TheBomber999
Legendary
Offline
Activity: 1274
Merit: 1001
"shh, he's coding..."
|
|
October 23, 2014, 02:35:07 PM |
|
@NLNico Thanks NLNico!
He have not yet implemented this because he need to do more testing, so don't worry
|
You either die a developer, or live long enough to see yourself become the scammer. O muori da programmatore, o vivi tanto a lungo da diventare uno scammer.
|
|
|
BikiniDice (OP)
|
|
October 23, 2014, 02:38:46 PM |
|
Normally I would privately disclosure this and kindly ask for a bounty. But considering it's not yet implemented I guess I could just reply here. Any bounty would be still appreciated though (donation addy is in signature.)
You have helped us , we will reward you Bro.
|
|
|
|
BikiniDice (OP)
|
|
October 23, 2014, 02:41:54 PM |
|
We've got another roll function right now. But 10852 is extremely suspicious
|
|
|
|
TonyT
|
|
October 23, 2014, 02:48:19 PM |
|
You are kinda lucky you post this before implementing it: See the problem? The rolls will be the same as the previous 10 and we know the outcome. A decent attacker would do this only with 100 or 1000 bets to make it less obvious. He could slowly win all your funds. This is the same way satoshicarnival.co got "hacked" and lost like ~5 BTC.
Solution: use a separator. Like n:c:n,n:s:n > $nonce.":".$clientSeed.":".$nonce,$nonce.":".$serverSeed.":".$nonce
Most times the server seed is random though and the actually roll generation is based on the SHA512 HMAC of the seeds+nonce.
Nice spot of a programming error. Indeed you could have stayed silent and profited. But I doubt this character gives you any reward. He's a slippery character out to make a quick buck seems to me. Whether or not he is corrupt remains to be seen. He may even be honest, albeit slippery and without any morals whatsoever. It's also an example of why you should never do your own "home grown" randomizer. (A programmer's rule of thumb that I have broken myself, I code in C#). In fact, had he used rand(), as you say, perhaps rand() can be broken, but it would not have been as easy to break as the error he made that you saw. Also it's interesting that the loss of a mere 5 BTC --about USD $3000--will shut down a site. Thinly financed, fly by night.
|
TonyT
|
|
|
BikiniDice (OP)
|
|
October 23, 2014, 02:51:43 PM |
|
Whether or not he is corrupt remains to be seen. He may even be honest, albeit slippery and without any morals whatsoever.
Good morning to you too Tony
|
|
|
|
jollybit
Newbie
Offline
Activity: 26
Merit: 0
|
|
October 23, 2014, 02:52:34 PM |
|
A bit confused with the design.. Can you make it more easy with the eyes?
|
|
|
|
BikiniDice (OP)
|
|
October 23, 2014, 02:54:49 PM |
|
A bit confused with the design.. Can you make it more easy with the eyes?
What do you mean in particular? We think is a good/soft layout, or not?
|
|
|
|
TonyT
|
|
October 23, 2014, 02:56:11 PM |
|
Whether or not he is corrupt remains to be seen. He may even be honest, albeit slippery and without any morals whatsoever.
Good morning to you too Tony Ah, it's morning where you are? So you gave me a clue. Maybe you are in Latin or South America after all, or even in the USA, as an immigrant from Russia. Keep talking, I want to know more about you my friend.
|
TonyT
|
|
|
BikiniDice (OP)
|
|
October 23, 2014, 03:02:59 PM |
|
Ah, it's morning where you are? So you gave me a clue. Maybe you are in Latin or South America after all, or even in the USA, as an immigrant from Russia. Keep talking, I want to know more about you my friend.
No bro, it's morning where are you
|
|
|
|
gnappo
Member
Offline
Activity: 61
Merit: 10
|
|
October 23, 2014, 04:31:49 PM |
|
WOW!!! geat idea!!! now i can chose my lucky number I like so much you website!!!
|
|
|
|
gnappo
Member
Offline
Activity: 61
Merit: 10
|
|
October 23, 2014, 04:34:41 PM |
|
Thanks boys! What do you think about this feature
|
|
|
|
BikiniDice (OP)
|
|
October 23, 2014, 06:51:56 PM |
|
Anyone need an official API system? We saw many robo-rolled.
|
|
|
|
|
flippy
Member
Offline
Activity: 117
Merit: 100
|
|
October 23, 2014, 11:12:40 PM |
|
I think you should remove the 'bots' (user ids under 10000). While you obviously just want the site to look more active, having a bunch of obviously fake random bets isn't going to attract serious players, and people will probably feel more involved in your site if they can watch real players playing according to their own patterns.
|
|
|
|
BikiniDice (OP)
|
|
October 23, 2014, 11:22:45 PM |
|
I think you should remove the 'bots' (user ids under 10000). While you obviously just want the site to look more active, having a bunch of obviously fake random bets isn't going to attract serious players, and people will probably feel more involved in your site if they can watch real players playing according to their own patterns.
Yes we will hide our bots soon
|
|
|
|
TonyT
|
|
October 24, 2014, 04:26:02 AM |
|
I think you should remove the 'bots' (user ids under 10000). While you obviously just want the site to look more active, having a bunch of obviously fake random bets isn't going to attract serious players, and people will probably feel more involved in your site if they can watch real players playing according to their own patterns.
Yes we will hide our bots soon Hide bots when? As soon as you get a real customer? As I said to somebody, it could be that you are trying to promote a legitimate gambling site. You just have to prove it. I have nothing against you. Good luck!
|
TonyT
|
|
|
BikiniDice (OP)
|
|
October 24, 2014, 08:13:30 AM |
|
Hide bots when? As soon as you get a real customer? As I said to somebody, it could be that you are trying to promote a legitimate gambling site. You just have to prove it. I have nothing against you. Good luck!
Got 3 reasons to make our bots. 1. Marketing reason Some player need to see other users to play with a game. This marketing strategy, however, has its negativity. You said that our users always lost when in fact they were simply our bots. 2. Stress test We need to test our database with large amount of data. 3. Provably fair check We try to calculate long term profit of our dice game with many fake bet made by bot. I have nothing against you.
I know don't worry. Me/You/My partners are only bitcoin fans
|
|
|
|
BikiniDice (OP)
|
|
October 24, 2014, 09:32:53 AM |
|
Normally I would privately disclosure this and kindly ask for a bounty. But considering it's not yet implemented I guess I could just reply here. Any bounty would be still appreciated though (donation addy is in signature.)
TXID: ab2138ec3a6b723a3b4b479930b5b864dba7ce9d8568c70c8bd07fa36a881eda Thanks!
|
|
|
|
pandacoin
Legendary
Offline
Activity: 1554
Merit: 1000
|
|
October 24, 2014, 12:50:34 PM |
|
Good luck with your site. Do you plan to accept XMR as a payment method, too?
|
|
|
|
BikiniDice (OP)
|
|
October 24, 2014, 12:59:16 PM |
|
Good luck with your site. Do you plan to accept XMR as a payment method, too?
Thanks Panda. I just tried to instal Monero coin in past but isen't too easy like other coin! However, in the future we will try to add more coins
|
|
|
|
|