I have a question about mirroring trades as suggested in the blog entry. I guess mirroring is all done in numbers (profit/loss percentage) but not in real transactions since we won't have any secret keys to make trades for our followers, just like a sort of fantasy trading. Of course it can be done if we create accounts for our users and we manage them but then managing other people's money is always risky and hacks can be disastrous. So, should we go with fantasy trading only? The trader will make live transactions but followers will only reflect numbers on the DB, not real trades, right?

You can give your users the ability to enter their private key, like https://stellarterm.com/#account does. It stays on client side and it is not accessible to them. Once the transaction is signed on the client side it travels encrypted. You do not have to create users accounts, users with existing private keys should be able to use them to "login" to your website, at least that is how I am implementing it. My issue is that once a user wants to mimic another trader but he is not online once the trade happens, how his private key is going to be fetched so that he can sign a similar transaction at the same time ?

strasse86 "once a user wants to mimic another trader but he is not online once the trade happens, how his private key is going to be fetched so that he can sign a similar transaction at the same time ?" That's exactly the point of the question. We don't have the keys to mirror the operations as they happen so it's useless unless we do some fantasy trading or create accounts for them, again risking their money. I'll start playing with fantasy trading and then implement something else as we advance.

Sounds like you'd need to take a federation approach https://www.stellar.org/developers/guides/anchor/index.html

Or just have a rebalance button when a user logs back in to the app

Actually, just use multisig and have the user add your base account as a signer: https://www.stellar.org/developers/guides/concepts/multi-sig.html

Ok here is the first draft, this is all fake data just to see how everything fits in place. I have a fixation with dark themes but will offer also a light option just in case. Feedback highly appreciated.

mikeyrf That sounds like an interesting option. Right now deciding if the user will add us or we issue a new account with both signers at once, the latter being easier on new users and will allow to track it better since no other transactions will be submitted without both signatures.

Yea I’ll likely be implementing the latter

I'm assuming that trade mirroring has to be automated, i.e. without user intervention? Then multisig would have to be 2/1. Not sure how helpful that would be. Also (down the line) there will probably be compliance issues with taking custody of the account key. Just look at all the KYC processes Satoshipay is doing- and they're not even custodial.

Is there a way to atomically get the balance and the last transaction? If not seems like there would always be a race condition when trying to see the balance associated with a transaction.

SBC - Social trading questions

mikeyrf

? ... then seriously considering just sending an email/notification to the follower with a button to rebalance their portfolio

dandalion98

Yeah was thinking that too. I'm not a trader, but I imagine that timing is very important, so the trade has to be carried out asap. By the time the user has is able to respond, the opportunity might have passed. I guess it depends on the type of trader. I think most guys on Zulu are daytraders.

Torkus

In the case of Zulu they can hold mega accounts for trading and then just balance the numbers in the DB. Like if Johny Trader sold 1000 XLMs then his 1000 followers totalling one million XLMs would sell that amount in just one operation. We could do that too but with greater risks, instead if we loop over the accounts of the followers submitting one op for each real Stellar account then we keep the system healthier and less prone to hacks.

Torkus

This is what I've been thinking lately for our system. This is the meat of a solid project and I think it's not hacker-proof but at least very difficult to compromise unless they access all the parts at once in which case we're doomed.

First we identify two user roles in the process, traders and investors:

When trader registers:
- We create account T1 with two signers (threshold 2), our main account M1 and their new account T1
- We provide trader with secret key and we don't store it anywhere. All txs must be initiated by trader.
- When user trades they sign T1 on browser then submit to server, we sign M1 and submit to network T1+M1
- Nobody is aware of T1 signature except trader so account can never be hacked on client or server side.

When investor registers:
- We create account I1 with three signers (threshold 2), our main account X1, validator server V1 account, and their new account I1
- When trader trades T1, we sign M1 and submit trade to Stellar network as explained before
- Then we create one operation for each follower, sign X1 and submit tx to validator server V1 with ID:T1:TX
- Validator server V1 can only process accounts that have been signed by us X1
- Validator on signing request must ask for original transaction from T1 to verify it has been signed and submitted
- We may pass a batch with all trades signed X1 and properly identified.
- Validator can process txs in 100 ops batch (if that many followers) or process individually if they fail.

Validator server V1 can also process withdrawals and closing accounts once I1+X1+Y1 have been signed initiated by I1 only and signed by I1+X1.

* Our main accounts M1 (trading) and X1 (investing) are different to keep processes isolated.

Thoughts?

dandalion98

Torkus I like the idea of the Validator. I think the key to security is that the Validator should only sign trades from X1 that matches the original trader's trade. It should never sign payments. This will greatly limit the damage in case the X1 is compromised.

mikeyrf

I think the concept of user roles is too complicated for the challenge (and annoying for initial Stellar-aware users). It’s probably best to choose between ignoring the build suggestion of mirroring portfolios (I’m leaning this way) OR implementing mirroring with a multisig approach and ignoring the security vulnerabilities

Torkus

dandalion98

Exactly. If a hacker gets the keys of T1 they can't empty the account without M1's signature. If they compromise M1 they can do nothing to T1 either. Traders are safe.

On the investor side, I1 has no power alone, they can compromise X1 but it can't do anything without V1, and if they compromise both still they can't empty any accounts sending fake orders since they need to exist as trades before being accepted as investments.

Of course Validator must have zero interaction with the world, zero port opens except the necessary, zero code available thru APIs except the request/response for investments and a very strict policy of talking only to X1. We may fine tune the orchestration a bit more but this looks like the right path to take.

I already started working on the front end, if any one of you (or both) wants to team up so we split the workload and the prize then just let me know.

Torkus

I also think for the challenge making it work may be enough and then spend the prize in incrementing security before something really bad happens. Because too much security without a functioning app is not worth a dime either.

mikeyrf

Torkus i think that’s a good approach

dandalion98

Regarding batching, an interesting problem that could happen is if the original trader's Offer runs out. We can try the next best up to a certain percentage. But those aren't guaranteed to exist. So it's possible that some investors will be left with an open offer. In most cases this is probably ok, but they can build up. I'm not aware of a way to set a deadline on an offer.

I'm guessing this doesn't happen on FOREX markets due to huge volumes.

jamesmudgett

Torkus would reduce information down to only a few indicators, drop real photos and names - use gravitatar + username instead, sort based on ROI (maybe a sort by this timespan, 1 week, 1 mo, etc), more color

Torkus

jamesmudgett Points taken. I personally don't like using real names/photos so it's ok to use pseudonyms and avatars. If the user doesn't upload a pic/avatar then gravatar from email may be used or a colored letter as last resort. Already added some colors to indicators and it brings more life to the dark theme.

jamesmudgett

Torkus One more thing, adding rank would help to gamify competitive aspect.

dandalion98

Does anyone know how Zulutrade calculates ROI? It looks like it's adding together PIPs from different positions, which doesn't make sense to me, because a PIP is not an absolute unit.

Torkus

I have no idea but I guess it should be calculated on every trade and recalculated on every deposit/withdrawal. Then current ROI calculated since last movement and aggregated to all past ROIs up to the cut. If there is an easier way let me know as I am confused as well.

mikeyrf

For rough estimate that likely works for the build, why wouldn’t you just use the cron job approach of recording portfolio value every 24 hours then using those data points to calculate ROI? Yea it’ll be off when the user moves money into/out of their account, but likely good enough for now

Torkus

Yeah, cron jobs should be enough but data points should be on every movement for that period.

If you start with 100 XLM, trade all for XYZ and make a 50% gain, then you deposit 1000 XLM more it will get messy. So for every transaction there should be a profit calc and then aggregated by the cron job by day/week/month/year.

Select sum(profit) from trades where user=:id and time between :ini and :end

Open trades should be calculated on current prices at the moment of the job. ROI should be calculated on XLM value as our quote asset, perhaps in USD too?.

So if you have closed three trades (sold XYZ back to XLM) with profits in the 20%, 15% and -5% you currently have a 30% ROI and if you have an open trade for XYZ then that last movement will be calculated as a probable profit/loss according to the last XYZ price. If the price is down -5% then your total ROI up to the cut-off is 25% but if the price is up another 10% then your ROI is 40%. Unless we don't consider open trades in the calculations, but if I buy all my stash in XYZ at the beginning of year and never move it just watching it grow up to 75% right now, what is my ROI? Zero?

mikeyrf

Torkus No, your ROI would be 75% in that case.

Torkus

Now, if you trade your XYZ for BTC with a profit of 10% then BTC tanks and loses -15% then you sell all and buy ETH and it gains 25% then your current ROI is 20% of which -5% are in stone (10% and -15% closed positions) and ETH subject to change recalculated by crons until you close it back to XLM or make another trade. In other words, the open positions are the ones that fluctuate. Open positions are considered all assets you hold greater than zero. We should consider XLM as the quote asset or currency, so the fluctuations in XLM don't affect your ROI but all other assets do.

mikeyrf

Torkus I’d use USD as the reference point, like StellarTerm does

Torkus

mikeyrf Exactly so ROI for a time period is equal to the sum of profit/loss in all trades (they must be recorded one by one) and the sum of all open positions (profit at current price of all assets held).

ROI = ∑P + ∑O

« Previous Page Next Page »