Re: BetterBets.io |2017 Promo starting Dec. 15th|🎲 DICE★PLINKO★PVP Game CORE
Nice update. I am not sure if you updated the provably fair implementation now or already before, but I just had a proper look again. The implementation looks now very close to perfect 
I happily activated your site on my site again. There are still some smaller things that could be fixed:
1. Changing the client seed manually doesn't actually work (but "generate new" button does work.) So needs some change event listener that puts the new clientseed in the JS var and localstorage.
2. Ideally the function verifyRoll() will also check the HASH which is the first part of verifying a result. So something like this:
3. If you use the above code, you would be checking the hash that you got after the bet. But you should check the hash that you saved before the bet (just for the theoretical situation where MP tries to cheat by changing the hash too.) You put this serverseed(=hash) already in the box with insertProvablyFairHtml() before the bet. So you can simply remove the following line from updateProvablyFairHtml() to ensure you verify the hash that you got before the bet:
4. It says "Next Bet" in the second box, but that is actually the "Previous bet"
Still I believe your provably fair implementation is now superior to almost all "per-roll implementations", so these are just smaller things that should be easy to fix
PS, I only tested Dice-BTC. Perhaps I can look at Plinko and NXT some other time if you want.
I happily activated your site on my site again. There are still some smaller things that could be fixed:1. Changing the client seed manually doesn't actually work (but "generate new" button does work.) So needs some change event listener that puts the new clientseed in the JS var and localstorage.
2. Ideally the function verifyRoll() will also check the HASH which is the first part of verifying a result. So something like this:
Code:
if (activeCoin == 'btc') {
if (sha256(vSecret+'|'+vSalt) != vServerSeed) alert('Oh noes - serverseed hash changed! Contact site owner to see what happened or manually verify your bet.');
return (Math.floor((100 / Math.pow(2, 32) * ((vSecret + vClientSeed) % Math.pow(2, 32))) * 100) / 100).toFixed(2);
}
Obviously that alert should never happen though if (sha256(vSecret+'|'+vSalt) != vServerSeed) alert('Oh noes - serverseed hash changed! Contact site owner to see what happened or manually verify your bet.');
return (Math.floor((100 / Math.pow(2, 32) * ((vSecret + vClientSeed) % Math.pow(2, 32))) * 100) / 100).toFixed(2);
}
3. If you use the above code, you would be checking the hash that you got after the bet. But you should check the hash that you saved before the bet (just for the theoretical situation where MP tries to cheat by changing the hash too.) You put this serverseed(=hash) already in the box with insertProvablyFairHtml() before the bet. So you can simply remove the following line from updateProvablyFairHtml() to ensure you verify the hash that you got before the bet:
Code:
// $('#newBetServerSeed').html(response['serverSeed']).hide().fadeIn(delay);
4. It says "Next Bet" in the second box, but that is actually the "Previous bet"
Still I believe your provably fair implementation is now superior to almost all "per-roll implementations", so these are just smaller things that should be easy to fix
PS, I only tested Dice-BTC. Perhaps I can look at Plinko and NXT some other time if you want.