Nice update. I am not sure if you updated the provably fair implementation now or already before, but I just had a proper look again. The implementation looks now very close to perfect
I happily activated your site on my site again. There are still some smaller things that could be fixed:
1. Changing the client seed manually doesn't actually work (but "generate new" button does work.) So needs some change event listener that puts the new clientseed in the JS var and localstorage.
Thank you, will fix ...
2. Ideally the function verifyRoll() will also check the HASH which is the first part of verifying a result. So something like this:
if (activeCoin == 'btc') {
if (sha256(vSecret+'|'+vSalt) != vServerSeed) alert('Oh noes - serverseed hash changed! Contact site owner to see what happened or manually verify your bet.');
return (Math.floor((100 / Math.pow(2, 32) * ((vSecret + vClientSeed) % Math.pow(2, 32))) * 100) / 100).toFixed(2);
}
Obviously that alert
should never happen though
Will also add (thank you!)
3. If you use the above code, you would be checking the hash that you got
after the bet. But you should check the hash that you saved
before the bet (just for the theoretical situation where MP tries to cheat by changing the hash too.) You put this serverseed(=hash) already in the box with insertProvablyFairHtml()
before the bet. So you can simply remove the following line from updateProvablyFairHtml() to ensure you verify the hash that you got
before the bet:
// $('#newBetServerSeed').html(response['serverSeed']).hide().fadeIn(delay);
Will also fix ...
4. It says "Next Bet" in the second box, but that is actually the "Previous bet"
Silly me :-)
Still I believe your provably fair implementation is now superior to almost all "per-roll implementations", so these are just smaller things that should be easy to fix
That is high praise coming from you, appreciate it. I'll fix the above issues sometime today; very much appreciate your feedback.
PS, I only tested Dice-BTC. Perhaps I can look at Plinko and NXT some other time if you want.
Plinko isn't implemented in the verifier yet because it uses a different algorithm to determine the final slot the ball falls into (it still uses the hash/seed and everything else, but it doesn't just compute it down to a single number using a single-calculation algorithm). I just didn't get around to implementing this.
NXT uses a different system to compute the roll result (taken from primedice) but now that you mention it, we could actually unify the logic for both coins, there's no real reason to have 2 algorithms in place. I will work on unifying the code so that both/all coins are treated identically.
Once again, thanks a lot for your feedback. I'll let you know when these changes are done.
