1) you can generate transactions without broadcasting them
Answer False
Why do you believe this is not possible? How do you think cold wallets and offline signing work?
Here is a transaction that has not been broadcast in hex form:
010000000183e3fe15f5874dae133b8ae1ed5bbeae58f0bf6beecd1ffb4fed8c34f2bfb455010000008a473044022053281a29d107f6ee3c5e0673678c4d245965711dd83321bc2b2cdf5e01f788f6022059219abc99604ca65950776a7bd45c66debb1f0185a9d709c581cdcf169bbd32014104b41d52634460912ca6ca49054a2aaee57c7c3ca1deb00c14984a1087c332b11de9d4098b3147563166b7ffcfd1adbff91320a1312ab1cd843e710379c0a031c7ffffffff0180969800000000001976a91437058d142a1620817b5641534a79edd20013086188ac00000000
In a real attack we would generate many more, for example 100, instead of just one.
2) you can check the txid of those transactions before you broadcast them
Answer False
The transaction ID of the above transaction is
fa3c30c7821cdff2b191468bd5e9314f82d21d8dd27bc5e4548fcf4c512a2cb5. Note that it remains not broadcast yet we have just calculated its transaction ID. We can easily calculate the transaction ID for all of the unbroadcast transactions we generated in the previous step.
3) once you know the number of satoshis bet, you can figure out which ticket would win for each transaction
Answer False
You do not know how to calculate the winning ticket on your own site? The necessary code was given by yourself in
the first post in this thread and on your site's FAQ.
All we have to do is input the hash of the transaction we just generated—but still have not broadcast—and the total number of satoshi (let us assume 60.000 satoshi for example) in the pot into the
LuckyNumberGenerator function:
function LuckyNumberGenerator (transactionhash, totalpot) {
// ...
}
var hash = 'fa3c30c7821cdff2b191468bd5e9314f82d21d8dd27bc5e4548fcf4c512a2cb5j',
totalpot = 60000;
var result = LuckyNumberGenerator(hash, totalpot)
4) so you can find out which of your 100 pregenerated transactions would make you win if it was picked
Answer False
Let's assume we want the player with the tickets from 6668 to 8334 to win. The previous code example can easily be expanded upon to find all the winning transactions among the one:
function LuckyNumberGenerator (transactionhash, totalpot) {
// ...
}
var hashes = ['fa3c30c7821cdff2b191468bd5e9314f82d21d8dd27bc5e4548fcf4c512a2cb5j', /* ... */ ],
totalpot = 60000,
firstTicket = 6668,
lastTicket = 8334;
var winners = []
for (var i = 0; i < hashes.length; i++) {
var result = LuckyNumberGenerator(hashes[i], totalpot)
if (result >= firstTicket && result <= lastTicket) winners.push(hashes[i])
}
console.log('The winning hashes are:', winners)
Because tickets 6668 through 8334 are 16.66 % of all tickets, we can expect approximately 16 of our 100 pregenerated transactions to cause us to win.
5) it takes less than a second to get a transaction picked up by blockchain.info
Answer False
Transactions can absolutely propagate in less than a second, especially to a well-connected node like blockchain.info. Because cheating in the manner I am describing is possible even with longer propagation times as long as they are somewhat predictable I will not argue this point, however.
6) you have no way of proving which was the last transaction you saw on blockchain.info after the 30 seconds is up
Answer False
7) you can pick any transaction that was shown on blockchain.info in the relevant second
Answer False
The order in which you saw the last transactions is completely meaningless as another node (one of your players trying to verify the fairness of your game, for example) might receive the same transactions in a completely different order than blockchain.info. As transactions do not have timestamps it is not possible to verify that the house did not pick a more favourable transaction that arrived at roughly the same time—although not last.
And even if transactions did have timestamps (again: they do not) it would be easy for an attacker to simply send several winning transactions to blockchain.info right before the winning ticket is chosen.
If you know the winner will be chosen in 10 seconds you can simply start broadcasting one of the 16 winning transactions we generated earlier every tenth of a second starting in 9 seconds. This virtually guarantees that the ticket you want is the winner.
Now let me try once again to explain in layman's terms for you, we cannot predict when the last second will be, as when each person joins the game it resets back to 10 seconds.
Another player joining before the winner is chosen is not a problem as you now have an additional 10 seconds to start your calculations anew.
Only with magic can we be so lucky to have the site use said transaction.
This also is all happening within seconds do you think we are super computers who can take the amount of satoshis know exactly when the game is going to end compute all that with in seconds oh and get super lucky with magic and get our transaction on the exact second the game ends?
Neither luck nor magic have anything to do with this. Any run of the mill computer can make these calculations in the required time frame (10 seconds). In fact, I'm confident my mobile phone could do it.
If you cannot understand this simple concept you have no business running a Bitcoin gambling site.