Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Gambling
Re: BetterBets.io - NOT provably fair
by
NLNico
on 05/10/2016, 08:41:28 UTC
It were 2 different mistakes, but same problem. One was server-side and one was client-side (that "re-generate button".) I noticed the server-side one which was quickly fixed, but the client-side problem was still there (and now fixed.) I am not sure if I simply didn't notice it or if it was "added" after that. Also the lack of getting a new clientseed after each bet seemed more serious to me....



So yeh.. I noticed that the site actually still doesn't generate a new clientseed after each bet right now :\ I am a bit surprised about that because I thought this would be fixed already after 1+ year. This still allows MP in theory to cheat. If I pick my client seed, for example "1,523,456,648" and make 10 low bets, MP can just give results between 602,552,164 - 2,771,510,647 and it would be a high result. Of course this would also allow a player to cheat if he tricks MP and makes a high bet instead of the "expected low bet". So it is not likely at all that casinos (in this case MP) cheat in situations like this ("based on previous plays".) Still it is a flaw in the implementation and should be fixed.

Quote from: NLNico on July 31, 2015, 07:48:38 AM
3) IMO, you should generate a random client seed before every bet in the browser. If a player bets with the same client seed every time, in theory MoneyPot could give "next server seeds" based on their betting pattern. So if a player is betting high every time, they would give low numbers based on the same repeated client seed. I am not accusing MoneyPot of this AT ALL, RHavar seems a trustworthy person to me, but provably fair is all about not needing to trust the site owner.

Quote from: NLNico on February 26, 2016, 03:55:40 AM
That being said. I still disagree with some fundamentals as discussed a long time ago: https://bitcointalk.org/index.php?topic=1065847.msg12015013#msg12015013 (basically: needs to generate the clientseed between every bet in the browser with cryptographically secure method.) I don't think you guys changed that yet (to for example RHavar's solution.) I also discussed it a bit at Rollin thread - they did change it after few days: https://bitcointalk.org/index.php?topic=687571.msg12122724#msg12122724 IMO the provably fair implementation is barely provably fair at this moment. So TBH I think that verification script isn't a high priority compared to that.

^ seems like I have to ask for this every 7 months :X

I actually just removed BB from my site now too (probably should have done that much earlier.) It's so easy to fix their provably fair implementation but I feel pretty much ignored. Sure, I still don't think AT ALL that MP cheats nor that BB is doing this on purpose. I understand it's hard to prioritize when most players don't really care (or understand those details.) But it should be our goals to have the best provably fair implementation as possible.

RHavar already gave a solution for in back in July 2015: https://bitcointalk.org/index.php?topic=1065847.msg12018096#msg12018096 The easiest solution is just calling that "new clientseed" function after each bet, takes literally 1 minute to implement.