my friend ask

[asker8]

ok got it

[Pursuer]

Hello !

I have new btc casino with blockchain v3 wallet
my developer didn't do abything for fraud / double spending protection.
Could you please write here the instructions how to make the site more secured?

Thank you very much!

there is nothing complicated about it just wait for confirmation.
just like any other casino gambling site. for small amounts you can set 1 confirmation minimum and bigger amounts 3 confirmation
or set all deposits to at least 3 confirmation before crediting the account.

there are other complicated ways to assess a transaction to see the risk but they are not 100% fool proof and what I said above is the way that seems to be working for everyone else.

[longbob72]

Don't accept a transaction until they have at least 1 confirmation. Or 3 confirmations if you want to be truly safe.
Most of the time 1 confirmation is already good enough because the attacker will need to sacrifice a block to double spend 1 conf transaction successfully.
Double spending a transaction with 2 or more confirmations can get very expensive (needs high share of network hashrate) and have very low probability of success.

[ranochigo]

Most of the time 1 confirmation is already good enough because the attacker will need to sacrifice a block to double spend 1 conf transaction successfully.

They won't have to. One confirmation can be double spent without sacrificing block reward. If by chance, there are two blocks that are mined at the same time, the network would have two halves. Lets say only one of the two blocks has your transaction included and the casino sees the block with your transaction. If that block gets orphaned afterwards, the transaction would get back to unconfirmed.

Double spending a transaction with 2 or more confirmations can get very expensive (needs high share of network hashrate) and have very low probability of success.

Not really. The network can be forked and the fork that the casino is on can get abandoned and the transaction would be as if it has never happened.

You can easily setup your script such that your script does not respond to Blockchain.info's callback till at least X confirmations.

[longbob72]

Like I said, most of the time and can get very expensive. Doesn't mean it'll always be like that. 

[Decoded]

First thing is to not use the wallet API for checking transactions. It's a waste of API calls. Use their public text-based API, using https://blockchain.info/q/getreceivedbyaddress and the confirmations tag..

You can do https://blockchain.info/q/addressbalance/**insert address here**?confirmations=6

From there on it's simple JSON parsing.

[senyorito123]

Hello !

I have new btc casino with blockchain v3 wallet
my developer didn't do abything for fraud / double spending protection.
Could you please write here the instructions how to make the site more secured?

Thank you very much!

Most of the casino site offer 1 confirmation to be credited to their account. Your developer can't make your site secured, am i right? how come he is entitled a developer. When in fact he can't even secure your site. You better hire a new developer from this board 'coz developers here know how bitcoin and hacking works. So you just need to pay for the developer in order for your site to be secured.

[Joel_Jantsen]

1.Avoid remote 3rd party API calls.Write your own Json parser from scratch.
2.Yet the most easiest way to protect it,accept bets with only 2 or more confirmations.
3.I believe there is a C++ module which is available for free which can help prevent double spends within a certain broadcasting time of the transaction.

[asker8]

1.Avoid remote 3rd party API calls.Write your own Json parser from scratch.
2.Yet the most easiest way to protect it,accept bets with only 2 or more confirmations.
3.I believe there is a C++ module which is available for free which can help prevent double spends within a certain broadcasting time of the transaction.

link please to module

[freemanjackal]

you need to accept deposits with at least 2 confirmations, that would avoid double spending

[SparkedDev]

I would say allow 1 confirm , no confirm is way to risky.

If you do don't pay unless it confirms, many people try to scam sites like that.

[ranochigo]

If you do don't pay unless it confirms, many people try to scam sites like that.

Still risky. Many people have scammed casinos when they accept deposits without a single confirmation.

Since you can bet without a confirmation, you just need to bet when its unconfirmed. If its not a win, double spend it. Either you accept deposits and don't allow them to bet and withdraw or accept them only when theres a confirmation.

The above method affected lots of casinos and thats the reason why almost none of them accept it anymore.

[SparkedDev]

Yeah im one person that thinks sites shouldn't let people bet unless that money has cleared.

[IdiotCoder]

Juyst a question, if i were to use a dependenancy like Stripe, can I access the number of transactions confirmed manually through the API? I am working on a similar project and this thread saved me a potential security error down the line...

[Mike Mayor]

I thought thst the double spend problem was fixed ?