Topic: BetterBets.io - NOT provably fair - page 3. (Read 3350 times)

I read about it but may I ask you if you  lobos is also the coder of wealthy? why would they need to ask you to help to fix it? their coder could fix it as I understood it was just an easy mistake

is pokerowned the owner?

thx

Wealthy bought a license for the BB code and their site will be updated tonight.

Because coders are human and complex code is always never bug free. This is a subtle bug in the sense that it didn't break anything so it didn't get noticed. It's as simple as that.

thx for explaining and imo one year or more and no one saw it and not he owners and dev? all can happen and I dont point my finger at BB or MP as all is possible

interesting would be if MP pre owner RyanHavar could tell or confirm if it was already when he owned it

Unfortunately, its an easy mistake to make - this kind of thing can happen when a programmer tests his own work - its always better to get external testers involved. I work with a lot of programmers and a lot of them very rarely admit to making errors even if they are very clear.

please fix your site first before accusing fine people who only wanted to help other players and also the app owner and MP owners

yes he should get a bounty imo and it was legit to ask for it. lobos asked not to publish it and this tells a story

and if bounties are not paid to keep people quiet and it is called blackmail to use your wording why did lobos ask not to publish it? he should publish it immediately easy as that

very well said!!!

but how can one exaplin that this happens to a coder like lobos? I know everything can happen but his behavior tells otherwise or he does not like to confirm own mistakes = sad

At best this is a programming error and confusion between a signed and unsigned integer. Should have never made it onto a productive system. I suspect that they have been fair and not used this to con their users - but saying that I wouldn't use the site until the matter is cleared up. Good spot - it shows that it is good to do your homework. I'm sure the devs will be happy you found it if they are legitimate.

A "bounty"? Lol. OP begged for a ransom, and BetterBets didn't play along.

Bug bounties aren't paid out to keep people quiet. That's called blackmail.

Op was asking for a bounty and imo it is legit

lobos asked him not to publish it! why would he do this? he or BB should publish it immediately and fix it as they did anyway

lobos behaved in a very unprofessional way

why would wealthy need to ask lobos if they have their own coder? another good question is if lobos is also the coder for wealthy?

This was the impression I got from the posts. Either way their system seems to rely on wagering volume so making people lose on mp side or bb side is plain stupid.

To crackpotracer no I'm not just kissing ass I've been playing on BB for a long time. I even lost a few btc on your site too but your despicable forum behavior will keep me from returning. What's even more interesting is betterbets admins told me to try your site but I see you trying to be a dick to them and everyone else on mp related sites. Don't bite the hands that feed you tool.

They dont have the same dev, Lobos is the main lead dev for betterbets and since wealthydice is using betterbets script or purchased license to use it then they rely on lobos as well for the fixed version of this flaw. There is no point for betterbets to open up wealthydice, it belongs to another subject nonetheless

So you essentially tried to blackmail him and he didn't bite.

No ethics.

Why would you even publish those logs here? They make you look like an idiot.

All in all, this limited keyspace thing isn't that damning. Props to BetterBets for resolving the issue quickly!

I was kinda waiting for this. Actually I'm asking myself about why I am wasting time on this.
Since the point of noticing about the issue, I was wondering what to do with. I mentioned the issue in a chatroom, but either people thought I would have lost there and just cant handle the loss or they just didnt understand what I am talking about.

While I was pretty sure about it, I thought it would be better to ask somebody who has more experience with this. Maybe I really would have overseen something.
I hope it's ok to mention him but I dont see why it wouldnd. So I wrote a mail to dooglus regarding this issue, just to not do anything without being 100 % sure about it being an issue or not.
After I got confirmed about my opinion for it being not fair, I again asked me what to do.

So I came to the point, to contact the owners of BetterBets and Wealthy Dice per private message on BCT.
Told them shortly that theres an issue with the seedlimitation and asking them to change it. A few minutes later I thought it wasnt clear enough explained so I wrote a second message to both of them.

Here are my outgoing PM's to the owners of both sites:



So I was expecting them to fix the issue in first place, leaving me the option to report it or not. I have had no problems with both apps so I had no intention to damage their image or anything.
I still wasnt sure if I will post about the issue at all or just leave it as it is after being fixed. The thing is that BetterBets.io is there for 1 year or something, and nobody ever seemd to have noticed it.

They are the biggest app on moneypot with a wager of over 35k bitcoins, alone since the ownerchange of Moneypot.
This are their stats:

Bets   151,692,636
Wagered   35,031,617,084.98 bits
Bets Profit   480,245,287.65 bits (1.37%)
Expected Profit   348,492,607.60 bits (0.99%)

So people obviously lost 480 bitcoins there + what was lost under the old owner.

I got answerd pretty quick from both sites. Here are their answers:



Actually I was still waiting for a further message from Wealthy Dice about the issue being resolved, thats why I didnt mention them yet. But when looking at it a second time, it seems they both have the same dev.
I didnt notice that yesterday, otherwhise I would have mentioned wealthy dice as well.

Wealthy Dice is a pretty new Moneypot app, so I wanted to wait at least until its fixed in case I report it. I thought that would be fair in case they just bought the script without noticing about the issue.

So I added the BetterBets-dev on skype, wondering why he would want to speak with me. I said all I wanted and just wanted it to be fixed.
But of course gamblingsites often getting attacked by people after losing some coins there. After a couple minutes he confirmed my request to add him to my skype list like I was asked to do so.

Here's the whole conversation:

A warm welcome ... (besides the fact, I clearly did NOT ask for any kind of conversation with him ...)



Nonsene talk ... actually it looks a bit like he would have no clue what he is coding together there.





Actually until this point I was trying to relax and just end the nonsense talk as fast as possible. I did this all in a way that would probably be most preferable for a Gamblingsite, which claims to be provably fair - but simply isnt at all.
I should have just posted it straigh away at bitcointalk, so I wouldnd have to listen to that.
Getting offended while you're trying to help somebody that u dont even know, in the hope he might have just done it by an accident.



Maybe I missunderstood this, but for me it was looking like he wanted to hide something.
My english isnt the best, but "be my guest" sounded for me like he would be trying to get this into some direction.
And it wasnt me who wanted to talk, right ?





Leaves the question why I didnt release this straight away no ?

He actually said he had a bad day, and I got him in wrong moment.
Also he said "sorry" so even if he was a dick, I was going to accepted his sorry and thought I'd leave it like this.

I have nothing to hide, so this is all of the communication that happend.
You are free to believe my version or not, up to you.

At the end the point is the same, the site wasnt provably fair until yesterday.

Your information is very meaningful to users there, I think so

I think there are like 1k or 2k MP apps. Even tho the most are not active, its hard for MP to check them all for such issues, and even then the code could be changed after verification.
A while ago I noticed that some simpledice app was changed to some bitcoindoublerscam. I told that to the MP owners, and they immediately deleted the app from MP.

Actually there's another app which uses the BetterBets script. They have the same issue, but considering that they are a new site and might not know about the issue I wanted to wait until its fixed before I post about it. Actually I wasnt sure yet if I will post it at all. But it seems to be fair to let the people know about this. I should probably have mentioned them as well instead of waiting.

However I'm not sure if all apps are provably fair. But the ones I was looking at, didnt have a limitation for the seeds at all. I just didnt want to advertise any sites here, because I'm just not related to and it also doesnt fit to the topic basically.

"could BB cheat their customers?"

Not without the help of Moneypot. But BB did open the Chance for MP to cheat their users. Leaving the question why u would limit the userseed at all. It wasnt a limitation by the programming language, the dev told me. (I'll come to that in a later post)

"could BB cheat their customers with MP together?"

Yes.

edit
"could MP cheat without BB's help?"

Considering they wouldnd limit the Userseed or just set a randomizer, like stated by ryan - No.

edit2
"you said this was since BB exists so it was already when RH owned MP?"

It has been allways like this since BB was opend I got told so most likely yes.

edit3
"you wrote "This allows Moneypot to chose a ServerSeed that will make the Users/Players lose."

"could they also decide that a user/player will win?"

I assume that the sense of that would be to win money from the invested funds. That is most likely possible, because they can lookup the ServerSeed and set the UserSeed so the exact outcome would be known before the roll is done.
This actually is the case for every investsite. They all know the outcomes of either all your future rolls (in case the seeds are static and used for more than just one roll) or at least for the next one in case a randomizer is used to generate a new Seed for each Roll.

Anyways you always either trust the one whos running the site or not. They always can steal your investments and nobody could ever prove it.


Btw. I've only checked your dustlottery and your implementation allows the User to chose from the full range. But also using the same seed for more than 1 roll would allow MP to cheat technically, but this would be caused by the User himself then and not by the App owner/dev.
Actually you still would need to change the seed for each roll, so I believe the best option would be to use the randomizer from ryan but leave the option for the User to change it if he wants that.

@allinbox Thanks for letting us know about this bug. It is always good to have people which took a closer look into "provably fair" systems. I played on betterbets.io months ago. I actually could not notice any inconsistencies playing there.

Wow really nice explanation of the provably fair system, with this provably system plus the house edge, I believe most players will lose big at BetterBets.io

They fixed it mainly because he contacted them and asked about this issue. Without him we probably wouldn't be aware that exploit like this can be even possible.
I don't know if he demanded money for this, but if I were the owner of BetterBets.io I would honor Op with some kind of small bounty for his bug hunting.