Odaily Research Report | EOS Ecological Research Report (2019.01)

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

Odaily Research Report | EOS Ecological Research Report (2019.01)

李雪婷

2019-01-08 09:15

本文约10081字，阅读全文需要约40分钟

Existing problems and solutions in the EOS ecosystem.

Text | Li Xueting, Senior Analyst of Odaily Research InstituteThe security issue of DApp is urgent, focusing on top projects such as EOS.WIN, EOSBet, and EOSDice. The attack methods are mainly random number cracking, smart contract loopholes, and the use of controllable random number seeds.

Picture | Kong Fanxing

Editor's note: EOS has been carrying people's expectations for "Blockchain 3.0" since its birth. In the first half of 2018, EOS, which maintained the largest amount of ICO financing (over 4 billion U.S. dollars), experienced crazy supernode campaigns, "epic-level" vulnerability exposure, "centralized constitution" being questioned, and many progress delays. Finally, the mainnet was officially launched and activated on June 15.

The EOS mainnet has been online for more than half a year, has "Blockchain 3.0" arrived?

With the team's continuous technical improvement and update iterations, EOS has solved the problems of low application performance and high handling fees of Bitcoin and Ethereum to a certain extent, and promoted the large-scale commercial application of blockchain technology in ecological construction. at the same time:

Half a year after the EOS mainnet was launched, the market capitalization has reached $2,326,269,031, ranking second among all general platforms (Ethereum is first).
The total transaction volume exceeds 12,559,024,410 EOS, and the total number of transactions reaches 800 million. Thanks to the advantages of transaction efficiency, EOS has surpassed Ethereum in both the total transaction volume and the total number of transactions, and the average monthly transaction volume is close to that of Google Play 1/4 of.
Guessing games feed back the EOS ecology and promote the prosperity of EOS DApps in many fields. There are 238 DApps in the ecology, covering various services such as payment, information, knowledge sharing, CPU resource supply and leasing, DApp security, asset cross-chain, exchanges wait. The average daily active users of DApp has exceeded 38,000.
EOS TPS has exceeded 5,000 times per second, and the block generation speed has been increased to 0.5s under the DPOS consensus mechanism. Through the expansion of inter-chain communication and the release and adjustment of RAM, CPU, and NET resources, it has the ability to achieve higher throughput and scalability sexual potential.

Objectively speaking, the EOS improved on the basis of Ethereum (the creator of the smart contract era) has indeed brought the blockchain into the "2.5 era", and it may also be the closest to the "blockchain 3.0" form among the current operating systems. one. In addition to technology, EOS, which has been repeatedly questioned as "air", has also completed a great "social experiment" (and capital experiment) through node elections. But looking at the history of technological development, if the blockchain is regarded as a branch of Internet technology, it takes ten years to go from version 1.0 to version 2.5, which is only a "small step in technology". There is still a long way to go for blockchain technology to reach commercial-level applications. Issues facing EOS include:

Although EOS based on the DPOS consensus mechanism solves the problem of inefficiency in the "impossible triangle", its fairness has been questioned due to the super node election mechanism.
Nodes are under operating pressure. The top 21 super nodes are still in a profitable state, and the top 50 nodes are basically in balance. However, starting from the 50th node, the income shows a downward trend, and there is a situation where it is not enough to make ends meet.
Maintaining the status quo of the rights distribution between ECAF (EOS Core Arbitration Forum) and BP (Block Producer) may be the only correct choice at this stage.
The mechanism defect of RAM and the problem of excessive CPU resource consumption.
The ecological structure is single, and quiz DApps stand out.
The security issue of DApp is urgent, focusing on top projects such as EOS.WIN, EOSBet, and EOSDice. The attack methods are mainly random number cracking, smart contract loopholes, and the use of controllable random number seeds.

8. Referencesheredownload.

Table of contents

1. Overview of EOS data

2. EOS voting mechanism

3. Negative feedback mechanism of EOS RAM

4. EOS CPU lease mechanism

5. EOS ecological structure

6. Security Situation of Guessing DApps

7. Summary

8. References

The fourth stage: In December 2018, frequent security breaches occurred, and the popularity of EOS rose slightly. The average number of daily searches was 4,447, a year-on-year increase of 96% and a month-on-month increase of 27%. However, overall, it remained at a relatively stable level.

1. Overview of EOS data

1. Search popularity analysis

Since 2018, the trend of EOS's Baidu search popularity is mainly divided into several stages:

The first stage: from January 2018 to June 2018, affected by the voting before the mainnet launch on June 15, the rising price of EOS drove the popularity of EOS, and the popularity of EOS reached its peak in April.

The second stage: From July 2018 to September 2018, the popularity of EOS began to decline slowly and returned to stability.

The third stage: October 2018~November 2018. From October onwards, affected by the general plunge of mainstream currencies, the popularity of EOS also fell for a time.

According to coinmarketcap data, as of December 31, 2018, the closing price of EOS was US$2.57, with a total market value of US$2.326 billion, a year-on-year decrease of 53.9%, accounting for 1.89% of the total cryptocurrency market value, while in 2018 On April 29, the market value of EOS reached an annual high of $17.77 billion. In contrast, ETH, as of December 31, 2018, had a price of $133.37 and a total market value of $13.886 billion, accounting for 11.3% of the total cryptocurrency market value (nearly 6 times that of EOS).

2. Market value and price analysis

According to Coinmarketcap data, as of December 31, 2018, the market value of 8 general-purpose development platform projects, including ETH, Stellar, EOS, TRON, Cardano, NEM, NEO, and Etherrum Classic, is shown in the figure above, of which the total market value of EOS is 23.26 billion, ranking second. The first and third places are ETH and Stellar respectively.

Judging from the data of total transaction volume and daily average transaction volume, EOS has certain advantages, which seems to be brought about by the advantages of EOS in transaction efficiency. From June 15, 2018 to December 31, 2018, the total transaction volume of Ethereum was 440.09 million ETH, and the average daily transaction volume was 2.2 million EOS. Compared with Ethereum, the total transaction volume of EOS from June 15 to December 31, 2018 was 12,559.02 million EOS, and the average daily transaction volume was 62.8 million EOS. As shown in Figure 4, the transaction volume of EOS has fluctuated and increased since November 2018, and set a record of 5,657.78 million EOS in a single day on December 19, totaling $1,414.45 million.

3. Transaction data analysis

The reasons for the existence of a large number of fake accounts are analyzed by PeckShield security personnel: 1) A large number of active DApps try to hit the list rankings in this way, thereby attracting more traffic; 2) There are lottery rewards in the DApp game mechanism, which attracts a lot of wool 3) In recent months, the EOS DApp ecosystem has ushered in a big explosion, and fake accounts are a normal phenomenon in the initial development of the industry or competition among peers; although among 37% of real accounts, account activity is nearly 20% , but it far exceeds other public chains.

4. User data analysis

active account

According to data from the EOS browser eosflare.io, as of December 30, 2018, there were 630,000 EOS accounts. It is worth noting that, according to the statistics of the blockchain security company PeckShield, among the nearly 500,000 EOS users, nearly 120,000 accounts are group control accounts, accounting for 39%; more than 200,000 accounts are silent accounts, accounting for 23%. %; this means that only 37% of the real active users.

The number of daily active users and new users is an important basis to reflect the activity level, user attractiveness and operational capabilities of a general platform. According to Spiderstore data, the average number of daily active users on the EOS platform from June 15 to December 31 was 34,954, and the average number of new users per day was 2,320. The number of active users peaked at 131,879 on December 28.

5. DApp active users

Bitcoin and early Ethereum chose the POW consensus mechanism, which requires mining to maintain the operation of the blockchain network. Different from Bitcoin and Ethereum, EOS is based on the DPOS consensus mechanism and uses a decentralized autonomous organization to maintain the operation of the blockchain network mainly through 21 block producers (Block Producer) and candidate nodes (Block Producer Candidate). The nodes with the top 20 votes are directly elected as the block producing nodes (supernodes) of this round, and one of the remaining nodes is randomly selected to become the 21st block producer. In the EOS node election, a vote is held every 126 blocks, and the interval between each block is 0.5 seconds, so there will be a round of elections every 63 seconds.

2. EOS voting mechanism

Therefore, the use of voting rules to solicit votes and bribery has become a shortcut for the candidates of all parties to succeed in the election (the so-called bribery is to return the node rewards that should be distributed every year after being elected as a super node to everyone who voted for themselves). There are two methods of bribery: internal bribery and external bribery: internal bribery is to maximize benefits by exchanging tickets between nodes and supporting backup nodes; external bribery is to issue tokens to reward nodes that vote for themselves.

1. EOS node bribery scandal

In March 2018, the EOS Laomao team stated that once elected, it will reward voters with dividends, promising to return 50% of the distributable income to the top 50 voters. This move was opposed by block.one and foreign communities. Both BM himself and the EOS New York community later stated that this was not conducive to the long-term development of the EOS ecosystem. Thomas Cox, who is responsible for the community of the EOS team, directly reprimanded the behavior of the EOS Laomao team for not conforming to the EOS constitution. In April 2018, the "Wenzhou Gang" hoarded a large amount of EOS spot before the EOS super node election, hoping to gain an upper hand in the voting. In September 2018, some media broke the news that Huobi was suspected of mutual voting with 16 candidate nodes, among which Huobi voted 56,300 for the other side and 40,022 for Huobi. Huobi officials later denied this, and claimed that Huobi has no financial transactions with the relevant nodes mentioned in the article.

The reason why there is a problem of bribery in super nodes is that the elected super nodes can not only get node rewards, but also have sufficient voice in the community. Node rewards come from the additional issuance of EOS tokens (EOS will issue 5% more each year, 1/5 of which will be used as node rewards), and it will be issued in two forms: one is block rewards, and the top 21 nodes will undertake the task of generating blocks and enjoy annual node rewards 25% of the (1%), generally, the top 21 nodes equally share this block reward, and get 326 EOS every day (initial amount 1 billion*5%*1/5/365); The remaining 75% of node rewards are distributed according to the voting ratio of all nodes. The voting rewards can only be estimated, because although the voting rewards are distributed according to the voting ratio, the total amount of corresponding reward pools will also change when the nodes receive them at different times.

From the perspective of server configuration costs only, the top 21 super nodes are still in a state of profitability, and the first 50 nodes are still in a relatively balanced state of income and expenditure. However, starting from the 50th node, the node income will show a downward trend, and there will be a situation where the income cannot make ends meet . However, if additional costs such as bandwidth, infrastructure, and labor are taken into account, all nodes will basically have a certain degree of operational pressure. Part of the reason for this situation is that the price of EOS has been falling recently, and the price of EOS cannot cover its costs.

2. EOS nodes appear to be unable to make ends meet

As mentioned above, the operation of EOS nodes is not through mining, but relies on the annual node rewards of the EOS network. According to the data of eosx.io, the EOS browser, as of December 26, 2018, the daily rewards of the top 10 supernodes are 813~826 EOS. The daily reward for the 40th~50th node is 221~300 EOS. Huobi ranks first, with 864 EOS per day, calculated based on the real-time quotation of EOS at USD 2.45 on December 26, 2018, about USD 2,400 (total RMB 14,402); EOS24 ranks 21st, with 761 EOS per day , about $2,114 (total RMB 12,686); EOS amsterdam ranks 50th, with 221 EOS per day, about $614 (total RMB 3,684).

From a cost perspective, the purchase of mining machines is the main cost of mining Bitcoin and Ethereum. The cost of an EOS node not only includes server costs, but also additional costs for bandwidth, infrastructure and labor. The node server is actually a cloud host, including software and hardware. Take the recommended node server (Amazon AWSEC2 host x1.32x Large type, 128-core processor, 2TB memory, 2x1920GB SSD storage space, 25Gb network bandwidth) recommended by EOS when it officially announced the node election as an example, the cost of a node server is 13.338 per hour US dollars, plus a backup server, the daily operating cost comes to 13.338*24*2=$640.

In the EOS community, voting is the only way of empowerment. BP is voted by currency holders, but ECAF is not. Therefore, the EOS governance mechanism is the root cause of many problems in ECAF. However, maintaining the status quo in the way ECAF and BP distribute rights may be the only option at this stage. Because a "case" is decided by an arbitrator, if the arbitrator's power is too large and the dependence on the individual is too large, the ability and quality of the arbitrator will have a decisive impact on the judgment.

3. Slow communication between ECAF and the complainant's case

In the EOS arbitration system, firstly, the EOS token holders vote to generate the arbitration basis, including the EOS Constitution, EOS Dispute Resolution Rules and EOS Arbitration Manual. Then, the ECAF (EOS Core Arbitration Forum) administrator assigns the case to the arbitrator, and the arbitrator will arbitrate the case according to the arbitration basis and produce the arbitration result. 21 block producing nodes implement the ruling on the arbitration result.

Disputes for arbitration include:

1) Typical disputes where asset owners claim damages and seek relief;

2) Requests for emergency intervention for system vulnerabilities or account freezes;

3) Stakeholders’ requests related to data on the EOS main chain or related to the EOS main chain;

4) Requests from legal proceedings in foreign courts.

ECAF was established to serve the community by providing arbitrators with support in enforcing rules and practices, and enforcing cases. However, with the increase of complaint cases, the problems brought by ECAF due to its efficiency are becoming more prominent.

On June 28, 2018, EOS Cannon lost 1,281 EOS. EOS Cannon filed a complaint with ECAF, and the arbitrator of ECAF issued an "emergency freezing order" on the scammer's account on October 3. On September 14, 2018, Dapp EOSBet was hacked, and immediately appealed to ECAF, asking BPs to freeze the hacker account. However, the hacker account was frozen four days later, and Dapp EOSBet lost 40,000 EOS.

There may be two reasons for the low efficiency of ECAF: First, the limited number of arbitrators cannot match the massive arbitration cases. ECAF is an autonomous arbitration institution. It is currently mainly composed of unpaid volunteers and lacks stable income as a driving force. Second, ECAF arbitration The arbitrators only have the right to arbitrate and have no enforcement power. The arbitrator’s award needs to be reviewed by 21 BPs separately. Even if the arbitrator passes the review, the arbitrator has no power to supervise the timely implementation of the award by BP. This situation leads to the weak implementation of the arbitration result.

At the beginning of the EOS design, it was benchmarked against ETH, and the system resources were mainly subdivided into network bandwidth resources (NET), CPU computing resources (CPU), and running memory resources (RAM). NET and CPU are occupied resources and can be released after use. However, RAM is a consumable resource and will continue to decrease when it is used up. All three resources can be obtained by staking tokens. Therefore, EOS users and DApp developers first need to purchase tokens, and then mortgage the tokens to the EOS system account to obtain the right to use NET, CUP, and RAM. The more EOS a user holds or pledges, the more resources can be called in the EOS system.

3. Negative feedback mechanism of EOS RAM

1. EOS resource allocation mechanism

ETH adopts the GAS resource model, and users need to spend a certain amount of ETH to perform any operation on the Ethereum network. This model has simple resource allocation rules and operates in a market-oriented manner, but at the same time, it has defects. Each transaction needs to consume GAS, which can easily lead to network congestion and make it more difficult to implement high-frequency DApp applications.

Initially, there are fewer EOS ecological users and less demand for RAM, so the price of RAM will be relatively low, and users only need to mortgage a small amount of EOS to obtain more RAM. However, with the increasing number of users and DApp developers, the demand for RAM increases. From the perspective of the supply side, the total amount of RAM is determined by the joint vote of super nodes. Once confirmed, there will be no significant expansion in a short time In the short term, RAM holders have no incentive or incentive to sell their RAM, and RAM becomes a scarce resource. Therefore, the price of RAM will continue to increase, that is, users will need to mortgage more and more EOS. When RAM becomes a scarce resource, there will be room for arbitrage, and investors will hoard RAM at low points, thereby pushing up the price of RAM.

2. The dilemma of RAM

Traditional economics is based on the theory of equilibrium, where supply and demand affect prices, market mechanisms regulate supply and demand, and the balance of supply and demand is achieved through the price mechanism. That is to say, when our demand for an asset increases, the asset price will increase accordingly, and the asset supply will increase, and the asset price will decrease. The supply and demand curves reach an equilibrium point under market coordination, which is the red point in the figure. But market equilibrium is not a universal state, but requires some kind of negative feedback mechanism to maintain. A rise in price suppresses demand and stimulates supply; a fall in price stimulates demand and suppresses supply. This is the process of negative feedback.

According to the data of EOS Titan, on October 17, 2018, the two most frequently operated DApps on EOS - BetDice and EOSBET, the number of EOS used to mortgage CPU and NET reached 2.24 million and 163,000 respectively. In order to ensure the normal operation of the game, BetDice and EOSBET occupied too much CPU of the main network, resulting in a shortage of CPU resources, ordinary users could not perform transfer operations, and even the account itself was inactivated, requiring "recharging and restarting", and the EOS network was paralyzed. On November 16, within 24 hours of the FarmEOS game being launched, the number of active users reached 1,000, the transaction volume reached 2.5 million EOS, and the CPU price once reached 3 EOS/ms. Calculated at the price of 3 EOS/ms, users can only exchange 0.33 seconds of CPU for the main network by mortgaging 1,000 EOS. This is also the historical highest price point of CPU since the launch of the EOS main network.

4. EOS CPU lease mechanism

When a user calls a smart contract, the block producer needs to find the contract code according to the smart contract address, and then load the code into the memory for execution. This process requires a certain amount of CPU computing power.

There are two ways for users to obtain CPU: First, users who hold tokens can directly mortgage tokens to EOS system accounts, and the system will allocate CPU resources corresponding to users according to the proportion of mortgaged tokens in the entire network. Mortgage tokens cannot continue to be mortgaged or sold, and the mortgage lock-up period is at least 3 days. Second, users without tokens can rent CPU resources from other users.

According to eostitan.com data, from October 13, 2018 to December 21, 2018, the change of CPU time that can be exchanged for each mortgaged EOS is shown in the figure. When the CPU time that can be exchanged for staking an EOS is less than 1 millisecond (that is, within the range of 0-1 on the ordinate in the picture), any small change in the curve means a large change in the CPU mortgage price.

There are two reasons for the large fluctuation of CPU mortgage price: 1. CPU hoarding and leasing behavior, CPU is obtained by mortgaging EOS, and the mortgaged EOS can be redeemed. In the process of EOS mortgage and redemption, users do not need to pay handling fees. The EOS ecosystem also allows users to rent out the CPU resources obtained by mortgage to other users. 2. The rapid development of game DApps, and the continuous popularity of quiz and game DApps lead to a shortage of CPU resources on the EOS main network.

In addition, as the ecological entrance of EOS, the wallet also prospers the development of EOS DApp. Since the official launch of the EOS mainnet, many teams have been actively deploying digital wallets, and a large number of new wallets with EOS ecology as the core have emerged, including MEET.ONE.

5. EOS ecological structure

At present, the types of DApps that EOS users mainly participate in include Gambling, Games, Exchanges, Collectibles, High Risk, Marketplaces and Others.

According to the statistics of DappRadar, as of December 14, 2018, the number of DApps on EOS was 206, and quiz DApps accounted for 126, followed by games and exchanges, accounting for 18 and 17 respectively. Singleness is the main bottleneck currently facing the EOS ecosystem. Among them, 6 of the top 10 apps with daily active users are guessing games, namely BetDice, FarmEOS, FunCity, EOSBet, BETX, and Royal Online Vegas. From the perspective of the highest number of active users in a single day, the highest daily activity of DApps on EOS is 4956, and PRA CandyBox has the best performance. Ranked by trading volume, the top five are: BetDice, Royal Online Vegas, Chintai, Newdex, EOSBet, among which BetDice ranked first with a trading volume of 11,721,039 EOS.

Guessing DApps are the first applications to explode on EOS, and there are reasons behind them: First, when EOS has not yet reached a very high speed, applications with simple rules, simple operations, and no need to occupy too many computing resources are more popular. Suitable for the current stage of EOS. Second, quiz DApps rely on the unique token economic system to gradually form a "money-making effect". With the continuous increase in the income of quiz games on EOS, more and more public chains introduce quiz games, attracting more developers to join the block chain game market.

According to the statistics of blockchain security company PeckShield, as of December 26, 2018, a total of 45 DApp security incidents occurred in the EOS ecosystem, with a total loss of nearly 740,000 EOS. Odaily Research Institute found that most of the DApps currently being attacked by hackers are quiz games and games. The targets of the attacks are mainly EOS.WIN, EOSBet, EOSDice and other top projects. The attack methods are mainly random number cracking and smart contract vulnerabilities. And use a controllable random number seed, etc.

6. Security Situation of Guessing DApps

Due to the large and concentrated amount of funds, quiz-type DApps bring great popularity and traffic to the EOS ecosystem, but at the same time inevitably bury hidden risks. Since July 2018, the hacker attacks encountered by some DApps on the EOS platform are shown in the table below:

7. Summary

thank you

8. References

Brent Xu，Dhruv Luthra，Zak Cole，Nate Blakely，EOS：An Architectural，Performance，and Economic Analysis

IMEOS Research Institute, EOS Platform DApp Ecological Data Analysis Report

TokenClub Research Institute, EOS project research report

Chain tower BlockData, October 2018 EOS platform and DApp data analysis report

Tokeninsight, EOS project rating report

Block rhythm, EOS nodes under the bear market: We can't earn back server money at all

Block rhythm, V God talks about EOS node voting, the shadow land we must avoid (with EOS node voting)

Carbon Chain Value, Game of Thrones: Starting at the EOS Core Arbitration Forum

Lianwen looks at the world, suspected node bribery documents are exposed: the rules of exposure are useless, and the cost of doing evil is low

Ear Finance, five minutes to understand the first wave of EOS super node voting war

thank youTokenInsight analyst Zhao Wei

Gao Feng, Director of Meet.one

Sun Yushi, co-founder of EOS Beijing

IMEOS.ONE Founder Chamao

EOS Cannon promoter regular script

Zi Cen, Founder of HelloEOS

Lao Lang, Founder and CEO of Ouchain Technology

PeckShield Security Team

Victor Fang, Founder of AnChain.ai

TokenInsight analyst Zhao Wei

李雪婷

作者文库