|
Title: FlipSide - Prizes almost 5 million times your bet! Post by: dserrano5 on March 31, 2013, 08:14:59 PM Last year I was on medical leave and coded a little bitcoin game (just for fun, won't be big and professional like sd). When development was almost complete I began to work again and the code remained collecting dust in the server. I just cleaned it up and tested it, and I think it's ready for public usage :P.
In a nutshell, users are shown a set of cards and are invited to pick some of them, then place a bet. When the bet transaction is included in a block, some other cards are derived from the block hash and compared with the ones picked by the user. If all of the user's cards are equal or higher, she wins. The help within the game gives all the details. This (https://dserrano5.es/btc/flipside/game_id/44fda78d93ba3ab8) is an example of a completed game, which shows the user-chosen cards as well as the ones derived from the block hash. There's a tie in one of the cards (an ace of diamonds). The user won this game. A SHA386 hash can also be seen above the set of cards. This can be used to prove that the game doesn't cheat. If the design is awful, sorry, I'm not a web designer :). You can give it a try at https://dserrano5.es/btc/flipside (HTTPS only). Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: silvergoldandbitcoin on April 01, 2013, 03:26:08 AM Hello! Interesting game! If there is a tie in the cards, isn't the player supposed to win?
This was the game I played: https://dserrano5.es/btc/flipside/game_id/87b0bae4c86baa59 Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on April 01, 2013, 06:45:03 AM Hello! Interesting game! If there is a tie in the cards, isn't the player supposed to win? I think so, but: Quote from: https://dserrano5.es/btc/flipside/help The order of suits is clubs < diamonds < hearts < spades. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on April 01, 2013, 06:51:45 AM In a nutshell, users are shown a set of cards and are invited to pick some of them How is the set of cards selected? From a 'provable fairness' point of view can you prove that the card selection isn't skewed towards the lower cards? Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dserrano5 on April 01, 2013, 08:46:24 AM Hello! Interesting game! If there is a tie in the cards, isn't the player supposed to win? Thanks for trying! As dooglus noted, that wasn't actually a tie since the kings were of different suit. How is the set of cards selected? From a 'provable fairness' point of view can you prove that the card selection isn't skewed towards the lower cards? Ah, this detailed escaped me. They are randomly chosen using the "shuffle" method from the builtin Perl module: Code: my @deck; But this post doesn't prove anything, of course. I'll have to figure something out. Seems I'll have to resort to the (IMO) inelegant list of pre-generated secrets… Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: MPOE-PR on April 01, 2013, 04:27:08 PM So if I can afford to bet twenty bitcoin you can afford to pay out 10x the BTC M3?
Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: John (John K.) on April 01, 2013, 04:34:28 PM So if I can afford to bet twenty bitcoin you can afford to pay out 10x the BTC M3? Code: Minimum bet: 0.00000000 BTC. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: GoWest on April 01, 2013, 04:38:20 PM So if I can afford to bet twenty bitcoin you can afford to pay out 10x the BTC M3? Seriously dude, you're a smart guy, but why do you ask questions like this? Do you really think the developer didn't consider the math before determining bet limits? Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: haitispaceagency on April 01, 2013, 05:37:44 PM If all of the user's cards are equal or higher, she wins. really want to play this buy I have a penisTitle: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on April 01, 2013, 06:30:07 PM Ah, this detailed escaped me. They are randomly chosen using the "shuffle" method from the builtin Perl module: Code: my @deck; But this post doesn't prove anything, of course. I'll have to figure something out. Seems I'll have to resort to the (IMO) inelegant list of pre-generated secrets… What's $MAX_CARDS? 6? So you're selecting the 50 cards from 6 decks of 32 cards? The way this is usually done is to shuffle the decks using a seed derived by combining the site secret and the client secret (the block hash, in this case). So you can prove that you had no control over the selection of the 50 cards. Even if you pre-generate the sets of 50 cards, you still can't prove that they were fairly selected. You could still pick more 7's than Aces. Edit: $MAX_CARDS can't be 6, or you would only have 24 sevens, and you wouldn't be able to deal 50 sevens for the jackpot game... Edit2: Oh, but you're running the grep in a loop until you have enough, so that's OK. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: MPOE-PR on April 02, 2013, 10:53:19 AM So if I can afford to bet twenty bitcoin you can afford to pay out 10x the BTC M3? Seriously dude, you're a smart guy, but why do you ask questions like this? Do you really think the developer didn't consider the math before determining bet limits? I am a gal, and I was making a point. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dserrano5 on April 02, 2013, 09:22:46 PM What's $MAX_CARDS? 6? So you're selecting the 50 cards from 6 decks of 32 cards? Yes. Initially (https://dserrano5.es/btc/flipside/game_id/a8cea52541743fb9) 32 cards were shown but at some later point I decided to make a better usage of the screen real state and upped it to 50. (And earlier than that, my original plan was to always show all cards between 7-clubs to ace-spaces once, like when using a real deck). The way this is usually done is to shuffle the decks using a seed derived by combining the site secret and the client secret (the block hash, in this case). So you can prove that you had no control over the selection of the 50 cards. Thanks for this insight. The client secret could perfectly be the game ID (randomly generated but trivially editable by the user). The server side has to be the pre-generated secret I alluded to. Even if you pre-generate the sets of 50 cards, you still can't prove that they were fairly selected. You could still pick more 7's than Aces. I can use a known PRNG (e.g. ISAAC (http://en.wikipedia.org/wiki/ISAAC_%28cipher%29), which has a readily available Perl implementation) with a given seed to generate the cards, and publish a hash of the seed. The seed would be created from the client and server secrets. Later when the game is complete I would publish the seed and give the details of the card generation. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dserrano5 on April 02, 2013, 10:17:49 PM Later when the game is complete I would publish the seed Ah, when the game is complete and the server secret is no longer valid, of course! Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on April 03, 2013, 01:21:25 AM I decided to make a better usage of the screen real state and upped it to 50. That reminds me. If I don't have the browser window full-width then the 'flip side' text down the left hand edge of the screen goes underneath the 50 face down cards, but when I try to click on the cards in the first column, it thinks I'm clicking on the 'flip side' text, and takes me to a new page, rather than toggling the selection state of the card I clicked on. Took me a while to figure out what was wrong, but until I did it was very confusing. Thanks for this insight. The client secret could perfectly be the game ID (randomly generated but trivially editable by the user). The server side has to be the pre-generated secret I alluded to. Just make sure that it goes in this order: 1. show hash of server secret to user 2. allow user to select their secret 3. shuffle cards using server secret and client secret If you do 2. before 1. then you could be selecting a server secret that makes the client secret bad for the user. Doing 1 before 2 is required if we're to know the game is fair. When you do it that way, we don't care how you pick the server secret, and so there's no need to pre-generate anything. Just pick a pseudorandom server secret, show us its hash, allow us to pick our own secret, then use both as the seed for all in-game randomness. You don't even need to use external sources of randomness like the block hash then. We don't know the server secret, so can't cheat. And you don't know what secret the client is going to pick, so you can't cheat either. Neat, huh? Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dserrano5 on April 06, 2013, 09:41:16 AM 1. show hash of server secret to user 2. allow user to select their secret 3. shuffle cards using server secret and client secret Thanks dooglus for your input. I've made the necessary changes and put the new code online. This (https://dserrano5.es/btc/flipside/game_id/29899a7e7e835861) is a finished game with the improved provability. I entered a user secret containing the Euro symbol to show that there's an issue with the encoding; however, the sha384sum is correct. Help has been updated accordingly too. Another example (https://dserrano5.es/btc/flipside/game_id/7741213d9828e842) shows that when the RNG generates out-of-range cards they are skipped (lower than J-clubs in this case). It still amazes me that betting 0.73 BTC is now a whopping 80 euro… Please get yourself a pizza (https://blockchain.info/tx/93b9e94e55b0e7639b646672236961f3df325467574ca3ba067145bd0b951c02) for both your help here and this stackexchange post (http://bitcoin.stackexchange.com/questions/1195/how-to-calculate-transaction-size-before-sending/3011#3011) that was useful for my coin control utility (https://bitcointalk.org/index.php?topic=166395.0) :). Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on May 05, 2013, 08:03:27 PM I PM'ed the game's owner with the following a few days ago. Since he's fixed the issues now I figured I'd post it here to show how you have to be careful when implementing 'provable fairness'.
Hi. I was going to post this in the thread but then realised that it would expose you to people exploiting the issues I mention, so I'm PMing you instead. Please get yourself a pizza (https://blockchain.info/tx/93b9e94e55b0e7639b646672236961f3df325467574ca3ba067145bd0b951c02) for both your help here and this stackexchange post (http://bitcoin.stackexchange.com/questions/1195/how-to-calculate-transaction-size-before-sending/3011#3011) that was useful for my coin control utility (https://bitcointalk.org/index.php?topic=166395.0) :). Hey thanks! I was wondering where that 0.1 BTC came from. :) I somehow missed your post here. The forum's "watchlist" feature is a little buggy I think. A few comments on your new provably fair system: 1) You only publish the first 4 bytes of the server secret's hash. You could have pre-selected a bunch of server secrets with known collisions in their first 4 bytes. That's not hard to find. Then when you see the client secret and the block hash you can pick which of the pair (or more) of server secrets is best for you. It would be better if you published the whole hash of the server secret to remove this as a way of you cheating. 2) The server secret is only 4 bytes long. There are only 4 billion possible server secrets. It wouldn't take very long with decent hardware for me to brute force it. If I'm lucky there's only one server secret that hashes to the right value. I can test it against multiple client secrets until I find one with 6 of the best card, and pick those 6. You should use longer server secrets so players can't brute force them. I don't know how slow sha386 is compared to sha256, but people regularly run 1Ghash/s when mining. That would mean they can find your secrets in 4 seconds. You don't need to use the whole secret in the concatenation that seeds ISAAC - you can safely use just the first 4 bytes - but tack some random junk on the end to make it impossible to discover up front. 3) I wasn't able to figure out how to seed the C version of the ISAAC RNG you linked to. But package libmath-random-isaac-perl in ubuntu worked fine, and reproduces your numbers. Chris. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on May 05, 2013, 08:10:01 PM A slightly less important bug:
The "Payout address:" box isn't wide enough for me to see the whole address. I tend to check the first few and last few characters to see that the address is right, but can't see the last few very easily. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dserrano5 on May 06, 2013, 11:57:26 AM Argh, what an awful moment to get an "Keypool ran out, please call keypoolrefill first" error, just when this thread receives a free bump! :D. The immediate internet search turned an answer here (http://bitcoin.stackexchange.com/questions/4095/how-does-bitcoind-generate-a-new-address-if-the-wallet-is-encrypted). Man, you're useful!
I just increased the box size from 35 to 40, which should be more than enough. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: Zaih on May 06, 2013, 12:13:57 PM 5 million times your bet?? Bloody hell lol! You couldn't help feel sorry for ya if you lost one of those bets haha.
Your game looks cool though. I'll give it a whirl when I get home Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dserrano5 on May 06, 2013, 06:05:20 PM 5 million times your bet?? Bloody hell lol! You couldn't help feel sorry for ya if you lost one of those bets haha. Well with the upcoming limitation of small outputs I guess betting to those games will become somewhat difficult—unless I fill the hot wallet with 300 coins :). Your game looks cool though. I'll give it a whirl when I get home Best of luck! ;) Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on May 06, 2013, 10:30:27 PM 5 million times your bet?? Bloody hell lol! You couldn't help feel sorry for ya if you lost one of those bets haha. Well with the upcoming limitation of small outputs I guess betting to those games will become somewhat difficult—unless I fill the hot wallet with 300 coins :). Note that you don't have to have enough coins in the hot wallet to be able to pay out all winning bets. If someone wins 5 million times their bet I'm sure they'll be happy to wait 24 hours for you to get their winnings online. Check out bitmillions.com for instance. They keep their two biggest prize pools offline since they are very rarely won. So long as your code can handle the case of your hot wallet having insufficient funds, you'll be OK. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on May 06, 2013, 10:40:21 PM Argh, what an awful moment to get an "Keypool ran out, please call keypoolrefill first" error, just when this thread receives a free bump! :D. The immediate internet search turned an answer here (http://bitcoin.stackexchange.com/questions/4095/how-does-bitcoind-generate-a-new-address-if-the-wallet-is-encrypted). Man, you're useful! I just increased the box size from 35 to 40, which should be more than enough. That's funny. I'm the #1 google search result for all your problems. ;) The box still isn't big enough for my address (showing that I see '40' in the source, but the address still doesn't fit): https://i.imgur.com/phylitE.png Also, I keep winning. I played 9 times today (6 cards, A-A) and won every time! https://i.imgur.com/xKxzQnU.png I wrote a little Perl script that checks the provable-fairness, and that's working just fine: Quote $ ./flipside.pl 3034b72d15372924cae59e98246b51e2317b9b642098a800f5e717d40ccda133b5c6cdec18e3799 ec45e1f5cd7396dcc alfalfa a7452eb9e658a373 d7e4f97a AS>KC AD>KS AH>KC AC>QH AH>JC AC>9D WIN $ ./flipside.pl c79ffa2cad920454aa51b8d7dd5068639df15c93102f88538de1953c0c4ddc5f411f8a9db957b98 add061b0000bc6037 clover 0a3b638c167c5759 754d67aa AC>JD AC>JS AD>7H AC>TC AD>8S AC>JS WIN $ ./flipside.pl 807c2dd88c4ca17e590536e793eeaa058e79796248dc3375fb7eabf6027d07f2210bc9cc764f96c 9aa333263f6edff0a dlkfjj2 3c9c725fd154f748 704e1ce3 AD>JC AD>JD AS>QD AS>KH AD=AD AC>9S WIN $ ./flipside.pl 61eaba331654114d9ac4c50e68efa2a10e6e2c3013d8aba6e8d11140a7dd58139b9c48af590895f deeef8fab100b988e ludicr2 08dc4f54e1a72263 b9b63aed AS>TC AH>7D AH>7H AH>8H AS>8C AS>TH WIN $ ./flipside.pl c6d9c0ca63bcd4c9e808e51dbeeb7c0194b82a7aed279e4a00f4335878e3ca05bc4029a392b4489 662975f6ec57cb3ec game1of5 afe9f5476316bec4 2ac62a0b AH>8C AH>AD AS>7D AS>8D AC>8H AS>TS WIN $ ./flipside.pl 6a33e186d1463a354fcf3ed54012cb54e7dc0cd63088672cb1bbf78eefea749b809b5bec666a6dd 13621d76ea2034e79 game2of5 9af52677ad635a78 2ac62a0b AS>7S AH>KH AH>9H AC=AC AD>7S AD>JS WIN $ ./flipside.pl 90b1c7b05a34243ef14c2191973e9b1801125ab099d2eda203a1b22bd916deb23832ab05142d71f 8433b75210315d7c0 game3of5 8926654fd3e814d8 c48ea4c5 AH>9S AD>QH AD>TD AH>TC AC>7C AH>AD WIN $ ./flipside.pl 8e43ef657fd42b5bed18ce21015a4943b36053208360222ff19284c835a8493547eeac2d810033a 10db6e9cc378fc8f3 game4of5 14130a1f2df82ffd c48ea4c5 AH>QC AD>QS AC>TD AH>7H AH>KD AC>KC WIN $ ./flipside.pl f8b69620ddeae0e1d155be8ebdbee2e5e8b2a211a6717e513824f7cd11a073379025ee89c731353 8aec0c3553237b96e game5of5 13aae71f33fc991d c48ea4c5 AD>KS AC>QS AH>8C AH>TS AH>TH AS>KC WIN The script is pretty bad - I've forgotten most of the Perl I ever knew, so I'm using backticks to invoke subshells, etc. But it does the job: Quote #!/usr/bin/perl use Math::Random::ISAAC; die "usage: flipside.ph <hash> <client> <secret> <block>" if @ARGV != 4; sub card { my ($n) = @_; my $ranks = '789TJQKA'; my $suits = 'CDHS'; my $rank = substr($ranks, int($n / 4), 1); my $suit = substr($suits, $n % 4, 1); return "$rank$suit"; } ($hash, $client, $secret, $block) = @ARGV; die "hashes don't match\n" if `echo -n $secret | sha384sum | cut -d' ' -f1` ne "$hash\n"; $block = eval("0x" . substr($block, -8)); $concat = $secret . $client; $secret = eval("0x" . substr($secret, -8)); $xor = ($block ^ $secret) & (0x3fffffff); # print "concat: $concat\n"; $seed = '0x' . `echo -n $concat | sha384sum | cut -c1-8`; # print "seed: $seed\n"; $seed = eval $seed; my $rng = Math::Random::ISAAC->new($seed); $count = 0; $result = 'WIN'; while (1) { $r = ($rng->irand()) & 31; if ($r > 27) { $mine = $r; $his = ($xor >> 5*5) & 31; print card($mine); if ($his > $mine) { $result = 'LOSE'; print '<'; } elsif ($his == $mine) { print '='; } else { print '>'; } print card($his) . " "; $xor *= 32; $count++; last if $count == 6; } } print " $result\n"; Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on May 07, 2013, 06:14:37 AM Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on May 07, 2013, 06:25:45 AM Sorry to keep bumping your thread, but it just occurred to me:
a) There seems to be no limit to the number of games I can have 'in progress' at a time. Earlier I played 30 games in a single transaction, sending bets to 30 different addresses that your site sent me. b) It looks like you adjust the max bets according to how your wallet balance is doing. Do a) and b) conflict with each other? Do you adjust the max bet after each game, even if you already told the player a different max bet? I guess you can't, really, or it's an avenue for you to cheat the player. "Sorry, you would have won, but it turns out your bet was over the maximum bet because we just reduced it". Although I believe that's what SatoshiDice does - they change their max bet with no notice. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dserrano5 on May 07, 2013, 07:37:37 AM I increased the size of the address box to 50 chars.
The bet limits are calculated when a game is created and are attached to that specific game, so if you:
The worst case scenario is that by playing many winning games in between, the wallet balance could decrease up to a point that when the original game is also won, there could be not enough balance left. I would have to manually fund it in this case. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on May 08, 2013, 05:51:56 AM I just won a game but wasn't paid out. The payment transaction is "oops..." :)
https://i.imgur.com/cVtJB3x.png I increased the size of the address box to 50 chars. That's fine now. There's room to spare, but I guess that depends on the address: https://i.imgur.com/PzlXRFd.png I'm using Chromium "Version 25.0.1364.160 Ubuntu 12.10 (25.0.1364.160-0ubuntu0.12.10.1)" if you care. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dserrano5 on May 08, 2013, 07:52:15 AM I just won a game but wasn't paid out. The payment transaction is "oops..." :) Hey this provable fairness stuff isn't actually fair! I was expected to earn coins with this, not lose them! :D Code: $ bitcoind getbalance I'm sending some funds to the wallet as I type this. Edit: done! Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on May 08, 2013, 09:17:37 PM Hey this provable fairness stuff isn't actually fair! I was expected to earn coins with this, not lose them! :D It doesn't make the games fair, it just stops cheating. You could offer 30x payout for any single number on roulette and make it "provably fair", but it wouldn't be fair - the players would end up losing. All it would prove is that you were spinning the wheel fairly. I'm sending some funds to the wallet as I type this. Received, thanks. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dooglus on May 17, 2013, 05:27:38 AM Are you aware that the FlipSide web page is down?
I get a "HTTP/1.1 503 Service Temporarily Unavailable" error. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: lightlord on May 17, 2013, 07:14:25 AM Are you aware that the FlipSide web page is down? I get a "HTTP/1.1 503 Service Temporarily Unavailable" error. I get *Internal server error*. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: dserrano5 on May 17, 2013, 09:17:09 AM Thanks for the reports, I wasn't aware. It's up again now.
Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: Financisto on June 15, 2013, 06:11:58 AM I just won a game but wasn't paid out. The payment transaction is "oops..." :) Hey this provable fairness stuff isn't actually fair! I was expected to earn coins with this, not lose them! :D Code: $ bitcoind getbalance I'm sending some funds to the wallet as I type this. Edit: done! Nice original game! BTW, would you mind adding a table with the odds involved in the game on that site? Cheers! Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: maco on June 15, 2013, 06:27:11 AM This looks pretty cool. I haven't tried it out myself but I see this being a really fun game.
Good luck on it. I plan to try this out shortly. Keep developing games! Don't stop. Title: Re: FlipSide - Prizes almost 5 million times your bet! Post by: icey on June 15, 2013, 11:07:14 AM What a great game!
Had two goes at it. 1 win and 1 Loss but fun nethertheless. Congrats on making such a fun game and best of luck hope it takes off for you |
