I was looking at some moneypot apps to check, and noticed a major flaw in the BetterBets.io implementation of the MoneyPot Provably Fair System.
This flaw allowed Moneypot to cheat all players who played on BetterBets since the creation of the site. (approximatly 1 year I believe)
The Moneypot algorythm is this one:
(ClientSeed + ServerSeed) / 2^32 resulting in your individual roll outcomes between 0 and 99.99
2^32 = 4,294,967,296
In case the sum of ClientSeed and ServerSeed is higher than this number, the rest is taken and divided by 2^32, resulting in your roll outcome.
Most sites implement this correctly and let the user chose a number between 0 and 4,294,967,296.
But BetterBets is limiting the User to a chose a number between 0 and 2,147,483,648.
This allows Moneypot to chose a ServerSeed that will make the Users/Players lose. Because the User can only change the outcome by max 50 %. Sounds complicated, but it isn't. Heres an example:
Let's say Moneypot picks a Serverseed of 0.
Now the User picks his ClienSeed in the given Range between 0 and 2,147,483,648.
Then the roll result will be between 0 and 49.99.
With other words, if the User plays 2x on high, he will lose.
And there is no way the User can change this because BetterBets limits the ClientSeed he can chose.
Of course nobody can prove if BetterBets and Moneypot used this to make people lose and fill their own pockets.
But what we know is, that BetterBets.io has NEVER BEEN PROVABLY FAIR.
Just to mention this: That only counts for BetterBets.io, all other Moneypot Sites are provably fair because they let the User pick his Clientseed up to 4,294,967,296. At least the ones I've checked.
Regards !
Btw. no I did'nt play there and got buthurt because I lost. I've done my homeworks, this is a fact...
thank you very much for your posting and work
did you check our app/games? would be interested to know if it is the same with our games
I am not an expert and a non coder. please let me ask a question
could BB cheat their customers?
could BB cheat their customers with MP together?
edit
could MP cheat without BB's help?
edit2
you said this was since BB exists so it was already when RH owned MP?
edit3
you wrote "This allows Moneypot to chose a ServerSeed that will make the Users/Players lose."
could they also decide that a user/player will win?
I am not saying that anyone did cheat but I am trying to learn and understand it in full. sadly we have no coder now to let him check and explain it
cheers
"could BB cheat their customers?"
Not without the help of Moneypot. But BB did open the Chance for MP to cheat their users. Leaving the question why u would limit the userseed at all. It wasnt a limitation by the programming language, the dev told me. (I'll come to that in a later post)
"could BB cheat their customers with MP together?"
Yes.
edit
"could MP cheat without BB's help?"
Considering they wouldnd limit the Userseed or just set a randomizer, like stated by ryan - No.
edit2
"you said this was since BB exists so it was already when RH owned MP?"
It has been allways like this since BB was opend I got told so most likely yes.
edit3
"you wrote "This allows Moneypot to chose a ServerSeed that will make the Users/Players lose."
"could they also decide that a user/player will win?"
I assume that the sense of that would be to win money from the invested funds. That is most likely possible, because they can lookup the ServerSeed and set the UserSeed so the exact outcome would be known before the roll is done.
This actually is the case for every investsite. They all know the outcomes of either all your future rolls (in case the seeds are static and used for more than just one roll) or at least for the next one in case a randomizer is used to generate a new Seed for each Roll.
Anyways you always either trust the one whos running the site or not. They always can steal your investments and nobody could ever prove it.
Btw. I've only checked your dustlottery and your implementation allows the User to chose from the full range. But also using the same seed for more than 1 roll would allow MP to cheat technically, but this would be caused by the User himself then and not by the App owner/dev.
Actually you still would need to change the seed for each roll, so I believe the best option would be to use the randomizer from ryan but leave the option for the User to change it if he wants that.