bitcoinbear
|
|
September 12, 2012, 07:31:30 PM |
|
Whats the jokers market?
I think he is referring to MPEx.
|
|
|
|
evoorhees (OP)
Legendary
Offline
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
|
|
September 15, 2012, 11:13:06 PM |
|
FYI - Cross-posting this for our shareholders... (from the SD developer) I would like to explain a recent bug that has been plaguing our system and how it was corrected.
In our system we have a database of all transactions that relate to Satoshidice. We also track their status (pending, confirmed, unknown). We get a handful of transactions that were broadcast but never end up confirming. After 24 to 48 hours we delete them from our system and move on. There was an issue where the status of the transactions was not being recorded correctly. So we would occasionally delete a transaction thinking it was hopeless when it actually confirmed some time ago. Then the outputs spend for that transaction would be marked available and used to pay other transactions. The more I ran the recovery process to clean things up, the more of these ended up getting created.
Now I have a separate safety check that checks an external repository of confirmed transactions before deleting anything. This has been running for about 3 days and seems to work very well.
The other thing that happened that led to a large amount of unconfirming transactions was around Sept 8th we ran out of confirmed funds. We try to always pay winners with confirmed outputs so there is no problem getting them confirmed and they are not dependent on anyone else's transactions. Well, we ran out of confirmed and started paying with pending funds. This of course didn't go well and a bunch of payment transactions had to be deleted and reprocessed.
We of course have alarms on confirmed funds and were notified as it was going down but Erik was traveling and I don't have access to the reserve funds so there was not much I could do, other than later run the recovery and cleanup tasks to get everyone paid.
|
|
|
|
MPOE-PR
|
|
September 16, 2012, 01:59:41 AM |
|
It's not that hard really: you go to satoshidice.com and click where you see the word IPO in blue and underlined. Those are usually links on the interwebs. At that link you will find a few nuggets of information, like the contract, a prospectus, the total dividend paid (786.15699996).
Since the total shares issued is 10 million and the owner blocks for sale add up to 6`938`859, you can work out the total dividend paid to 3rd party investors on MPEx to 240.65374250 BTC. The GLBSE passthrough holders together count for a little over 10% of that, hence the 40ish BTC payment that made its way there.
|
|
|
|
evoorhees (OP)
Legendary
Offline
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
|
|
September 23, 2012, 11:41:05 PM |
|
Quick Update: The new site should be live within 2 weeks, I hope everyone is excited for it Also, there's another special announcement which will be made around the same time - should be very good for owners of S.DICE
|
|
|
|
evoorhees (OP)
Legendary
Offline
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
|
|
October 02, 2012, 01:28:21 AM |
|
Okay, September is over! The stats are now updated on the spreadsheet: https://docs.google.com/spreadsheet/ccc?key=0Aiec3-Eo_yO5dG5SQklHZG4wRm1GMW9DRWpMMW5UQkESummary:Earnings 2115.30020995 Hosting/Tech Expenses 50 Net Profit 2065.30020995 10% MPEX Dividend 206.530020995Volume over past 30 Days 228,279.18 Actual Profit over past 30 Days 2,115.30 Expected Profit over past 30 Days 4,337.30 From the numbers, you can see that players did statistically better than they should have this month (good for them!). Based on volume of SatoshiDICE bets, the site was expected to earn 4,337 BTC, but only earned 2,115 BTC. The dividend would have been roughly double the size if we had statistically matched expectations. September was the second-strongest month ever in terms of bet volume, after last month's record-breaking performance. Moving into October, the new site is extremely close (day or two) to being live, and a special announcement still remains that is 1-2 weeks away. Thank you to all the asset holders, both on MPEX and the GLBSE passthrough. I will be paying the dividend tomorrow (Tuesday)... if you buy shares before I pay it you get an immediate return of about 7.5% APY Cheers, -Erik
|
|
|
|
evoorhees (OP)
Legendary
Offline
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
|
|
October 02, 2012, 06:25:36 PM |
|
September's dividend of 206.53002089 BTC has been paid on MPEX
|
|
|
|
Slushpuppy
Member
Offline
Activity: 106
Merit: 10
|
|
October 06, 2012, 09:21:01 AM |
|
Well fuck I really should have bought this on MPex and not glbse
|
|
|
|
theGECK
|
|
October 06, 2012, 01:20:33 PM |
|
Are there any plans for what will happen with the pass-through shares?
|
Use my referral codes for Bitcoin faucets and I'll send you 30% of my referral bonus - Win/Win! PM for details on all sites available or use one of the links here. FreeBitco.in | FreeDoge.co.in
|
|
|
MPOE-PR
|
|
October 06, 2012, 05:28:50 PM |
|
Well fuck I really should have bought this on MPex and not glbse
Yeah. You know...the joker's market. True story.
|
|
|
|
evoorhees (OP)
Legendary
Offline
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
|
|
October 06, 2012, 06:32:29 PM |
|
Regarding the GLBSE mess, we'll need to wait and see how things play out. Ludvig (the passthrough operator) has said he plans to honor the contracts obviously, but we'll need GLBSE to provide him the database of owners. Ludvig is a great guy and I'll try to work with him wherever possible to take care of the GLBSE passthrough owners. I'll post more here when I know more.
|
|
|
|
evoorhees (OP)
Legendary
Offline
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
|
|
October 06, 2012, 06:34:21 PM |
|
Though the Bitcoin equities world is in a bit of chaos right now regarding GLBSE, here's a bit of good news... the new site is up and running at the live test URL: http://src.satoshidice.com/rev2/I'd love any feedback! We'll put this at SatoshiDice.com in a couple days.
|
|
|
|
dree12
Legendary
Offline
Activity: 1246
Merit: 1077
|
|
October 06, 2012, 06:52:12 PM |
|
Though the Bitcoin equities world is in a bit of chaos right now regarding GLBSE, here's a bit of good news... the new site is up and running at the live test URL: http://src.satoshidice.com/rev2/I'd love any feedback! We'll put this at SatoshiDice.com in a couple days. aa17b0 bet 6346813.000 btc 23 hours ago - WIN
Right .
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
October 06, 2012, 07:06:50 PM |
|
Though the Bitcoin equities world is in a bit of chaos right now regarding GLBSE, here's a bit of good news... the new site is up and running at the live test URL: http://src.satoshidice.com/rev2/I'd love any feedback! We'll put this at SatoshiDice.com in a couple days. The counters, blink like they are reloading but they numbers don't change. They should blink if the number gets updated, if not then nothing should be done. Plus the red colors in the tabs, like recent, doesn't really fit with the green it is two different contrasts, that don't fit well together. Otherwise I like the site redesign.
|
|
|
|
evoorhees (OP)
Legendary
Offline
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
|
|
October 06, 2012, 09:01:51 PM |
|
Though the Bitcoin equities world is in a bit of chaos right now regarding GLBSE, here's a bit of good news... the new site is up and running at the live test URL: http://src.satoshidice.com/rev2/I'd love any feedback! We'll put this at SatoshiDice.com in a couple days. aa17b0 bet 6346813.000 btc 23 hours ago - WIN
Right . LOL yeah I think that's a bug... That, or I'm bankrupt forever
|
|
|
|
koin
Legendary
Offline
Activity: 873
Merit: 1000
|
|
October 31, 2012, 09:09:55 PM Last edit: November 01, 2012, 02:34:11 AM by koin |
|
So the good news for you all is that you're kicking the site's ass in terms of winnings recently right now the site shows whether my bet will win or lose immediately. but there are known methods of double spending with bitcoin. these methods don't make sense in most instances, but to steal from satoshidice they make perfect sense. here's how it could be done. as a solo miner, I would construct a transaction that i include in my hashing but do not broadcast it to the network. as soon as i get a block i hold the block and immediately send a 250 btc wager to satoshidice for the "less than 32,000" bet. i would construct that wager transaction using the same input as was used in the transaction that was withheld in the mined block. if that 250 btc bet wins, i then discard my mined block and see profit of more than 200 btc (250 btc winnings from satoshidice minus 50 btc lost by not submitting the mined block). but if the 250 btc bet sent to satoshidice didn't win, i then submit the mined block and get the 50 btc block reward. the 250 btc wager will never confirm so i don't actually lose that. the risk for me in doing this is that while the block is being withheld another miner (miner "b") solves the block at the same height and by the time i broadcast the block with the double spend in it, the rest of the network is already mining away to extend the block solved by miner "b". in that rare instance i lose both my 50 btc block reward as well as my 250 btc spent on the bet that ended up losing. but the profit of 200 btc means this can fail half the time and i still can profit handsomely from doing this. satoshidice's best defense to this would probably be to not reveal the answer to winner/loser until there is one confirmation for any bets whose payouts would be above some threshold (like above the block reward subsidy level).
|
|
|
|
sgravina
|
|
November 01, 2012, 02:22:10 AM |
|
So the good news for you all is that you're kicking the site's ass in terms of winnings recently right now the site shows whether my wager will win or lose immediately. but there are known methods of double spending with bitcoin. these methods don't make sense in most instances, but to steal from satoshidice they make perfect sense. here's how it could be done. as a solo miner, I would construct a transaction that i include in my hashing but do not broadcast it to the network. as soon as i get a block i hold the block and immediately send a 250 btc wager to satoshidice for the "less than 32,000" bet. i would construct that wager transaction using the same input as was used in the transaction that was withheld in the mined block. if that 250 btc bet wins, i then discard my mined block and see profit of more than 200 btc (250 btc winnings from satoshidice minus 50 btc lost by not submitting the mined block). but if the 250 btc bet sent to satoshidice didn't win, i then submit the mined block and get the 50 btc block reward. the 250 btc wager will never confirm so i don't actually lose that. the risk for me in doing this is that while the block is being withheld another miner (miner "b") solves the block at the same height and by the time i broadcast the block with the double spend in it, the rest of the network is already mining away to extend the block solved by miner "b". in that rare instance i lose both my 50 btc block reward as well as my 250 btc spent on the bet that ended up losing. but the profit of 200 btc means this can fail half the time and i still can profit handsomely from doing this. satoshidice's best defense to this would probably be to not reveal the answer to winner/loser until there is one confirmation for any bets whose payouts would be above some threshold (like above the block reward subsidy level). Cool. I'm going to try this when I get my half of the bitcoin network working.
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
November 01, 2012, 04:16:34 AM |
|
Cool. I'm going to try this when I get my half of the bitcoin network working.
I don't know if you're suggesting you need 51% of the network to carry out this attack, but you don't. Even if you had just 1% you could carry out this attack about once per day. You don't need the 1% yourself, either. You can run a mining pool. Play something like "lessthan 8000" rather than a 50/50 bet. Then you don't end up throwing away many of the blocks your miners find for you. But occasionally you'll win the "lessthan 8000" bet, in which case you just don't submit the block, and get to keep the winning bet. The thing is, for a long time I was monitoring the Bitcoin network, looking specifically for double-spend attempts against Satoshi Dice, and didn't find a single one. It could be that while I was monitoring, no double spends happened, but that recently they've started again. I expect the site operators have a similar monitoring system in place, and would have shut down operations if they were being ripped off by such a scheme. They are in an excellent position to know whether they are having an unusual number of large losing bets never confirming. I very much doubt they would still be allowing 0-confirmation bets if they were seeing such an attack happening.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
MPOE-PR
|
|
November 01, 2012, 11:57:20 AM |
|
It could be that while I was monitoring, no double spends happened, but that recently they've started again. I expect the site operators have a similar monitoring system in place, and would have shut down operations if they were being ripped off by such a scheme. They are in an excellent position to know whether they are having an unusual number of large losing bets never confirming. I very much doubt they would still be allowing 0-confirmation bets if they were seeing such an attack happening.
Indeed, it seems that while the attack vector described might be viable, SDice could easily close the hole by requiring one (or two, or six) confirmations before processing bets. The fact that they have so far not done this would indicate they so far judge the cost of the attack lower than the burden the defense would impose on legitimate users. (Note that despite my MPEx affiliation, I am not bringing any special knowledge or information, it just seems reasonable).
|
|
|
|
sgravina
|
|
November 01, 2012, 02:36:53 PM |
|
Cool. I'm going to try this when I get my half of the bitcoin network working.
I don't know if you're suggesting you need 51% of the network to carry out this attack, but you don't. Even if you had just 1% you could carry out this attack about once per day. You don't need the 1% yourself, either. You can run a mining pool. Play something like "lessthan 8000" rather than a 50/50 bet. Then you don't end up throwing away many of the blocks your miners find for you. But occasionally you'll win the "lessthan 8000" bet, in which case you just don't submit the block, and get to keep the winning bet. The thing is, for a long time I was monitoring the Bitcoin network, looking specifically for double-spend attempts against Satoshi Dice, and didn't find a single one. It could be that while I was monitoring, no double spends happened, but that recently they've started again. I expect the site operators have a similar monitoring system in place, and would have shut down operations if they were being ripped off by such a scheme. They are in an excellent position to know whether they are having an unusual number of large losing bets never confirming. I very much doubt they would still be allowing 0-confirmation bets if they were seeing such an attack happening. I was thinking I would have to be sitting there and see the block solve. If so I would want to solve blocks fairly often so I don't spend much time waiting. Of course I could automate the whole process. I assume I would have to make a customized client anyway since I would need to withhold the block. I didn't think of the pool idea. This is just another thing we have to trust our pools with. But really, I am not much for doing extra work for a few hundred dollars. My regular job pays better.
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
November 01, 2012, 07:26:29 PM |
|
But really, I am not much for doing extra work for a few hundred dollars. My regular job pays better.
I'm sure the amounts that could be made in the short term using such an attack are very attractive to some people. Not everyone lives in a developed country and has a well paying job after all.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
|