3. Make assumptions about the system that are not true, in general. You can get away with this most of the time, but sooner or later, you'll get caught.
Has SatoshiDice gotten caught? Does their warning ("IMPORTANT: Only use wallets that allow you to receive Bitcoin from the same address you sent from. If you're not sure, test with .001 Bitcoins. If you get nothing back, then your wallet is not compatible.") protect them from *your* expectations? I would include that warning or something similar.
I suppose the other option is to return bitcoins proportionally to the addresses listed in the vout of the supplying transaction.
blockchain.info identifies the source address of the transaction I used to perform the steps I listed above. It's obvious to me now that I've done the math, but how does blockchain.info know what the source address of a single-input transaction is?
Except that it doesn't identify the source address, because, and this is very important,
there is no such concept of a source address in bitcoin. The only concept that applies is that of a
source transaction. Hell, there really aren't even addresses if you want to get deep into it. The destinations of transactions are scripts. You and I (and the software) use things we call addresses to help generate those scripts, but they don't really exist.
This may seem like I'm splitting hairs, particularly when virtually all transaction fit a particular mold and directly embed that abstraction that we use for our convenience. But if you insist on thinking that transactions come from addresses, you are reading your map, not the territory, and you will run into problems when you get to the place where your map is wrong.
SatoshiDice probably gets caught every day. We have no way of knowing how many people find the address and send coins from shared wallets. In the future, when multiparty wallets and mixers get more common, we'll have no way of knowing how many people will make the same mistake with them. How could we know, unless someone wants to make a public issue of it? From our point of view, and from SatoshiDice's point of view, the transaction came in, and then went out. It all looks the same to us.
They can get away with it because they don't care. They don't care if they send your winnings into limbo. They don't care if they piss off one gambler out of millions.
But most people can't get away with that. They are in businesses that
must care about customer service. And if you think that you don't care about customer service, then you are probably hoping to make a clone, in which case, you have much bigger problems.