There are only 3 potential security vulnerabilities I can see. They should be addressed as best as is practical to improve investor and player confidence in the site.
1. The OP is running a scam to fleece investors. Since there is no way to blind the OP to the server seed, investors have no choice but to assume the OP is honest or to not invest.
2. The implentation of the RNG is flawed. It would be useful to review the RNG implementation and see if there are any possible ways to further ensure the results are truly random with no predictable pattern.
Some ideas:
A. Perhaps re-randomizing the server seed every roll would help since nonce would always be 1. If this was too taxing on the server, then only re-randomize the server seed every roll for bets over a certain size (eg. 10 BTC).
B. Pull random numbers from a hardware RNG. Could use a site such as random.org (my concern though would be trading the risk of the OP for risk of a new entity). This random # would be used as the server seed (cannot be used as the seed # for hashing since would not be provably fair).
3. Security of the server. This is the biggest concern since hosted on a cloud VPS. A VPS employee could be compromising the server directly. Solution would be to move to a dedicated server for increased secured which would seem prudent (even if this is not the issue with nakowa's improbable wins). Millions of USD worth of bitcoins are at stake afterall.
1. The OP is running a scam to fleece investors. Since there is no way to blind the OP to the server seed, investors have no choice but to assume the OP is honest or to not invest.
2. The implentation of the RNG is flawed. It would be useful to review the RNG implementation and see if there are any possible ways to further ensure the results are truly random with no predictable pattern.
Some ideas:
A. Perhaps re-randomizing the server seed every roll would help since nonce would always be 1. If this was too taxing on the server, then only re-randomize the server seed every roll for bets over a certain size (eg. 10 BTC).
B. Pull random numbers from a hardware RNG. Could use a site such as random.org (my concern though would be trading the risk of the OP for risk of a new entity). This random # would be used as the server seed (cannot be used as the seed # for hashing since would not be provably fair).
3. Security of the server. This is the biggest concern since hosted on a cloud VPS. A VPS employee could be compromising the server directly. Solution would be to move to a dedicated server for increased secured which would seem prudent (even if this is not the issue with nakowa's improbable wins). Millions of USD worth of bitcoins are at stake afterall.
1. OP / Operator / Owner = honest. No further questions, your honor.
2. RNG flawed? Not really, but I still say, as I have been saying since the site went up, the numbers are not random, and the numbers are predictable. The numbers are also uniformly distributed. I can't back it up. So no one is listening to me. But I bet, my next roll is going to win. Dung beetles, golden dragons, and lucky seeds.
A. You can't do that, or some people won't play under those rules. It will not be seen as provably fair.
B. Intel has a hardware RNG.
3. I can't really comment on this as I have no experience with the difference between clouds and dedicated servers. Either way, the servers can still be compromised.
What I can tell you all, if I had the same bankroll as Nakowa, I would probably be doing the same thing, however I will be playing on 87.7779% and not 50% or 49.5%.
1. How can one be sure? I think if it is 100% provably fair and the OP and player and whoever else has no chance to get hold of the final outcome in advance than the OP is honest.
does something like 100% provably fair exist? if yes, then my next question would be, is JD 100% provably fair?
2. if the numbers of the RNG are not random this would explain everything. but why would JD chose a RNG that is not random? a RNG that is not random is not a RNG imho
could You explain Your view in more depth. this would be very interesting to understand (at least for me)
thanks