This market resolves YES if a significant security flaw is published and confirmed by security experts before 2024. If a qualifying flaw is discovered and is then swiftly and successfully patched such that the vulnerability is extinguished entirely in short order, this market still resolves YES.
A "significant" security flaw is any flaw that allows a user to bypass or significantly degrade the security guarantees made by the WorldCoin protocol. This is somewhat subjective and I will reserve the right to make the final judgment, but qualifying incidents include, but are not limited to:
A bot is able to reliably pose as a human (especially if this can be scaled to large numbers)
A user is able to reliably impersonate another user
A user is able to appropriate funds or tokens from other users in a manner not intended by the protocol
If January 1, 2024 rolls around and no significant security flaw has been published and confirmed by security experts yet, this market resolves NO.
Related questions
🏅 Top traders
| # | Name | Total profit |
|---|---|---|
| 1 | Ṁ265 | |
| 2 | Ṁ139 | |
| 3 | Ṁ104 | |
| 4 | Ṁ103 | |
| 5 | Ṁ36 |
This likely resolves yes based on the vulnerability found by CertiK: https://x.com/CertiK/status/1687129300179243010?s=20
https://decrypt.co/151279/worldcoin-bug-allowed-anyone-become-orb-operator-certik
@RobertCousineau This would indeed be a valid claim if verified. Do we have a public confirmation by WorldCoin or by a trustworthy third party?
@LarsDoucet Okay they’re on record:
“On May 29, CertiK’s Security Team reported a bug to Worldcoin that could allow an attacker to create an inactive Operator account," a Worldcoin spokesperson told Decrypt. "The bug did not allow anyone to bypass the manual review for establishing an Operator account and at no point was access to Orbs or data enabled through the bug. The Worldcoin security team acknowledged and fixed the issue within 24 hours of receipt of information from CertiK and verified that it has not been abused."
This resolves YES
@LarsDoucet WorldCoin is downplaying the significance, and it’s already been patched, but being able to bypass the basic verification process seems like a big deal to me. Meets the literal terms of this market. Might make a second market to more explicitly capture “and then something really bad actually happens”
does this include the case where a user fraudulently signs up twice (for instance, because the orb doesn't recognize the duplicate?) if so, does that have to happen in large numbers or does one incident count? does it matter whether it can be replicated intentionally, as opposed to the scanning software just failing sometimes but without a good way to systematically exploit it?
seems to maybe fall under "a user is able to appropriate funds or tokens from other users in a manner not intended by the protocol", but indirectly, in the sense that double-dipping from an airdrop deflates the currency a little or takes from the total pool that might be available.