bustabit.com -- The Social Gambling Game

[ButtterBet]

I thought you were referring to all the other dice sites where you have played on. This one, you don't need to verify the "rolls" but you can verify that the game is fair. You have the choice to pick what point to cash out. That is completely up to you and the site can not change that. It is already telling you when it will crash, but only reveals this after the game, which can not be changed.

Thus it is fair. So, do you have a problem with the way it is implemented? Or do you not understand how to play?

yes this is the mp thread! ~ short answer: you don't know how to verify the game hash?  :\ meh

https://www.moneypot.com/faq#fair

It's all there bud.

site down? :\


=============================================================================

Is the game fair?

Absolutely! And we can prove it: Before each game starts and before any player joins we send a hash of what the result will be. The hash we display is calculated as: sha256(gameCrashAmount + '|' + seed)

And after a game ends, you can look up the gameCrashAmount and the seed and compute the sha256(gameCrashAmount + '|' + seed) to verify that we never changed the gameCrashAmount.

Note: The gameCrashAmount is an integer that represents when the game crashes as a percentage. E.g. this Game crashed at 16.31x with a a seed of e4e93da14e26c6d9a1e22f6d0e63c52d. So, to prove we didn't cheat, the hash you would have seen on your client is 25957aaf0a91ed9faaa0b4622f890a98eba174d40513cb0344ffc01a4bb55fce which we computed via: sha256('1631|e4e93da14e26c6d9a1e22f6d0e63c52d')


-------------------------------------------------------

so you add gamecrashamount + '|' + seed? <-------- so you add first with a calculator? ..what does '|' represent?

*...sorry noob here ! :\

step by step ~ first what sha-256 calculator do you recommend?

I recommend

http://www.convertstring.com/en/Hash/SHA256

Simple and easy to use ^

[Dabs]

Try this one:
http://www.xorbin.com/tools/sha256-hash-calculator

You concatenate the strings, meaning you combine them into one. Exactly as it is shown there.

Paste this into the box in the sha256 hash calculator

1631|e4e93da14e26c6d9a1e22f6d0e63c52d

And your result should be

25957aaf0a91ed9faaa0b4622f890a98eba174d40513cb0344ffc01a4bb55fce

Don't worry, we were all noobs at one point. But that you admit you are a noob and then accuse several game sites about their provably fair implementation does not look good for you.

I hope that some day you will understand.

You can also try any other SHA256 calculator. You will get the same result.

[BBmmBB]

Try this one:
http://www.xorbin.com/tools/sha256-hash-calculator

You concatenate the strings, meaning you combine them into one. Exactly as it is shown there.

Paste this into the box in the sha256 hash calculator

1631|e4e93da14e26c6d9a1e22f6d0e63c52d

And your result should be

25957aaf0a91ed9faaa0b4622f890a98eba174d40513cb0344ffc01a4bb55fce

Don't worry, we were all noobs at one point. But that you admit you are a noob and then accuse several game sites about their provably fair implementation does not look good for you.

I hope that some day you will understand.

You can also try any other SHA256 calculator. You will get the same result.

ok gotcha ...so in this example where do you check to see what the hash was? >>> https://www.moneypot.com/game/163325


my result is : 001|cc12bb29153bf2648da4f2cbf6d021f9 =

022a5bebd783301e11caae02ec4ac783af0a42fa3269e69d4b4522ce87b47361


^is this correct? tia

[BBmmBB]

looks like the site is offline ? i can't log into the main site anymore ~

CHECK THIS OUT >> looks like there is another moneypot that predates this one ! >> http://www.whois.com/whois/moneypot.in

 

[PrimedicePlayersUnion]

1.75x   -   -   -
1.28x   -   -   -
1.06x   -   -   -
1.60x   -   -   -
1.36x   -   7,737   -7,737 (+0.11)
1.03x   -   1,137   -1,137 (+11.37)
1.06x   -   1,137   -1,137 (+11.33)
1.52x   -   1,137   -1,137
1.65x   -   37   -37
1.08x   -   3,337   -3,337
losses all round





^^REALLY? --I'M CALLING SCAM 

instead of calling sites scam, go and learn how to play cricket

[espringe]

ok gotcha ...so in this example where do you check to see what the hash was? >>> https://www.moneypot.com/game/163325

The game crashes of the old game (back 2 months ago) were a bit different, and don't make too much sense in the current context. (i.e. that game didn't really crash at 0.01x).  I tried to backport the old scheme to the way moneypot works now -- but I forgot in the database that I stored 2.43 as a 243 -- and my script fucked it up. I'll pull the historic game crash data from a backup and restore them when I get a chance. It's just for historical interest though. =)

The best way to verify is *first* copy the hash from before a game starts. Then watch the game, and see where it ends. Then click in the history to go to the game details, and copy the seed. Now compute the sha1(gameCrash + '|' + seed) and you can verify it matches the original hash.

It's very tedious to do by hand, but there is at least two money pot bots playing money -- and one of them is verifying hashes -- the other i'm not so sure, but i wouldn't be surprised if it did so too.

[BBmmBB]

ok gotcha ...so in this example where do you check to see what the hash was? >>> https://www.moneypot.com/game/163325

...

The best way to verify is *first* copy the hash from before a game starts. Then watch the game, and see where it ends. Then click in the history to go to the game details, and copy the seed. Now compute the sha1(gameCrash + '|' + seed) and you can verify it matches the original hash.

It's very tedious t...

so you purposefully make it impossible to check? ,,you have lost me!   so there is no record of actual hashes?

[BBmmBB]

unlock my ip address Eric ... or is this "leets only" type site? 

[espringe]

so you purposefully make it impossible to check? ,,you have lost me!   so there is no record of actual hashes?

There is no record of hashes, this is by design. If you don't understand why, you likely don't understand how the provably predetermined thing works =)

[BBmmBB]

so you purposefully make it impossible to check? ,,you have lost me!   so there is no record of actual hashes?

There is no record of hashes, this is by design. If you don't understand why, you likely don't understand how the provably predetermined thing works =)

then they cannot be checked! ? yes thats why i'm asking ! what is this ?    

~sounds dodgy+ i can't even log into the main site now!  

WHAT GIVES BRO?


>>>DOES SOMEONE NEED TO CREATE A SEPARATE BOT/SITE TO RECORD THE HASHES? WTF

[espringe]

If I give you a historical hash, it is useless -- as if I was tampering with the game, I'd also change that too. The only way to verify the game is via using a hash you know was sent before the game started. You can either do this manually, or with a bot.

[BBmmBB]

If I give you a historical hash, it is useless -- as if I was tampering with the game, I'd also change that too. The only way to verify the game is via using a hash you know was sent before the game started. You can either do this manually, or with a bot.

how is providing accurate historical data "tampering with the game" ?     what are you smoking?


>>> regardless i can't see any of this as i can't even log into the main screen !   

[BBmmBB]

>>> regardless i can't see any of this as i can't even log into the main screen !    

Sorry, due to COPPA laws -- I am unable to provide you service for the next 3 years. Please come back then.

WTF YOU TALKING ABOUT !    MAYBE YOU DON'T REALIZE WHATS ABOUT TO HAPPEN HERE ? LOL

[dooglus]

If I give you a historical hash, it is useless -- as if I was tampering with the game, I'd also change that too.

ts;du:

Before a game runs, you make up a seed and a crash point, hash the two together and publish the hash.

Once the game has crashed, you publish the seed, which allows everyone else to hash together the seed and the crash point and check that it matches the hash you published before the game started.

If you were cheating, you would publish a random hash before the betting started, wait to see how much people bet, then chose a crash point accordingly, then when the game crashed you would have to hope that nobody had looked at the hash. Then you could hash the seed and the actual crash point together and store that hash in your database.

Then later when someone asks for the hash, seed, and crash point for the old game, you give them the hash that "prove" you pre-determined the crash point.

The problem is that the hash was generated *after* the betting, not before. And so the only way to verify the pre-determinedness of the crash point is to use the hash that is published *before* a game starts.


You know when you're playing the lottery, and you have to pick your numbers *before* the draw, and get them printed on a ticket? If the numbers that get drawn match the numbers you picked, you have proof that you're "lucky" or something.

It's like that.

Proving that you know the winning numbers after the draw has been done isn't useful. Everyone can do that. If the numbers you pick after the draw match the draw, you don't have proof of anything. You could have been lucky, but probably you just saw the draw.

[DarKSpectrE]

If I give you a historical hash, it is useless -- as if I was tampering with the game, I'd also change that too.

ts;du:

Before a game runs, you make up a seed and a crash point, hash the two together and publish the hash.

Once the game has crashed, you publish the seed, which allows everyone else to hash together the seed and the crash point and check that it matches the hash you published before the game started.

If you were cheating, you would publish a random hash before the betting started, wait to see how much people bet, then chose a crash point accordingly, then when the game crashed you would have to hope that nobody had looked at the hash. Then you could hash the seed and the actual crash point together and store that hash in your database.

Then later when someone asks for the hash, seed, and crash point for the old game, you give them the hash that "prove" you pre-determined the crash point.

The problem is that the hash was generated *after* the betting, not before. And so the only way to verify the pre-determinedness of the crash point is to use the hash that is published *before* a game starts.


You know when you're playing the lottery, and you have to pick your numbers *before* the draw, and get them printed on a ticket? If the numbers that get drawn match the numbers you picked, you have proof that you're "lucky" or something.

It's like that.

Proving that you know the winning numbers after the draw has been done isn't useful. Everyone can do that. If the numbers you pick after the draw match the draw, you don't have proof of anything. You could have been lucky, but probably you just saw the draw.

This!!!

[blockage]

I assume this is going to need a serious code review if purchased.

The code is all open source, and has been for some time.

User "Steve" on the site seems to have reviewed it fully, and contributed patches improving it.

Hi, I'm user "Steve" on MoneyPot, steven (149317) on just-dice, steve
(2995) on dicebitco.in and Steve (2474) on dice.ninja.

Saying that I "reviewed it fully" is going too far. I have looked
at the game logic in the server, the server-client communication
and some other parts here or there. I haven't looked at UI or
for example any code that is handling funds and user balances
which I would deem important though.

The "chat moderator" patch that went live recent was, I believe, Steve's work.

Yep that was me.

If there was anything untoward going on I'm sure Steve would have blown the whistle by now.

Because I'm already at it, I can address it for all interested parties: the buyer and the users.

• The buyer should review the code himself anyway. I don't think
  Eric intentionally left any backdoors in the code so that he can hack
  it after selling as he would expose himself now to the same risk. The
  codebase is straightforward and not too large so a review of the
  critical parts shouldn't be too difficult.

From the users perspective there are two things I'm aware of that can
be improved

• Real provably fair numbers (whatever that means). This was
  discussed earlier in this thread. dooglus proposed a scheme that
  allows the server to prove that it does not pick crash points at will. Mixing
  some random data into it (like the hash of a block in the future)
  guarantees that the site owner cannot influence the distribution.
• I haven't complained to Eric about this yet because it doesn't
  concern me, but I just opened an issue on github. When logging in
  the user password is sent encrypted but unhashed to the server, which
  means that the server can potentially harvest user passwords and try
  to log into other sites. The database itself stores hashed passwords. I use
  unique passwords anyway, but I think this should be resolved for the sake
  of other users.

[blockage]

From the users perspective there are two things I'm aware of that can
be improved

I forgot to add a third one: the lack of 2FA.

[BBmmBB]

I FIND IT A CURIOSITY THAT NOW WHEN I'M ATTEMPTING TO FIGURE OUT HOW TO VERIFY THE HASHES I GET SHUT OUT OF THE SITE!

LMFAO!!!

 


NICE WORK!

[BBmmBB]

Try this one:
http://www.xorbin.com/tools/sha256-hash-calculator

You concatenate the strings, meaning you combine them into one. Exactly as it is shown there.

Paste this into the box in the sha256 hash calculator

1631|e4e93da14e26c6d9a1e22f6d0e63c52d

And your result should be

25957aaf0a91ed9faaa0b4622f890a98eba174d40513cb0344ffc01a4bb55fce

Don't worry, we were all noobs at one point. But that you admit you are a noob and then accuse several game sites about their provably fair implementation does not look good for you.

I hope that some day you will understand.

You can also try any other SHA256 calculator. You will get the same result.

ok i got back in and checked it out and the hash checked out to be accurate for the game i checked!

> my guess the trust relies on variables of the crash amount and seed combinations...?

>could you not come to the same hash result by simply shifting variables?  :\

^ i'm i making sense? tia

[jaysabi]

Eric, how is the auction going? Is the plan still to sell the site?