🌟🎲🌟 MoneyPot.com

[VegasCasinoBits]

I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings)

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

What is the reason why an app owner can access the money without even using the player token? I find it very dangerous.

Its like all orther casino sites, when you deposit to a casino site "wallet on MP" to "casino owner" then you build on trust, if you move x bitcoin from you wallet to a orther casino site with own br, then you have the same risk.

[Lanzador]

I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings)

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

What is the reason why an app owner can access the money without even using the player token? I find it very dangerous.

Its like all orther casino sites, when you deposit to a casino site "wallet on MP" to "casino owner" then you build on trust, if you move x bitcoin from you wallet to a orther casino site with own br, then you have the same risk.

Unclear why they need access to the bits though? Given that they're not actually processing the bets, what's the rationale behind letting the app owners access the bits at all? I've tested making my own app on MP and never needed to actually be able to take the bits to get the functionality that I wanted

[CrazyCraig]

I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings)

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

What is the reason why an app owner can access the money without even using the player token? I find it very dangerous.

Its like all orther casino sites, when you deposit to a casino site "wallet on MP" to "casino owner" then you build on trust, if you move x bitcoin from you wallet to a orther casino site with own br, then you have the same risk.

Unclear why they need access to the bits though? Given that they're not actually processing the bets, what's the rationale behind letting the app owners access the bits at all? I've tested making my own app on MP and never needed to actually be able to take the bits to get the functionality that I wanted

An app doesn't have control of the bits as you think as they are not physically in possession of the bits. They are not able to transfer any bits without using MoneyPot's API, which in itself, leaves a history trail. If anything malicious were to occur, MoneyPot would know. At anytime, a user could transfer the bits from the app, even if the app were to suddenly disappear.

An app handles the delegation of a users bits through wagers and tips. An app needs these abilities in order to function. With the current setup, an app tells the API how much the user wants to wager. MoneyPot makes sure that the funds are present and handles the wager and 100% of the transaction ledger. MoneyPot itself adds and deducts funds from the users balance.

The warning itself exists as it is theoretically possible for an app owner to act malicious and tip users funds to his or her account or place wagers without the users permission. If these acts shall occur, it is important that the user alert the Moneypot staff immediately so we can investigate the issue.

As a user, it is also your job to ensure the safety of your funds. After you are done wagering, transfer your funds back into your Moneypot wallet, and again, report anything suspicious.

MoneyPot will do its job by continuously vetting apps and making sure that approved apps remain complicit.

Two of the things that we have on the roadmap are automation and an improved token system for confidential apps. Automation will allow us yo have scripted users that test the functionality of approved apps to make sure that they remain properly operational. Think of this as a sort of unit test.

[Lanzador]

I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings)

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

What is the reason why an app owner can access the money without even using the player token? I find it very dangerous.

Its like all orther casino sites, when you deposit to a casino site "wallet on MP" to "casino owner" then you build on trust, if you move x bitcoin from you wallet to a orther casino site with own br, then you have the same risk.

Unclear why they need access to the bits though? Given that they're not actually processing the bets, what's the rationale behind letting the app owners access the bits at all? I've tested making my own app on MP and never needed to actually be able to take the bits to get the functionality that I wanted

An app doesn't have control of the bits as you think as they are not physically in possession of the bits. They are not able to transfer any bits without using MoneyPot's API, which in itself, leaves a history trail. If anything malicious were to occur, MoneyPot would know. At anytime, a user could transfer the bits from the app, even if the app were to suddenly disappear.

An app handles the delegation of a users bits through wagers and tips. An app needs these abilities in order to function. With the current setup, an app tells the API how much the user wants to wager. MoneyPot makes sure that the funds are present and handles the wager and 100% of the transaction ledger. MoneyPot itself adds and deducts funds from the users balance.

The warning itself exists as it is theoretically possible for an app owner to act malicious and tip users funds to his or her account or place wagers without the users permission. If these acts shall occur, it is important that the user alert the Moneypot staff immediately so we can investigate the issue.

As a user, it is also your job to ensure the safety of your funds. After you are done wagering, transfer your funds back into your Moneypot wallet, and again, report anything suspicious.

MoneyPot will do its job by continuously vetting apps and making sure that approved apps remain complicit.

Two of the things that we have on the roadmap are automation and an improved token system for confidential apps. Automation will allow us yo have scripted users that test the functionality of approved apps to make sure that they remain properly operational. Think of this as a sort of unit test.

You explained why the wager function is necessary, but not the tip function. I don't understand why the app owners need to have the ability to tip people with other people's bits

[BitLegit.com]

For people asking why an App might want to be able to tip the users funds to itself, the app may have its own sports book or off moneypot betting game.

So instead of the user having to manually send to the App owners moneypot user name,  there can be code where the player clicks he wants to use funds from moneypot to deposit to the sportsbook.  They click it and the App owners code automaticly tips its own account to deduct bits and deposit the bits on the players sports book account instantly.

As far as I know, moneypot is ok with this as its a wallet in of itself and a sports book owner can be using it already with that tip or transfer option.

[BillyBurns]

is there a sportsbook to bet on?

[Lanzador]

is there a sportsbook to bet on?

This. Haven't seen a single app taking advantage of this feature and using it in a way that can't be accomplished just by wagering.

[CrazyCraig]

I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings)

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

What is the reason why an app owner can access the money without even using the player token? I find it very dangerous.

Its like all orther casino sites, when you deposit to a casino site "wallet on MP" to "casino owner" then you build on trust, if you move x bitcoin from you wallet to a orther casino site with own br, then you have the same risk.

Unclear why they need access to the bits though? Given that they're not actually processing the bets, what's the rationale behind letting the app owners access the bits at all? I've tested making my own app on MP and never needed to actually be able to take the bits to get the functionality that I wanted

An app doesn't have control of the bits as you think as they are not physically in possession of the bits. They are not able to transfer any bits without using MoneyPot's API, which in itself, leaves a history trail. If anything malicious were to occur, MoneyPot would know. At anytime, a user could transfer the bits from the app, even if the app were to suddenly disappear.

An app handles the delegation of a users bits through wagers and tips. An app needs these abilities in order to function. With the current setup, an app tells the API how much the user wants to wager. MoneyPot makes sure that the funds are present and handles the wager and 100% of the transaction ledger. MoneyPot itself adds and deducts funds from the users balance.

The warning itself exists as it is theoretically possible for an app owner to act malicious and tip users funds to his or her account or place wagers without the users permission. If these acts shall occur, it is important that the user alert the Moneypot staff immediately so we can investigate the issue.

As a user, it is also your job to ensure the safety of your funds. After you are done wagering, transfer your funds back into your Moneypot wallet, and again, report anything suspicious.

MoneyPot will do its job by continuously vetting apps and making sure that approved apps remain complicit.

Two of the things that we have on the roadmap are automation and an improved token system for confidential apps. Automation will allow us yo have scripted users that test the functionality of approved apps to make sure that they remain properly operational. Think of this as a sort of unit test.

You explained why the wager function is necessary, but not the tip function. I don't understand why the app owners need to have the ability to tip people with other people's bits

The tip function in API v1 is used as a catch all. Developers use it to develop PVP games and other features that the basic API doesnt support. On top of this, the tip feature is used in cases such as Bit-Exo's rain feature. It adds sociableness to games.

[Lanzador]

I just read this post, I still don't  understand how the app owner can get the user token without malicious code!

The app owner is always given the token. And besides, the app doesn't even need the users token in order to access the money. (It can directly access it itself). Only put what you are willing to trust in an app (as it's clear by the warnings)

Although the important thing to note, is if you put X in an app, the app can steal up to X. But it can never undetectably do so. i.e. It can never rig the bets. But it can bet without you authorizing it to. And it can transfer without you authorizing it to.  However, if it does nasty stuff like that, at least you'll know it. (But you'll still lose your money).

What is the reason why an app owner can access the money without even using the player token? I find it very dangerous.

Its like all orther casino sites, when you deposit to a casino site "wallet on MP" to "casino owner" then you build on trust, if you move x bitcoin from you wallet to a orther casino site with own br, then you have the same risk.

Unclear why they need access to the bits though? Given that they're not actually processing the bets, what's the rationale behind letting the app owners access the bits at all? I've tested making my own app on MP and never needed to actually be able to take the bits to get the functionality that I wanted

An app doesn't have control of the bits as you think as they are not physically in possession of the bits. They are not able to transfer any bits without using MoneyPot's API, which in itself, leaves a history trail. If anything malicious were to occur, MoneyPot would know. At anytime, a user could transfer the bits from the app, even if the app were to suddenly disappear.

An app handles the delegation of a users bits through wagers and tips. An app needs these abilities in order to function. With the current setup, an app tells the API how much the user wants to wager. MoneyPot makes sure that the funds are present and handles the wager and 100% of the transaction ledger. MoneyPot itself adds and deducts funds from the users balance.

The warning itself exists as it is theoretically possible for an app owner to act malicious and tip users funds to his or her account or place wagers without the users permission. If these acts shall occur, it is important that the user alert the Moneypot staff immediately so we can investigate the issue.

As a user, it is also your job to ensure the safety of your funds. After you are done wagering, transfer your funds back into your Moneypot wallet, and again, report anything suspicious.

MoneyPot will do its job by continuously vetting apps and making sure that approved apps remain complicit.

Two of the things that we have on the roadmap are automation and an improved token system for confidential apps. Automation will allow us yo have scripted users that test the functionality of approved apps to make sure that they remain properly operational. Think of this as a sort of unit test.

You explained why the wager function is necessary, but not the tip function. I don't understand why the app owners need to have the ability to tip people with other people's bits

The tip function in API v1 is used as a catch all. Developers use it to develop PVP games and other features that the basic API doesnt support. On top of this, the tip feature is used in cases such as Bit-Exo's rain feature. It adds sociableness to games.

For PVP certainly, though does MP even support PVP games? I know BaB and real Poker and Black Jack are off the table so what is it being used for? Also why does a rain feature necessitate access to user funds? The direction of access should be the other way around, if anything it seems

[BitLegit.com]

The rain feature has a thing where the user types in something to the chat to tip the rain bot or any other user.  The code than accesses the users funds and puts in the commands to tip a specified account

The bot is actually accessing the user funds. Your chat text is what gives it the go ahead to do so.

[Lanzador]

The rain feature has a thing where the user types in something to the chat to tip the rain bot or any other user.  The code than accesses the users funds and puts in the commands to tip a specified account

The bot is actually accessing the user funds. Your chat text is what gives it the go ahead to do so.

Just curious then - why can't there be like a one-time token or something generated by MP for that transaction? Why does the App need to be able to do it all the time?

[BitLegit.com]

The rain feature has a thing where the user types in something to the chat to tip the rain bot or any other user.  The code than accesses the users funds and puts in the commands to tip a specified account

The bot is actually accessing the user funds. Your chat text is what gives it the go ahead to do so.

Just curious then - why can't there be like a one-time token or something generated by MP for that transaction? Why does the App need to be able to do it all the time?

Im sure it can be done that way.  Just more time and coding needs to be done to make it happen.  I think it was left like it is as not many are good at coding and its easily noticed and has a history trail. And it left it open for the advanced coders to use a simple code to be able to adjust a users balance (hopefully with full permision from the user).

[Bit-Exo.com]

Both our Progressive jackpots are currently at a all time high!

Jackpot 1: 1.00BTC
Jackpot 2: 0.60BTC

You have a chance to hit the jackpot on all our games with bets from 100 satoshi or above.

[DicePalace]

Moneypot are more secure than we think.
YOU can't stole a user token and use it with another IP (other than the user IP).
They have a really good feature like IP BLOCK.
Good new

[MartinL]

Moneypot are more secure than we think.
YOU can't stole a user token and use it with another IP (other than the user IP).
They have a really good feature like IP BLOCK.
Good new

That may be true for client-side apps, but if the app is using the confidential authentication flow (server-side) then it is consuming the token from their own IP anyways.

[Emerge]

is there a sportsbook to bet on?

Well.. That's a totally different story.. You're not playing against a dealer or the house or anything like that.. and the money you win (or lose)
will always come from the player, and not from the house..

So I don't think it'll be in Moneypot's interests to make functionality for that

[roadbits]

is there a sportsbook to bet on?

I think as of now moneypot don't have any sports betting apps in the list. I don't know whether their system allows for sports sites app to use their bankroll. If allowed then it is good opportunity for someone come up with this feature to attract many people to use their site.

[maku]

is there a sportsbook to bet on?

I think as of now moneypot don't have any sports betting apps in the list. I don't know whether their system allows for sports sites app to use their bankroll. If allowed then it is good opportunity for someone come up with this feature to attract many people to use their site.

As far as I know it is not possible with the current MoneyPot system because odds are not fixed with sports events.
Only virtual games where you can easily verify the bets are possible. So something like virtual horse racing (where the system knows who will win before game ends) should be doable.

[DarkStar_]

is there a sportsbook to bet on?

So I don't think it'll be in Moneypot's interests to make functionality for that

They made a thread a while back asking what people would like to see in a sportsbook, and why they dislike the existing ones they use. It's very possible that they were/are considering running a sportsbook. Also, if they could get it to work (the bet accepting thing), they could allow any developer to create a nice sportsbook with a margin of their choice.

I don't know whether their system allows for sports sites app to use their bankroll.

A site could use moneypot as a deposit option and have an offsite sportsbook, but you can't do it directly.

[AcoinL.L.C]

is there a sportsbook to bet on?

So I don't think it'll be in Moneypot's interests to make functionality for that

They made a thread a while back asking what people would like to see in a sportsbook, and why they dislike the existing ones they use. It's very possible that they were/are considering running a sportsbook. Also, if they could get it to work (the bet accepting thing), they could allow any developer to create a nice sportsbook with a margin of their choice.

I don't know whether their system allows for sports sites app to use their bankroll.

A site could use moneypot as a deposit option and have an offsite sportsbook, but you can't do it directly.

Both parts of your comment are correct.