago (edited)

I have to ask for a clarification here: does the user upvote using his own account or is he delegating SP to an account of the vendor, which then does the upvote?

the user upvote using his own account

As for the attack, we upvote comments that are seconds from being in the "no more vote" zone, so if we manage this correctly, we can probably cast a vote within three seconds of the zone, which leaves no time at all for the attacker because he has to wait for the next block (3 seconds) to see that you upvoted the comment, and by that time, it's already too late. It's a bit tricky for a human, but a bot can definitely do it.

Which means that they have to flag the comments before they are voted on. So they have to flag it while being "blind" aka they don't know how much flag percent they must use to negate the deposit. Which means that if starbucks has 100 accounts, they have to flag all of these accounts all the time to make sure that they hurt deposits.

Them being blind also means that the system can see those flags and make the user vote on flag-free comments. So the vendor can easily scale the commenting system for little cost by adding accounts while the flagger needs a tremendous amount of voting power to be able to cover them all with flags that actually hurt the reward.

Right now with more or less 2500 sp I can do 10 downvotes at 1$ per day. (downvotes actually cost more in steem power than an upvote but for simplicity's sake we'll suppose they cost the same)

So that's 250 sp per 1$ flag per day.

there are 86400 seconds in a day, so 86400/20 = 4320 comments per day.

If there is just one account and you wanted to downvote all the comments, by 1$ you'd need 1 080 000 sp. Which is more than 5.5M USD. And this is just removing 1$ from deposits. So you have to invest 5.5M to take away 4320 $ of deposits per day. Nothing that a big vendor can't cover.

But this is where this attack will get impractical, creating an account "costs" 3 steem (it is not destroyed, just powered up on the new account, so effectively it's free). Which means that for 300 steem, about 1500 bucks, you get a system that requires an attacker to have half a billion worth of steem.

Thus rendering this attack unscalable.

Good question: e.g. competitors, who want to diminish the reward of a vendor or "modern day Robin Hoods"

Well yes, your [1] is correct but in this instance they steal from the poor to prevent them to give to the rich :p

7 years ago in #steem by
$0.00
    1 vote
    Reply 2
    Sort:  
  • Trending
    • [-]
     7 years ago  

    So you could call this "security by cost-effectiveness considerations" :D

    Thanks for the detailed explanation.

    $0.00
      Reply
      [-]
       7 years ago  

      You're very welcome ! Thank you for challenging the system, it helped me find and fix some flaws :p