Re: [Payout Updates] Bitcoinica site is taken offline for security investigation

Quote from: genjix on June 16, 2012, 02:26:33 AM

I was just looking at a piece of code for hedging and saw 3 bugs and numerous hacks to work around flaws. It doesn't surprise me that third time lucky it blows up.

Quote

class HedgingJob
...
confidence_level = Setting.where(:key => "confidence_level").first.value.to_f
surplus = Setting.where(:key => "surplus").first.value.to_f
if Setting.where(:key => "buy_factor").first
buy_factor = Setting.where(:key => "buy_factor").first.value.to_f
sell_factor = Setting.where(:key => "sell_factor").first.value.to_f
else
buy_factor = 1
sell_factor = 1
end

....

price = Ticker.last_tick("BTCUSD").selling * 1.02
response = MtGox.buy!(amount, price)
....

Quote from: zhoutong on June 16, 2012, 03:32:48 AM

I know it's not world-class code, but isn't it just business logic and nothing else?

Nothing else, exactly, thats the point.

Since you posted that code, well.
Its the typical kind of code which assumes everything goes well and works as intended.

There is absolutely zero checks and precautions to protect against anything not as assumed, and moreover, that piece of code does asssume a whole pile of things. Just the thought that such code runs automatically and trades several thousands of $$ makes me feel sick...

Sorry for being so blatant