Re: BETCOIN.AG- DICE IS BACK!- #1 Casino, Sportsbook est. 2013- BTC,ETH,XRP,LTC,XMR
I'm don't know much php but in the code you posted, if that's the order the functions are executing then you're setting serverSeed and hashing it aftergetting clientSeed (the player seed). For it to be provably fair you have to prove that serverSeed was set before fetching clientSeed.
Code:
$provable = Gamebetr\Provable::init()
// returns an instance of Gamebetr\Provable
setClientSeed(string $clientSeed = null)
This sets the client seed. If no seed is provided, one will be automatically generated. The Provable instance is returned allowing you to chain commands.
getClientSeed()
This returns the current client seed.
setServerSeed(string $serverSeed = null)
This sets the server seed. If no seed is provided, one will be automatically generated. The Provable instance is returned allowing you to chain commands.
getServerSeed()
This returns the current server seed.
getHashedServerSeed()
This returns the hashed version of the server seed.
// returns an instance of Gamebetr\Provable
setClientSeed(string $clientSeed = null)
This sets the client seed. If no seed is provided, one will be automatically generated. The Provable instance is returned allowing you to chain commands.
getClientSeed()
This returns the current client seed.
setServerSeed(string $serverSeed = null)
This sets the server seed. If no seed is provided, one will be automatically generated. The Provable instance is returned allowing you to chain commands.
getServerSeed()
This returns the current server seed.
getHashedServerSeed()
This returns the hashed version of the server seed.
Those methods are from the README in the gamebetr/provable repository, which is just for verifying bets and unrelated to whatever order the code actually uses. I do hope that they are setting the server seed before somehow randomly generating a client seed. Most sites prove this by having client side javascript randomly generate a seed on site load, but since GameBetr's dice seems to be created in Unity, I don't think it's possible. Unfortunately you'll have to trust them on that or set your own seed.
Again, you do not show the algorithm with which you calculate results, so the game is unverifiable and therefore not provably fair.
How did an 'independent 3rd party site' know how to implement the PF without having access to the code? Very independent and third party indeed
How did an 'independent 3rd party site' know how to implement the PF without having access to the code? Very independent and third party indeed
The 'independent 3rd party site' also sends a request to the server to get a result, rather than generating it on client side. I strongly suspect that it isn't exactly independent either, so GameBetr could technically cheat by faking results on the verification site as well and just hoping that players won't verify it themselves. It's pretty annoying to verify too, since it relies on PHP's specific implementation of Mersenne Twister.
Since they seem to use a unique approach to provably fair (it would have been much nicer if they just copied the standard nonce based method instead of trying to reinvent the wheel), I wrote a open source, and truly independent verifier that players can use if they want using purely client side JS. Here's an example of a verified bet.
I still wouldn't recommend playing their dice just because it seems to be pretty poorly made in general.
Excellent feedback and we are informed that the provider is making improvements. We have advised them to review your statements here in detail.