Bitcoin Forum
December 12, 2017, 04:49:50 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: PSA: dicebits.com lying about being provably fair.  (Read 360 times)
keepinquiet
Full Member
***
Offline Offline

Activity: 182



View Profile
June 02, 2015, 03:46:31 AM
 #1

There's a slim chance they are not lying - I'll start by saying that - but by disclosing NOWHERE the method they come up with their rolls, based on this one horribly glaring issue, they are not provably fair in the least.

First, in their FAQ they state:

IS THIS A PROVABLY FAIR GAME?
Yes. You can check that every bet is mathematically fair.

Thats it. Thats all the explanation you get.

So lets give it a shot. I took a video of it, just so we're all clear whats happening. The link:

https://vimeo.com/129508792

For those too lazy to watch. I open up the provably fair tab, and look at what is clearly marked as the sha256 hash of the seed of my next bet. It ends in 488bec7.

I close the window, and make a roll. Bet ID 44718.

I click on the bet, and see the server seed was 9EpNkr1UAVP4Il9l.

Lets sha256 hash 9EpNkr1UAVP4Il9l... and drumroll please... ef4e962f95fac6266e4bf50580c027d8332048c1a20c7e7c748a5dd7aa12c9b5!

Which is absolutely NOT the hash they showed as being the next hash. And just to give the benefit of the doubt, as some sites double-hash it, the sha256 of the above is f55d30ec00d3de54e2164cf06f8245b33f2ee528c56adb56aa2913fed32e3860.

Also, not what they showed.

They are either lying/cheating, or at best, cheating by omission of the formulas for how their numbers are generated. Don't waste your money there.

Side note, the dicebits.com thread is closed to new replies by the owner. Odd, huh?
1513054190
Hero Member
*
Offline Offline

Posts: 1513054190

View Profile Personal Message (Offline)

Ignore
1513054190
Reply with quote  #2

1513054190
Report to moderator
1513054190
Hero Member
*
Offline Offline

Posts: 1513054190

View Profile Personal Message (Offline)

Ignore
1513054190
Reply with quote  #2

1513054190
Report to moderator
1513054190
Hero Member
*
Offline Offline

Posts: 1513054190

View Profile Personal Message (Offline)

Ignore
1513054190
Reply with quote  #2

1513054190
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513054190
Hero Member
*
Offline Offline

Posts: 1513054190

View Profile Personal Message (Offline)

Ignore
1513054190
Reply with quote  #2

1513054190
Report to moderator
NLNico
Legendary
*
hacker
Offline Offline

Activity: 1540


DiceSites.com owner


View Profile WWW
June 02, 2015, 04:11:48 AM
 #2

First of all, nice found.

The owners account was stolen (doesn't seem like his fault but I didn't read much of it): https://bitcointalk.org/index.php?topic=964525.180;topicseen This seems like the new account but no real posts yet: https://bitcointalk.org/index.php?action=profile;u=515105 If he would post a new thread I will check their provably fair system a bit more and leave negative trust if needed. But at this point I cannot imagine people going to their site (and account "yussuf89" seems to be back to previous owner.)

Also no one should trust any of those CoinDice script sites! Their provably fair implementation is the worst anyway and cannot really be called provably fair, even if the server hash works out. See my post and dooglus' post for details. And they have several accusations of having serious vulnerabilities in their script that will get the site hacked - so no trusted site should use this script imo.

flippy
Full Member
***
Offline Offline

Activity: 120


View Profile
June 02, 2015, 06:51:31 AM
 #3

I think this is more to do with poor management. Dicebits previously used the standard Coindice script's provably fair method (which isn't a particularly good one) and now operates with a new one. The new one - when working correctly - isn't particularly great either, but it is an improvement, and I believe their intent is good. If you check the site's chat, the developer has explained how the new method works.

The new implementation of it has a number of bugs. My guess is that the hash shown in the provably fair page is hashing the server seed created by the old code, while the hash shown on the bet status page is hashing the seed created by the new code. The new code is also bugged, as the hash is only correct if the client seed is blank - so this hash appears to be the hash for the combination, which is useless for the purpose of verification.

Dicebits haven't promoted their site since before the change, so it seems that the site may still be under construction/testing for the new system, or (judging by the lack of response to this issue, which was also mentioned in the site's chat), the site may be completely dead now. While this has been poorly handled and the site ought to be shut down until it's actually ready to use (and people definitely should not be playing here until it's fixed) I kinda doubt that this is some kind of scam attempt, unless there's people out there who enjoy nothing more than gambling large sums at a dead site with a max bet under 200k satoshis.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!