Let me quickly summarize the problem at first:
A few days back Dicebitco.in skipped nonces of winning bets and following this there was a nonce skipping issue on PRC(not necessary a malicious one).
I am going to describe the problem in various phases:
Phase 1Before the nonce issue happened, a lot of other users have complained about bugs on PRC.
First major Bug was when a user sjess found out a major flaw in the code where the dice roll
gave people an extra 4% edge who bet Hi (and over 27) . Following this, a user sjess started flat betting due to the flaw and took advantage of the code. He made around 18 BTC in 2 days and he tried to withdraw Dean Nolan(the owner of PRC) stopped the withdrawl till it was figured out why did sjess win. He never figured out the issue , but rather dooglus owner of Just-Dice found out the flaw in the code. Following this Dean Nolan considered all bets made by sjess void and cancelled his withdrawl.
This flaw in the code also meant that people who were betting Low were also effected as they got lesser odds than advertised on the website. In the next 2-3 days Dean said he verified each bet and refunded people who lost the bests due to the issue. The flaw was detected a month or 2 after the dice site launched and had been there all along.
Dean had never simulated his code for a dice website and never had even double checked his code before launching a gambling site.
Some more detail on the issue :
Sjess Issue LinkSome other bugs that existed(which I am aware of) and might have been fixed: 1. Initially the site implemented a system where the server seed changed after every bet. And this clearly meant you could assign a set of seeds to a user based on his betting pattern and by doing this the user will lose more if the house takes advantage of it. Not saying they did take advantage but one should be aware of the possible leaks.
2. Now the site implements a system where the seeds remain fixed unless the user changes/randomizes it. However
another flaw in the system is that if you randomize the seed and set a new client seed. Then unless you bet with that new client seed there and then, a simple refresh or going to another page will change the seeds(client seed and server seed) to a default one that PRC provides. This runs into another risk of studying the betting patterns and setting seeds which will make the user lose. I have seen users who made big bets and lost, only to realize moments later that the client seed that they set was not the current one as they might have refreshed the page and the server or the site changed it to a default or random seed.
Dean said he will fix the issue by adding a Save button next to the seed and this is on the to-do list.However Dean also said, right now he is working on adding roulette and will try and add that to the site by this weekend.So here is another big issue. Its good to see the site expanding their business but doesn't he have the responsibility to fix the current Dice issue which clearly have a much bigger priority than adding Roulette to the website as Dice is what the site survives on right now?3.
Possible Investment flawIf you currently invest in PRC then you are invested into the entire site ( this includes BJ, Dice, Sports bet) . Dice is pretty transparent as you know how much the profit/loss is specially with the High roller tab. However the sports bets are something that are not transparent. Investors do not know of any bets , they just know the result. This can lead to Dean faking the results and showing negative profits for the same. Dean might say I will never do this ..... But hey! manl from DB said the exact same thing.
4. Another guy pointed that he figured out a
flaw in the system where pressing the divest button fast enough allowed him to double his balance. He pointed it out to Dean and got a 0.3 BTC award. This bug is actually a major bug as that user could have done that a lot and withdrawn the amount, or even could have just gambled and lost it or won it changing investor stats significantly.
Here is the post: https://bitcointalk.org/index.php?topic=663326.msg8779155#msg8779155and as usual here is
Dean blaming the same guy: https://bitcointalk.org/index.php?topic=663326.msg8779244#msg8779244Now like Nakowa if that user instead of withdrawing the amount
gambled the amount, then Dean would have never realized and the profits could have takes a major swing then. Dean claims that his account was flagged but that guy said it never was and he just told Dean about it because it was morally right. And still all Dean does is blame the guy who found it and covers up the bug by playing the blame game.
5.
Poker/casino getting disconnected if you have PRC opened in a new window or tabHere is yet another bug that exists till date. If you open pocketrocketcasino on a tab and have PRC opened on a new tab. Then you will get disconnected from the casino, and due to this bug people including me have lost money. It is no where mentioned on the site and any new user can easily lose money with this flaw. Even people aware of the bug sometimes end up opening PRC in a new tab and get disconnected from ongoing poker hands and time out hence losing their money.
Phase 2[/b]
Nonce skipping bug that happened with me yesterday: This entire post has been to detail how Dean handles bugs in the site. He never agrees to a bug being there. Instead starts blaming people so he can cover up the bug.
Day before yesterday PRC went down. No one could access the site except for people who were already logged in. The site was down for over 2 hours and then came back. Most people thought it was a DDOS attack but Dean never commented on why it went down. Just after that
I was gambling from another acccount, and suddenly when I hit Low my entire account balance went into a single bet and I lost. Again, i did not click on Max neither the key board short cut for it. The amount updated to max amount as soon as I clicked on Low. Unfortunately, I was not recording this and informed Dean right then. Ofcourse as a site owner, he will never agree to a bug even if there was. I was not paid and he disagreed to the bet. But again, to anyone looking at this from an outside this might just seem a case of a user trying to get back money after a bet gone wrong. I obviously did not argue and decided not to bet again , specially not with a big balance on the site. Since I have no proof and this cannot be proved, I stopped pursuing it.
But
While gambling yesterday this happened. I came back to PRC after a day, and started gambling. I did some bets and clicked on verify. And some bets skipped. Around 5 nonces were missing. These were not missed to make me lose or something, but did not appear in the My Bets Tab.
Here is a Video of the exact incident:
https://www.youtube.com/watch?v=1Ewu84DChS0
You can see that rolls from nonces 500-505 are missing in the My Bets tab.Now Clearly as not only winning nonces were missing I knew this was another bug on the site. But again this was a major bug. I contacted Dean through Email and asked for a bounty for the bug. Before describing the issue(as if I did he would simply post before me and cover it up) , I asked him how much does he pay for bounties in finding bugs. He said 0.1-1 BTC based on the severity. After I told him about nonces skipped in the my bets tab.
He said he would pay 1 BTC if this was the case and also if I did not post it on the thread.
Here is an image from the email:
However I requested he pay the Bounty before as I did not want him to cover it up with some bull shit reason that all the amenable people believe blindly. Upon not receiving word from him I went ahead and posted the issue on the PRC thread on BTCTalk.
Just after posting this, in the chat, He said, I asked for more than 1 BTC and clearly contradicted the email, where I agreed to the 1 BTC and simply wanted it before. Here is the image from chat after I posted. He clearly says I asked for more than 1 BTC whereas the email shows I agreed to the 1 BTC amount.
Instead of agreeing to the fault, he said finnile was the only one with the issue and it was some display issue. He also said finnile must have modified the html of the page to make those bets disappear from the browser.
Here are 2 images of Dean Blaming me for the error:https://i.imgur.com/eQ4iSRJ.pnghttps://i.imgur.com/e5PDAnJ.pngDean also asked me to take a picture of the My Bets tab after the a restart and I posted this;
https://www.youtube.com/watch?v=rR1aHYn4gqITo Defend himself Dean posted my history from the database, with the missing bets and said it was a display error. But any site owner with access to the database can easily add the missing bets to cover up(not saying that he did). So this was a major fuck up and its immature of Dean to cover it up by saying it was finnile's fault and hence deviating from the main argument. Also anyone who was martingaling would have lost because they might have looked at the previous bet and there is no way to prove if it happened with someone in the past.Just after Dean said that finnile was the only one with the error, I realized that the Biggest High roller loss of the day was missing from the High Roller Tab,which had happened just recently. And just to prove I wasn't the only one with the display error, I made another video of the high roller bet missing, and people in chat claiming the same.
Here is the video to the time when the Biggest losing bet from the high roller was missing
https://www.youtube.com/watch?v=XDkeWjGe-sU&feature=youtu.be
Doing this is something Site Developers can take advantage of. Investors who are not online then, will never know if such a bet was ever made and Dean can just cut the profits that investor might have made and save it for himself and update the stats for that person back to before that bet was made.( I am sure Dean doesn't do this, but still is always a flaw that can be taken advantage off) . The funny part is that it was the biggest losing bet that was missing, so fingers pointed at.
I am not saying Dean did this, but it is not transparent, so people can never know if he ever did this.
Dean said this in the chat:
And clearly this is no fix as no one checks each bet ID to see if a bet is missing from the display.
To Sum up there a lots of flaws on the site that can give house an edge if they take advantage of it.
Dean will never take responsibility of coding errors he makes and to cover up just starts blaming people who point those out in the thread, so the discussion becomes about the other guy and not the flaw/bug that existed. If you visit the PRC thread and observer the last 3 pages. People are just complaining about random things and users(probably Dean posting them from his multiple accounts) and not many care about the issue.
And yet again from the past:
Doog Problem:
https://bitcointalk.org/index.php?topic=663326.msg7668176#msg7668176Dean Replying and saying only Doog has issues:
https://bitcointalk.org/index.php?topic=663326.msg7670760#msg7670760After sjess issue again here is Dean blaming Sjess:
https://bitcointalk.org/index.php?topic=663326.msg7738948#msg7738948It is clearly Dean's responsibility to make the site flaw/bug free. If it is not the case then he should not go after people who figure out the flaw.
He pointed out casinos haveing such laws, but they are listed. PRC doesn't list any T&C.
Sjess took an advantage of the flaw in the system .Even BJ has one such flaw card counting, and
https://bitcointalk.org/index.php?topic=663326.msg7743670#msg7743670 . The casino still ends up paying, declining any further gambling from the user. But here Dean just starts blaming the user and covers up the issue by making the discussion about him and not the real issue.
GG Dean. And Please don't bother to reply in this thread. If you have anything to say , say it in your own thread. I want to keep this thread DEAN FUD free. Feel free to call everyone a troll.
Again, everyone is free to interpret the issue the way they want to. I am not going to argue with anyone over it. I am just a random user on the site. I am not anyone who has to care about his reputation , I am just keeping facts out.
Saying it again : Its good to see the site expanding their business but doesn't he have the responsibility to fix the current Dice issue which clearly have a much bigger priority than adding Roulette to the website as Dice is what the site survives on?
The bitcoin world is anonymous. Just because a site is more than an year old, doesn't mean the owners cannot runaway with the funds. So its stupid to argue saying that. If manl the developer of DB kept saying that and we saw what happened at the end, when people blindly believed in him. If you want to invest your money, then invest it in the bank. Atleast it has almost no risk and a better return of interest.
Oh Hey Look Another possible scam by a site that is more than an year old or maybe just a bug that is going to cause losses to the investors: https://bitcointalk.org/index.php?topic=280487.msg8787456#msg8787456
Its sad to see how these guys give bitcoin a bad name. There are so many scams based on anonymity.
