The aforementioned attack involves a controversial market described as betting on the price of ETH at the end of March, which expired on April 1, 2019, 1:59 AM (UTC +8), a few hours off from the actual end of March 31.
Since the contract expires before that tie, it may be deemed invalid in what Binance researchers call a design flaw attack. The market has also been reportedly wash traded by a few wallets, presumably to inflate the volume.
Reddit users had already brought up this expiration issue on March 20, with Augur core developer Joey Krug noting at the time that the crypto community had exaggerated the scope of the scam, while admitting that a safeguard against such activity is currently malfunctioning and should be updated in Augur version 2.
According to Binance research, the attacker also reportedly sent a limit sell order for the more realistic outcome (that the price will be between $100 and $1,000) “at a quote that is above what would be rewarded by an invalid result, but quite below that which an unsuspecting participant may consider as a good deal” in order to lure in a newcomer.
If the market is deemed invalid, then all users that contributed will see their shares valued at one-third of their initial value.
The report also further notes that the market — already covered by Cointelegraph — “Which party will control the House after 2018 U.S. mid-term [sic] election?” was another instance of such an attack. This market, which reportedly exhibited a total volume of more than $2 million, featured a market settlement date was on Dec. 11, 2018, while the change in the U.S. house was effective as of Jan. 3, 2019.
In this case, users did not deem the market as invalid and settled for the Democrats’ win as the outcome. The research also suggests potential solutions to the exploitable nature of Augur’s mechanics, such as a price-based refunding mechanism, clearer references and market validators with non-trivial stakes.
Per the report, prediction markets appear to be one of the best blockchain use cases, since they necessitate trustlessness and decentralization to work correctly, protecting themselves from both governmental actions and censorship.
However, according to Binance, Augur presents other substantial flaws, including low liquidity, barebones functionality, complex mechanics, an unclear approach to governance and the aforementioned ongoing attack.
Prediction market regulation is particularly unclear, as a centralized prediction market can fall under the scrutiny of the regulators of multiple states. For instance, Ireland-based prediction Markets Intrade and TEN have seen the United States Commodity Futures Trading Commission (CFTC) file a civil complaint over their violation of the off-exchange options trading ban.