ButtterBet
Member
Offline
Activity: 112
Merit: 10
|
|
October 13, 2014, 01:40:13 AM |
|
I thought you were referring to all the other dice sites where you have played on. This one, you don't need to verify the "rolls" but you can verify that the game is fair. You have the choice to pick what point to cash out. That is completely up to you and the site can not change that. It is already telling you when it will crash, but only reveals this after the game, which can not be changed.
Thus it is fair. So, do you have a problem with the way it is implemented? Or do you not understand how to play?
yes this is the mp thread! ~ short answer: you don't know how to verify the game hash? :\ meh https://www.moneypot.com/faq#fairIt's all there bud. site down? :\ =============================================================================
Is the game fair?
Absolutely! And we can prove it: Before each game starts and before any player joins we send a hash of what the result will be. The hash we display is calculated as: sha256(gameCrashAmount + '|' + seed)
And after a game ends, you can look up the gameCrashAmount and the seed and compute the sha256(gameCrashAmount + '|' + seed) to verify that we never changed the gameCrashAmount.
Note: The gameCrashAmount is an integer that represents when the game crashes as a percentage. E.g. this Game crashed at 16.31x with a a seed of e4e93da14e26c6d9a1e22f6d0e63c52d. So, to prove we didn't cheat, the hash you would have seen on your client is 25957aaf0a91ed9faaa0b4622f890a98eba174d40513cb0344ffc01a4bb55fce which we computed via: sha256('1631|e4e93da14e26c6d9a1e22f6d0e63c52d')
-------------------------------------------------------so you add gamecrashamount + '|' + seed? <-------- so you add first with a calculator? ..what does '|' represent? *...sorry noob here ! :\ step by step ~ first what sha-256 calculator do you recommend? I recommend http://www.convertstring.com/en/Hash/SHA256Simple and easy to use ^
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
October 13, 2014, 01:43:33 AM |
|
Try this one: http://www.xorbin.com/tools/sha256-hash-calculatorYou concatenate the strings, meaning you combine them into one. Exactly as it is shown there. Paste this into the box in the sha256 hash calculator 1631|e4e93da14e26c6d9a1e22f6d0e63c52d And your result should be 25957aaf0a91ed9faaa0b4622f890a98eba174d40513cb0344ffc01a4bb55fce Don't worry, we were all noobs at one point. But that you admit you are a noob and then accuse several game sites about their provably fair implementation does not look good for you. I hope that some day you will understand. You can also try any other SHA256 calculator. You will get the same result.
|
|
|
|
BBmmBB
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 13, 2014, 01:49:39 AM |
|
Try this one: http://www.xorbin.com/tools/sha256-hash-calculatorYou concatenate the strings, meaning you combine them into one. Exactly as it is shown there. Paste this into the box in the sha256 hash calculator 1631|e4e93da14e26c6d9a1e22f6d0e63c52d And your result should be 25957aaf0a91ed9faaa0b4622f890a98eba174d40513cb0344ffc01a4bb55fce Don't worry, we were all noobs at one point. But that you admit you are a noob and then accuse several game sites about their provably fair implementation does not look good for you. I hope that some day you will understand. You can also try any other SHA256 calculator. You will get the same result. ok gotcha ...so in this example where do you check to see what the hash was? >>> https://www.moneypot.com/game/163325my result is : 001|cc12bb29153bf2648da4f2cbf6d021f9 = 022a5bebd783301e11caae02ec4ac783af0a42fa3269e69d4b4522ce87b47361 ^is this correct? tia
|
|
|
|
BBmmBB
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 13, 2014, 02:06:27 AM |
|
looks like the site is offline ? i can't log into the main site anymore ~ CHECK THIS OUT >> looks like there is another moneypot that predates this one ! >> http://www.whois.com/whois/moneypot.in
|
|
|
|
PrimedicePlayersUnion
Member
Offline
Activity: 70
Merit: 10
★Bitin.io★ - Instant Exchange
|
|
October 13, 2014, 02:16:29 AM |
|
1.75x - - - 1.28x - - - 1.06x - - - 1.60x - - - 1.36x - 7,737 -7,737 (+0.11) 1.03x - 1,137 -1,137 (+11.37) 1.06x - 1,137 -1,137 (+11.33) 1.52x - 1,137 -1,137 1.65x - 37 -37 1.08x - 3,337 -3,337 losses all round ^^REALLY? --I'M CALLING SCAM instead of calling sites scam, go and learn how to play cricket
|
|
|
|
espringe (OP)
|
|
October 13, 2014, 02:23:36 AM |
|
The game crashes of the old game (back 2 months ago) were a bit different, and don't make too much sense in the current context. (i.e. that game didn't really crash at 0.01x). I tried to backport the old scheme to the way moneypot works now -- but I forgot in the database that I stored 2.43 as a 243 -- and my script fucked it up. I'll pull the historic game crash data from a backup and restore them when I get a chance. It's just for historical interest though. =) The best way to verify is *first* copy the hash from before a game starts. Then watch the game, and see where it ends. Then click in the history to go to the game details, and copy the seed. Now compute the sha1(gameCrash + '|' + seed) and you can verify it matches the original hash. It's very tedious to do by hand, but there is at least two money pot bots playing money -- and one of them is verifying hashes -- the other i'm not so sure, but i wouldn't be surprised if it did so too.
|
|
|
|
BBmmBB
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 13, 2014, 02:35:04 AM |
|
... The best way to verify is *first* copy the hash from before a game starts. Then watch the game, and see where it ends. Then click in the history to go to the game details, and copy the seed. Now compute the sha1(gameCrash + '|' + seed) and you can verify it matches the original hash. It's very tedious t... so you purposefully make it impossible to check? ,,you have lost me! so there is no record of actual hashes?
|
|
|
|
BBmmBB
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 13, 2014, 02:38:42 AM |
|
unlock my ip address Eric ... or is this "leets only" type site?
|
|
|
|
espringe (OP)
|
|
October 13, 2014, 03:33:15 AM |
|
so you purposefully make it impossible to check? ,,you have lost me! so there is no record of actual hashes? There is no record of hashes, this is by design. If you don't understand why, you likely don't understand how the provably predetermined thing works =)
|
|
|
|
BBmmBB
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 13, 2014, 03:34:31 AM |
|
so you purposefully make it impossible to check? ,,you have lost me! so there is no record of actual hashes? There is no record of hashes, this is by design. If you don't understand why, you likely don't understand how the provably predetermined thing works =) then they cannot be checked! ? yes thats why i'm asking ! what is this ? ~sounds dodgy+ i can't even log into the main site now! WHAT GIVES BRO? >>>DOES SOMEONE NEED TO CREATE A SEPARATE BOT/SITE TO RECORD THE HASHES? WTF
|
|
|
|
espringe (OP)
|
|
October 13, 2014, 03:43:29 AM |
|
If I give you a historical hash, it is useless -- as if I was tampering with the game, I'd also change that too. The only way to verify the game is via using a hash you know was sent before the game started. You can either do this manually, or with a bot.
|
|
|
|
BBmmBB
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 13, 2014, 03:47:36 AM |
|
If I give you a historical hash, it is useless -- as if I was tampering with the game, I'd also change that too. The only way to verify the game is via using a hash you know was sent before the game started. You can either do this manually, or with a bot.
how is providing accurate historical data "tampering with the game" ? what are you smoking? >>> regardless i can't see any of this as i can't even log into the main screen !
|
|
|
|
BBmmBB
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 13, 2014, 03:55:20 AM |
|
>>> regardless i can't see any of this as i can't even log into the main screen ! Sorry, due to COPPA laws -- I am unable to provide you service for the next 3 years. Please come back then. WTF YOU TALKING ABOUT ! MAYBE YOU DON'T REALIZE WHATS ABOUT TO HAPPEN HERE ? LOL
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
October 13, 2014, 04:41:31 AM |
|
If I give you a historical hash, it is useless -- as if I was tampering with the game, I'd also change that too.
ts;du: Before a game runs, you make up a seed and a crash point, hash the two together and publish the hash. Once the game has crashed, you publish the seed, which allows everyone else to hash together the seed and the crash point and check that it matches the hash you published before the game started. If you were cheating, you would publish a random hash before the betting started, wait to see how much people bet, then chose a crash point accordingly, then when the game crashed you would have to hope that nobody had looked at the hash. Then you could hash the seed and the actual crash point together and store that hash in your database. Then later when someone asks for the hash, seed, and crash point for the old game, you give them the hash that "prove" you pre-determined the crash point. The problem is that the hash was generated *after* the betting, not before. And so the only way to verify the pre-determinedness of the crash point is to use the hash that is published *before* a game starts. You know when you're playing the lottery, and you have to pick your numbers *before* the draw, and get them printed on a ticket? If the numbers that get drawn match the numbers you picked, you have proof that you're "lucky" or something. It's like that. Proving that you know the winning numbers after the draw has been done isn't useful. Everyone can do that. If the numbers you pick after the draw match the draw, you don't have proof of anything. You could have been lucky, but probably you just saw the draw.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
DarKSpectrE
|
|
October 13, 2014, 06:05:23 AM |
|
If I give you a historical hash, it is useless -- as if I was tampering with the game, I'd also change that too.
ts;du: Before a game runs, you make up a seed and a crash point, hash the two together and publish the hash. Once the game has crashed, you publish the seed, which allows everyone else to hash together the seed and the crash point and check that it matches the hash you published before the game started. If you were cheating, you would publish a random hash before the betting started, wait to see how much people bet, then chose a crash point accordingly, then when the game crashed you would have to hope that nobody had looked at the hash. Then you could hash the seed and the actual crash point together and store that hash in your database. Then later when someone asks for the hash, seed, and crash point for the old game, you give them the hash that "prove" you pre-determined the crash point. The problem is that the hash was generated *after* the betting, not before. And so the only way to verify the pre-determinedness of the crash point is to use the hash that is published *before* a game starts. You know when you're playing the lottery, and you have to pick your numbers *before* the draw, and get them printed on a ticket? If the numbers that get drawn match the numbers you picked, you have proof that you're "lucky" or something. It's like that. Proving that you know the winning numbers after the draw has been done isn't useful. Everyone can do that. If the numbers you pick after the draw match the draw, you don't have proof of anything. You could have been lucky, but probably you just saw the draw. This!!!
|
|
|
|
blockage
Member
Offline
Activity: 100
Merit: 10
Vires in numeris.
|
|
October 13, 2014, 02:04:35 PM |
|
I assume this is going to need a serious code review if purchased.
The code is all open source, and has been for some time. User "Steve" on the site seems to have reviewed it fully, and contributed patches improving it. Hi, I'm user "Steve" on MoneyPot, steven (149317) on just-dice, steve (2995) on dicebitco.in and Steve (2474) on dice.ninja. Saying that I "reviewed it fully" is going too far. I have looked at the game logic in the server, the server-client communication and some other parts here or there. I haven't looked at UI or for example any code that is handling funds and user balances which I would deem important though. The "chat moderator" patch that went live recent was, I believe, Steve's work.
Yep that was me.If there was anything untoward going on I'm sure Steve would have blown the whistle by now.
Because I'm already at it, I can address it for all interested parties: the buyer and the users. - The buyer should review the code himself anyway. I don't think
Eric intentionally left any backdoors in the code so that he can hack it after selling as he would expose himself now to the same risk. The codebase is straightforward and not too large so a review of the critical parts shouldn't be too difficult.
From the users perspective there are two things I'm aware of that can be improved - Real provably fair numbers (whatever that means). This was
discussed earlier in this thread. dooglus proposed a scheme that allows the server to prove that it does not pick crash points at will. Mixing some random data into it (like the hash of a block in the future) guarantees that the site owner cannot influence the distribution. - I haven't complained to Eric about this yet because it doesn't
concern me, but I just opened an issue on github. When logging in the user password is sent encrypted but unhashed to the server, which means that the server can potentially harvest user passwords and try to log into other sites. The database itself stores hashed passwords. I use unique passwords anyway, but I think this should be resolved for the sake of other users.
|
|
|
|
blockage
Member
Offline
Activity: 100
Merit: 10
Vires in numeris.
|
|
October 13, 2014, 02:42:30 PM |
|
From the users perspective there are two things I'm aware of that can be improved
I forgot to add a third one: the lack of 2FA.
|
|
|
|
BBmmBB
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 13, 2014, 03:40:34 PM |
|
I FIND IT A CURIOSITY THAT NOW WHEN I'M ATTEMPTING TO FIGURE OUT HOW TO VERIFY THE HASHES I GET SHUT OUT OF THE SITE! LMFAO!!! NICE WORK!
|
|
|
|
BBmmBB
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 13, 2014, 07:30:28 PM |
|
Try this one: http://www.xorbin.com/tools/sha256-hash-calculatorYou concatenate the strings, meaning you combine them into one. Exactly as it is shown there. Paste this into the box in the sha256 hash calculator 1631|e4e93da14e26c6d9a1e22f6d0e63c52d And your result should be 25957aaf0a91ed9faaa0b4622f890a98eba174d40513cb0344ffc01a4bb55fce Don't worry, we were all noobs at one point. But that you admit you are a noob and then accuse several game sites about their provably fair implementation does not look good for you. I hope that some day you will understand. You can also try any other SHA256 calculator. You will get the same result. ok i got back in and checked it out and the hash checked out to be accurate for the game i checked! > my guess the trust relies on variables of the crash amount and seed combinations...? >could you not come to the same hash result by simply shifting variables? :\ ^ i'm i making sense? tia
|
|
|
|
jaysabi
Legendary
Offline
Activity: 2016
Merit: 1115
|
|
October 13, 2014, 10:17:49 PM |
|
Eric, how is the auction going? Is the plan still to sell the site?
|
|
|
|
|