Pages:
Author

Topic: BetterBets.io - NOT provably fair - page 3. (Read 3369 times)

legendary
Activity: 1974
Merit: 1014
All Games incl Racer and Lottery game are Closed
October 03, 2016, 12:31:18 PM
#37
Op was asking for a bounty and imo it is legit

lobos asked him not to publish it! why would he do this? he or BB should publish it immediately and fix it as they did anyway

lobos behaved in a very unprofessional way

why would wealthy need to ask lobos if they have their own coder? another good question is if lobos is also the coder for wealthy?


Wealthy bought a license for the BB code and their site will be updated tonight.

I read about it but may I ask you if you  lobos is also the coder of wealthy? why would they need to ask you to help to fix it? their coder could fix it as I understood it was just an easy mistake

is pokerowned the owner?

thx
sr. member
Activity: 348
Merit: 250
October 03, 2016, 12:21:05 PM
#36
Op was asking for a bounty and imo it is legit

lobos asked him not to publish it! why would he do this? he or BB should publish it immediately and fix it as they did anyway

lobos behaved in a very unprofessional way

why would wealthy need to ask lobos if they have their own coder? another good question is if lobos is also the coder for wealthy?


Wealthy bought a license for the BB code and their site will be updated tonight.
sr. member
Activity: 348
Merit: 250
October 03, 2016, 12:19:10 PM
#35
At best this is a programming error and confusion between a signed and unsigned integer. Should have never made it onto a productive system. I suspect that they have been fair and not used this to con their users - but saying that I wouldn't use the site until the matter is cleared up. Good spot - it shows that it is good to do your homework. I'm sure the devs will be happy you found it if they are legitimate.

very well said!!!

but how can one exaplin that this happens to a coder like lobos? I know everything can happen but his behavior tells otherwise or he does not like to confirm own mistakes = sad

Because coders are human and complex code is always never bug free. This is a subtle bug in the sense that it didn't break anything so it didn't get noticed. It's as simple as that.
legendary
Activity: 1974
Merit: 1014
All Games incl Racer and Lottery game are Closed
October 03, 2016, 12:16:42 PM
#34
At best this is a programming error and confusion between a signed and unsigned integer. Should have never made it onto a productive system. I suspect that they have been fair and not used this to con their users - but saying that I wouldn't use the site until the matter is cleared up. Good spot - it shows that it is good to do your homework. I'm sure the devs will be happy you found it if they are legitimate.

very well said!!!

but how can one exaplin that this happens to a coder like lobos? I know everything can happen but his behavior tells otherwise or he does not like to confirm own mistakes = sad

Unfortunately, its an easy mistake to make - this kind of thing can happen when a programmer tests his own work - its always better to get external testers involved. I work with a lot of programmers and a lot of them very rarely admit to making errors even if they are very clear.

thx for explaining and imo one year or more and no one saw it and not he owners and dev? all can happen and I dont point my finger at BB or MP as all is possible

interesting would be if MP pre owner RyanHavar could tell or confirm if it was already when he owned it

legendary
Activity: 1484
Merit: 1029
October 03, 2016, 12:08:26 PM
#33
At best this is a programming error and confusion between a signed and unsigned integer. Should have never made it onto a productive system. I suspect that they have been fair and not used this to con their users - but saying that I wouldn't use the site until the matter is cleared up. Good spot - it shows that it is good to do your homework. I'm sure the devs will be happy you found it if they are legitimate.

very well said!!!

but how can one exaplin that this happens to a coder like lobos? I know everything can happen but his behavior tells otherwise or he does not like to confirm own mistakes = sad

Unfortunately, its an easy mistake to make - this kind of thing can happen when a programmer tests his own work - its always better to get external testers involved. I work with a lot of programmers and a lot of them very rarely admit to making errors even if they are very clear.
legendary
Activity: 1974
Merit: 1014
All Games incl Racer and Lottery game are Closed
October 03, 2016, 12:06:15 PM
#32
Op was asking for a bounty and imo it is legit

lobos asked him not to publish it! why would he do this? he or BB should publish it immediately and fix it as they did anyway

lobos behaved in a very unprofessional way

why would wealthy need to ask lobos if they have their own coder? another good question is if lobos is also the coder for wealthy?

A "bounty"? Lol. OP begged for a ransom, and BetterBets didn't play along.

Bug bounties aren't paid out to keep people quiet. That's called blackmail.

please fix your site first before accusing fine people who only wanted to help other players and also the app owner and MP owners

yes he should get a bounty imo and it was legit to ask for it. lobos asked not to publish it and this tells a story

and if bounties are not paid to keep people quiet and it is called blackmail to use your wording why did lobos ask not to publish it? he should publish it immediately easy as that

legendary
Activity: 1974
Merit: 1014
All Games incl Racer and Lottery game are Closed
October 03, 2016, 12:02:19 PM
#31
At best this is a programming error and confusion between a signed and unsigned integer. Should have never made it onto a productive system. I suspect that they have been fair and not used this to con their users - but saying that I wouldn't use the site until the matter is cleared up. Good spot - it shows that it is good to do your homework. I'm sure the devs will be happy you found it if they are legitimate.

very well said!!!

but how can one exaplin that this happens to a coder like lobos? I know everything can happen but his behavior tells otherwise or he does not like to confirm own mistakes = sad
legendary
Activity: 1484
Merit: 1029
October 03, 2016, 11:59:33 AM
#30
At best this is a programming error and confusion between a signed and unsigned integer. Should have never made it onto a productive system. I suspect that they have been fair and not used this to con their users - but saying that I wouldn't use the site until the matter is cleared up. Good spot - it shows that it is good to do your homework. I'm sure the devs will be happy you found it if they are legitimate.
full member
Activity: 393
Merit: 107
October 03, 2016, 11:48:48 AM
#29
Op was asking for a bounty and imo it is legit

lobos asked him not to publish it! why would he do this? he or BB should publish it immediately and fix it as they did anyway

lobos behaved in a very unprofessional way

why would wealthy need to ask lobos if they have their own coder? another good question is if lobos is also the coder for wealthy?

A "bounty"? Lol. OP begged for a ransom, and BetterBets didn't play along.

Bug bounties aren't paid out to keep people quiet. That's called blackmail.
legendary
Activity: 1974
Merit: 1014
All Games incl Racer and Lottery game are Closed
October 03, 2016, 11:36:25 AM
#28
Op was asking for a bounty and imo it is legit

lobos asked him not to publish it! why would he do this? he or BB should publish it immediately and fix it as they did anyway

lobos behaved in a very unprofessional way

why would wealthy need to ask lobos if they have their own coder? another good question is if lobos is also the coder for wealthy?






hero member
Activity: 785
Merit: 502
October 03, 2016, 11:18:06 AM
#27
Quote
"pay me something idk"

So you essentially tried to blackmail him and he didn't bite.

No ethics.

Why would you even publish those logs here? They make you look like an idiot.

All in all, this limited keyspace thing isn't that damning. Props to BetterBets for resolving the issue quickly!

This was the impression I got from the posts. Either way their system seems to rely on wagering volume so making people lose on mp side or bb side is plain stupid.

To crackpotracer no I'm not just kissing ass I've been playing on BB for a long time. I even lost a few btc on your site too but your despicable forum behavior will keep me from returning. What's even more interesting is betterbets admins told me to try your site but I see you trying to be a dick to them and everyone else on mp related sites. Don't bite the hands that feed you tool.
legendary
Activity: 1540
Merit: 1013
October 03, 2016, 11:09:39 AM
#26
Actually I was still waiting for a further message from Wealthy Dice about the issue being resolved, thats why I didnt mention them yet. But when looking at it a second time, it seems they both have the same dev.

They dont have the same dev, Lobos is the main lead dev for betterbets and since wealthydice is using betterbets script or purchased license to use it then they rely on lobos as well for the fixed version of this flaw. There is no point for betterbets to open up wealthydice, it belongs to another subject nonetheless
full member
Activity: 393
Merit: 107
October 03, 2016, 10:58:27 AM
#25
Quote
"pay me something idk"

So you essentially tried to blackmail him and he didn't bite.

No ethics.

Why would you even publish those logs here? They make you look like an idiot.

All in all, this limited keyspace thing isn't that damning. Props to BetterBets for resolving the issue quickly!
full member
Activity: 165
Merit: 100
October 03, 2016, 10:36:41 AM
#24
Op if you don't play at betterbets then there is a motive behind your post. I'm going to guess extortion probably.  This looks like some kind of oversight error. They fix it in minutes....now we can pick client seeds in the 4 billions on accounts.  So dev said they spoke to you and it seems outcome wasn't what you wanted -gimme money or I'm posting- and you made this post. Does this about sum it up?

I was kinda waiting for this. Actually I'm asking myself about why I am wasting time on this.
Since the point of noticing about the issue, I was wondering what to do with. I mentioned the issue in a chatroom, but either people thought I would have lost there and just cant handle the loss or they just didnt understand what I am talking about.

While I was pretty sure about it, I thought it would be better to ask somebody who has more experience with this. Maybe I really would have overseen something.
I hope it's ok to mention him but I dont see why it wouldnd. So I wrote a mail to dooglus regarding this issue, just to not do anything without being 100 % sure about it being an issue or not.
After I got confirmed about my opinion for it being not fair, I again asked me what to do.

So I came to the point, to contact the owners of BetterBets and Wealthy Dice per private message on BCT.
Told them shortly that theres an issue with the seedlimitation and asking them to change it. A few minutes later I thought it wasnt clear enough explained so I wrote a second message to both of them.

Here are my outgoing PM's to the owners of both sites:



So I was expecting them to fix the issue in first place, leaving me the option to report it or not. I have had no problems with both apps so I had no intention to damage their image or anything.
I still wasnt sure if I will post about the issue at all or just leave it as it is after being fixed. The thing is that BetterBets.io is there for 1 year or something, and nobody ever seemd to have noticed it.

They are the biggest app on moneypot with a wager of over 35k bitcoins, alone since the ownerchange of Moneypot.
This are their stats:

Bets   151,692,636
Wagered   35,031,617,084.98 bits
Bets Profit   480,245,287.65 bits (1.37%)
Expected Profit   348,492,607.60 bits (0.99%)

So people obviously lost 480 bitcoins there + what was lost under the old owner.

I got answerd pretty quick from both sites. Here are their answers:



Actually I was still waiting for a further message from Wealthy Dice about the issue being resolved, thats why I didnt mention them yet. But when looking at it a second time, it seems they both have the same dev.
I didnt notice that yesterday, otherwhise I would have mentioned wealthy dice as well.

Wealthy Dice is a pretty new Moneypot app, so I wanted to wait at least until its fixed in case I report it. I thought that would be fair in case they just bought the script without noticing about the issue.

So I added the BetterBets-dev on skype, wondering why he would want to speak with me. I said all I wanted and just wanted it to be fixed.
But of course gamblingsites often getting attacked by people after losing some coins there. After a couple minutes he confirmed my request to add him to my skype list like I was asked to do so.

Here's the whole conversation:

A warm welcome ... (besides the fact, I clearly did NOT ask for any kind of conversation with him ...)



Nonsene talk ... actually it looks a bit like he would have no clue what he is coding together there.





Actually until this point I was trying to relax and just end the nonsense talk as fast as possible. I did this all in a way that would probably be most preferable for a Gamblingsite, which claims to be provably fair - but simply isnt at all.
I should have just posted it straigh away at bitcointalk, so I wouldnd have to listen to that.
Getting offended while you're trying to help somebody that u dont even know, in the hope he might have just done it by an accident.



Maybe I missunderstood this, but for me it was looking like he wanted to hide something.
My english isnt the best, but "be my guest" sounded for me like he would be trying to get this into some direction.
And it wasnt me who wanted to talk, right ?





Leaves the question why I didnt release this straight away no ?

He actually said he had a bad day, and I got him in wrong moment.
Also he said "sorry" so even if he was a dick, I was going to accepted his sorry and thought I'd leave it like this.

I have nothing to hide, so this is all of the communication that happend.
You are free to believe my version or not, up to you.

At the end the point is the same, the site wasnt provably fair until yesterday.
full member
Activity: 388
Merit: 100
October 03, 2016, 09:39:57 AM
#23
Your information is very meaningful to users there, I think so
full member
Activity: 165
Merit: 100
October 03, 2016, 08:24:36 AM
#22
I wonder if situation similar to this could be also possible for other services powered by MoneyPot. I mean people are usually lazy to check.

Op said this is possible only for BetterBets.io and "all other Moneypot Sites are provably fair because they let the User pick his Clientseed"

Is this really the case?

I think there are like 1k or 2k MP apps. Even tho the most are not active, its hard for MP to check them all for such issues, and even then the code could be changed after verification.
A while ago I noticed that some simpledice app was changed to some bitcoindoublerscam. I told that to the MP owners, and they immediately deleted the app from MP.

Actually there's another app which uses the BetterBets script. They have the same issue, but considering that they are a new site and might not know about the issue I wanted to wait until its fixed before I post about it. Actually I wasnt sure yet if I will post it at all. But it seems to be fair to let the people know about this. I should probably have mentioned them as well instead of waiting.

However I'm not sure if all apps are provably fair. But the ones I was looking at, didnt have a limitation for the seeds at all. I just didnt want to advertise any sites here, because I'm just not related to and it also doesnt fit to the topic basically.
full member
Activity: 165
Merit: 100
October 03, 2016, 08:16:21 AM
#21
I was looking at some moneypot apps to check, and noticed a major flaw in the BetterBets.io implementation of the MoneyPot Provably Fair System.

This flaw allowed Moneypot to cheat all players who played on BetterBets since the creation of the site. (approximatly 1 year I believe)

The Moneypot algorythm is this one:

(ClientSeed + ServerSeed) / 2^32 resulting in your individual roll outcomes between 0 and 99.99

2^32 = 4,294,967,296

In case the sum of ClientSeed and ServerSeed is higher than this number, the rest is taken and divided by 2^32, resulting in your roll outcome.

Most sites implement this correctly and let the user chose a number between 0 and 4,294,967,296.
But BetterBets is limiting the User to a chose a number between 0 and 2,147,483,648.

This allows Moneypot to chose a ServerSeed that will make the Users/Players lose. Because the User can only change the outcome by max 50 %. Sounds complicated, but it isn't. Heres an example:

Let's say Moneypot picks a Serverseed of 0.

Now the User picks his ClienSeed in the given Range between 0 and 2,147,483,648.

Then the roll result will be between 0 and 49.99.

With other words, if the User plays 2x on high, he will lose.
And there is no way the User can change this because BetterBets limits the ClientSeed he can chose.

Of course nobody can prove if BetterBets and Moneypot used this to make people lose and fill their own pockets.

But what we know is, that BetterBets.io has NEVER BEEN PROVABLY FAIR.


Just to mention this: That only counts for BetterBets.io, all other Moneypot Sites are provably fair because they let the User pick his Clientseed up to 4,294,967,296. At least the ones I've checked.

Regards !

Btw. no I did'nt play there and got buthurt because I lost. I've done my homeworks, this is a fact...

thank you very much for your posting and work

did you check our app/games? would be interested to know if it is the same with our games

I am not an expert and a non coder. please let me ask a question

could BB cheat their customers?

could BB cheat their customers with MP together?

edit
could MP cheat without BB's help?

edit2
you said this was since BB exists so it was already when RH owned MP?

edit3
you wrote "This allows Moneypot to chose a ServerSeed that will make the Users/Players lose."

could they also decide that a user/player will win?

I am not saying that anyone did cheat but I am trying to learn and understand it in full. sadly we have no coder now to let him check and explain it

cheers

"could BB cheat their customers?"

Not without the help of Moneypot. But BB did open the Chance for MP to cheat their users. Leaving the question why u would limit the userseed at all. It wasnt a limitation by the programming language, the dev told me. (I'll come to that in a later post)

"could BB cheat their customers with MP together?"

Yes.

edit
"could MP cheat without BB's help?"

Considering they wouldnd limit the Userseed or just set a randomizer, like stated by ryan - No.

edit2
"you said this was since BB exists so it was already when RH owned MP?"

It has been allways like this since BB was opend I got told so most likely yes.

edit3
"you wrote "This allows Moneypot to chose a ServerSeed that will make the Users/Players lose."

"could they also decide that a user/player will win?"

I assume that the sense of that would be to win money from the invested funds. That is most likely possible, because they can lookup the ServerSeed and set the UserSeed so the exact outcome would be known before the roll is done.
This actually is the case for every investsite. They all know the outcomes of either all your future rolls (in case the seeds are static and used for more than just one roll) or at least for the next one in case a randomizer is used to generate a new Seed for each Roll.

Anyways you always either trust the one whos running the site or not. They always can steal your investments and nobody could ever prove it.


Btw. I've only checked your dustlottery and your implementation allows the User to chose from the full range. But also using the same seed for more than 1 roll would allow MP to cheat technically, but this would be caused by the User himself then and not by the App owner/dev.
Actually you still would need to change the seed for each roll, so I believe the best option would be to use the randomizer from ryan but leave the option for the User to change it if he wants that.
tyz
legendary
Activity: 3360
Merit: 1533
October 03, 2016, 07:21:43 AM
#20
@allinbox Thanks for letting us know about this bug. It is always good to have people which took a closer look into "provably fair" systems. I played on betterbets.io months ago. I actually could not notice any inconsistencies playing there.
member
Activity: 112
Merit: 10
October 03, 2016, 07:20:45 AM
#19
Wow really nice explanation of the provably fair system, with this provably system plus the house edge, I believe most players will lose big at BetterBets.io
legendary
Activity: 1288
Merit: 1000
October 03, 2016, 07:09:08 AM
#18
Op if you don't play at betterbets then there is a motive behind your post. I'm going to guess extortion probably.  This looks like some kind of oversight error. They fix it in minutes....now we can pick client seeds in the 4 billions on accounts.  So dev said they spoke to you and it seems outcome wasn't what you wanted -gimme money or I'm posting- and you made this post. Does this about sum it up?
They fixed it mainly because he contacted them and asked about this issue. Without him we probably wouldn't be aware that exploit like this can be even possible.
I don't know if he demanded money for this, but if I were the owner of BetterBets.io I would honor Op with some kind of small bounty for his bug hunting.
Pages:
Jump to: