Slashdot Mirror
Swedish Stock Exchange Hit By Programming Snafu
New submitter whizzter writes "I was reading the Swedish national news today and an image in a stock exchange related article struck my eye. An order had been placed for 4 294 967 290 futures (0xfffffffa or -6 if treated as a 32-bit signed integer), each valued at approximately 16,000 USD, giving a neat total of almost 69 trillion USD. The order apparently started to affect valuations and was later annulled, however it is said to have caused residual effects in the system and trading was halted for several hours."
Sven: Hey der Ole, check out dis new app I got on my phone here. ... some underflow involved der? With de app, ja? Ah gosh gee, Sven, I'm sorry, I'll pay ya back after I settle up with da liquor store first, of course.
Ole: *takes the phone and looks at the screen* Oh hey idn't dat neat? A stock trading app!
Sven: Yeah I'm like a big shot power björker now! Börk! Börk! Börk!
Ole: Oh ja, you betcha, hey I gotta a hot tip, I'm gonna buy six futures of Ikea for ya.
Sven: Ole, you idiot! Stop that, I've only got a few cents on my account.
Ole: Oh! Jajaja, oops, you're in da red now. Oofta, I'll fix this here, lemme just sell 'em real quick.
Sven: No, stop, you'll just make things worse!
Ole: I don't see a 'sell' button on dis thing, oh, I know! *punches some buttons* Oh dear. Oh shoot. Ja, I'm in a little over my head here, Sven.
Sven: *grabs the phone* Negative 460 trillion dollars!? OLE, WHAT DID YOU DO?
Ole: Oh well, ya see, I just bought negative six shares, ja? To undo me buying six positive shares, ja? And I guess der was like
My work here is dung.
Lucky they weren't using a 64 bit platform !
Imagine it 0xFFFFFFFFFFFFFFFA. That's a big enough number that it's unreasonable to type without scientific notation :)
..... the word is being abused here.
This is what happens when you want million transactions a second. You have to forgo input validation on your trading systems. Do these people ever learn?
I have never seen that website before and decided to scroll down to see the other articles. There's a much more interesting article at the bottom titled:
"The body as a network"
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
warning: conversion from int to unsigned int, possible loss of data
Gotcha!
The stockholm stock exchange is part of the NASDAQ-OMX group ( http://www.nasdaqomx.com/aboutus/whatisnasdaq/ ) . Do they use the same software?
Let's see into what problems they run if programs start using 64 bit...
This is why you always use dynamic storage like a link list when you potentially have to deal with numbers bigger then the address bus width.
...someone forgot that putting an int into a function that expects a UINT32 is not a good idea....
Since I doubt you can buy -6 shares, and likely nobody had access to $69 trillion USD (including the US government)... this sounds like it was done by someone who knew it would cause problems with the system.
I don't know about most of you, but I couldn't initiate a trade for that kind of money. How could someone even do this without having some good knowledge of how the system works?
You'd really have to assume there should be some pretty obvious checks and balances in there that either weren't, or didn't trigger.
Lost at C:>. Found at C.
The way to prevent this kind of mistaken (or even malicious) trade is to stop protecting the trader by canceling the trade as soon as the mistake is realized. If you issue a trade order, you should be liable for paying for it. If you can't, normal bankruptcy laws should apply.
Not so unreasonable to copy and paste, though:
18,446,744,073,709,551,610
Well, at least now we know how RIAA calculates its damages; They must have hired the same developer...
#fuckbeta #iamslashdot #dicemustdie
According to most of the folks posting in another thread about computer-driven cars, programming errors rarely make it out in to the world.
Is there was an issue, it must be user error. Programmers aren't supposed to make mistakes!
<snark/>
Thank goodness they weren't using 64-bit unsigned integers!
I saw The Dark Knight Rises and I thought that even when armed men with guns break into a stock exchange and do mysterious things with a computer, that it is not possible to annul an obviously stupid transaction done right at that time that takes a millionaire and leaves him penniless.
Oh well, I guess I'll just have to settle for realistic movies, like Skyfall where they take an unknown computer running unknown software and plug it right in to their secure network, inside their firewall. Some bad stuff does happen but who could have foreseen it?
More like 0xFUUUUUUUUUUUUU... amirite?
Have gnu, will travel.
I love automated translation.
Dial up BBS with time limits; but you could gamble an amount of time for a 1 in 3 chance of getting double the time...
So I gambled -50,000 minutes.
And lost.
Which gave me 100,000 minutes.
Which overflowed the 16 bit counter.
Which crashed the BBS.
Which dumped me into a remote shell.
Which let me read the unencrypted password file.
In two's complement, sure. But this is Slashdot, pedantry is allowed, even encouraged.
Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
It did, after all, influence trading. What if this stunt was disguised as an - admittedly stupid - mistake, but in fact wasn't one ?
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
For an ethics class. The only real solution is to ban it outright. These algorithms can never be fully tested because they interact with algorithms from other institutions which can lead to death spirals as algorithms cause feedback loops; bouncing trades off of one another until someone pulls the plug. And at automated speeds, that can be long after your company goes bankrupt.
From the sounds of the translated page, this was just a one-shot jacked up algorithm working in isolation which is still a problem in itself.
I swear to God...I swear to God! That is NOT how you treat your human!
Ripple effects are pretty scary. Good thing trading can be halted to let problems subside.
To-do List: Receive telemarketing call during a tornado warning. Check.
That's a big enough subnet for everybody. /IPv6 humor
There are two types of people in the world: Those who crave closure
A trade requires both a buyer and a seller.
I'm sure if you post an offer (either to buy or to sell) for $69 trillion, there's nobody around who can take you up that offer.
You might be liable for some sort of misuse of the service, or breaking its rules etc. but obviously you won't owe anybody $69 trillion.
... raped it?
SNAFU = Situation Normal: All Fucked Up.
;>)
That seems like the perfect description of what happened, either in terms of bad coding without type checking or input validation or in terms of the stock exchanges so frequently doing stupid things these days.
.
I think most likely it's a case of mismatched types between the calling function and how the function itself defines the calling variables. Errors that occured (possibly) (is there a link to the description/report that shows how this really happened?):
.
1 -- No Sanity Checking at Broker's end of transaction request: no validation of input at the customer or broker's computer, thus allowing a negative number entry for amount of shares to sell by the broker. aka Trusting the user to not input stupid values into a field.
2 -- Poor division of actionsactually not spliiting BUY and SELL into two different transaction categories and letting the sign of the number be the indicator as to the intent to buy or sell
3 -- Allowing wild extrema and outliers to affect trading: it's crazy to allow BID/buy orders at (average sale price)\dividedby(large positive integer) or to allow ASK/sell orders at (average sale price)\times(large positive integer). It's crazy for algorithms or humans to interpret any buy or sell price requests that are more than 50% deviated from the current running average price to be considered as anything other than either an anomaly or a deliberate attempt to fuck things up.
4 -- No sanity checking at the Stock Exchange board computer:no bounds checking on the board computer that accepts the buy/sell from the brokers. seriously, shouldn't there have been at least two places this poor interpretation could have been caught?
5 -- Unit Error / Representation Error: like letting a spacecraft go lost or kablooey by thinking the units are Imperial instead of Metric/Systeme_Internationale, maybe the order entry system represents the number X as signed long integer value, and the order-taker system (who knows what it's really called?) at the exchange interprets the number X as unsigned long integer value.
Now that number (5) error seems likely to me, as I have been learning C programmng and note that since it does not do type checking, it's possible to call a function with a variable that is holding a signed long integer, but the program is written with a
unsigned int functionname(unsigned long c1) {
\\... code goes here
}
\\... more intervening stuff
signed long int yabbadabbadoo = -6;
signed long int resultinganswer = 0;
resultinganswer=functionname(yabbadabbadoo);
so the same bit-representation is seen as two things. Akin to using the same words to mean two different things.
IPV6 is 128bits. So 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses.
Nowadays, with the speed of CPUs, any financial application should use immutable arbitrary-precision integers (or floats). I worked for many banks and it was funny how either they found out by themselves before I got there or when I I had to tell them about it. Either way, they had to modify existing applications.
There is no limit to the number one can express that way, put apart memory constraints. Just restraint input to some number equals to the estimated number of atoms in the universe and you should be fine memory wise ;-)
In java :
http://docs.oracle.com/javase/1.4.2/docs/api/java/math/BigInteger.html
http://docs.oracle.com/javase/1.4.2/docs/api/java/math/BigDecimal.html
Now, I hope anybody coding financial or accounting apps will get the picture...
That's all for now.
Everything I write is lies, read between the lines.
Oh you were talking about the subnet portion. Fair enough, that is a mere 64bit.
Dial up BBS with time limits; but you could gamble an amount of time for a 1 in 3 chance of getting double the time...
So I gambled -50,000 minutes.
And lost.
Which gave me 100,000 minutes.
Which overflowed the 16 bit counter.
Which crashed the BBS.
Which dumped me into a remote shell.
Which let me read the unencrypted password file.
That kinda thing happens when you write your own BBS software...
It is with some smugness that I think back to the good old days, when this kind of things were always written in COBOL - it's clunky and wonky and not at all funky, but it does have one advantage:
http://en.wikipedia.org/wiki/Binary-coded_decimal
In COBOL this is built in at the level of syntax and very, very easy to use, and you don't end up with binary overrun.
Hah, they don't make 'em like they used to. (I've just become a granddad, so I have the right to say this sort of thing).
Firstly, it's perfectly possible to buy -6 shares, it's called selling. It's even possible to buy -6 shares if you don't have any, that's called short selling and is more complicated but still possible (though illegal for some shares such as, currently, Spanish ones I believe).
Here they were talking of futures contracts not shares, you can buy or sell as many as you want, it's totally symmetrical. And that $69T was just referring to the notional, which misleading since you don't pay the notional when you enter a futures contract - you just post margin which is a tiny fraction of that. The margin on that kind of amount would still be monstrous, but not measured in the trillions.
Apparently the programmers never played Mordor 1. They had a glitch where you could create a real character and a dump character and then trade the dump character a negative money amount so their balance would be heavily negative while you actually got the positive opposite. I think that game came out like 12 year ago, lol.
C does indeed do type checking; the issue here is that there are a number of implicit conversions (coercions) defined by the language.
You can enable warnings in many compilers that will flag potential problems caused by such coercions (for example, '-Wconversion' in gcc).
C does indeed do type checking; the issue here is that there are a number of implicit conversions (coercions) defined by the language.
You can enable warnings in many compilers that will flag potential problems caused by such coercions (for example, '-Wconversion' in gcc).
it's all about the -Wall -Werror man. I'd rather see a warning and have it stop my compile and deal with it than risk, well...this!