Topic: bustadice – Dilution fee lowered to 1% - page 25. (Read 37217 times)

(emphasis mine)

I'm not really worried about programming language/environment similarities, on account of the audit server been written in a very popular programming language with zero package dependencies on a pretty standard OS image. The machine is extensively firewire walled of (mainly just DoS concerns). The audit server itself is insanely simple, it just has 3 endpoints which log  requests/response to disk. And then I scan the logs with a script I wrote that checks for any form of cheating (e.g. seed reuse, nonces not used in order, seedHash not match etc.) and calculates what the profit is expected to be. The tool to audit the server log is actually a *lot* bigger and complex than the server itself.  (Fun fact: Out of extreme paranoia, I've never shared with anyone the code that audits the audit servers log. Just incase I've made a coding error which would mean not identifying a type of cheating or miscalculating expected profits -- it's best if no one can know)


I think the bigger concern is perhaps that Daniel and I did decide to host it in the same physical datacenter on account of minimizing latency. That's potentially a weakness, although likely not a huge one. I assume you'd need be something like a state-actor to pull that off (being able to physically walk into the datacenter with guns and badges would probably make the attack a lot more feasible).

But if anyone advanced enough to pull off the perfect crime of pillaging a 2-independent server setup like bustadice, doing it for 35 btc like that doesn't make sense. Might as well have made it look less weird, and done it for 1000 btc+.

But yeah, in general I agree with you. I'd be like "oh shit, this is looking weird" if the exact same bets happened on bustabit (where there's no audit server). But with bustadice, I'm a bit like *yawn*.  (Although I'm in a bit of a unique of not needing to blind-trust anyone). But I think it's a good reminder to investors about how risky bankroll investing is.

Of course it is not entirely impossible for both of our servers to be compromised at the same time and without our knowledge. But especially considering how miniscule the attack surface of the audit server is by design, it is very unlikely. bustadice's unique architecture doesn't just protect investors, it also gives me as the game operator great confidence that Hunter's win was legitimate.

With regard to possible collusion I disagree with you because your reasoning is flawed. If you ascribe each of us a certain probability of being malicious, then the probability that both Ryan and I are malicious is necessarily lower than the probability of only one of us being malicious. That we have a certain amount of trust for one another doesn't change that. It's not like knowing someone for a long time suddenly makes you want to violate your principles and commit fraud.

That doesn't matter at all. devans can steal from bustabit investors undetected, and he can steal from bustadice investors with the help of RHavar. Players and investors would never know. It makes no difference. From my conversations with devans, I can tell that he is a standup guy and I wholeheartedly believe that he would never do such a thing, but, if someone else were operating this site, not only would theft be plausible, it would be extremely probable. It's basically free money sitting there.

It would be extremely stupid for Devans to steal money from investors. This business is very profitable for him. Not only because of the comission he gets for running it, but he's probably a big investor there, so he also profits that way. And annual returns are very high.

For the record, I trust both RHavar and devans and I don't think they would ever cheat.

Now, hypothetically speaking, I think the odds of a malicious player have been dramatically understated. RHavar makes it sound like it's some crazy thing for both systems to be independently compromised, or for collusion to happen, but it's simply not. RHavar and devans have known each other for many years, and have in fact made deals between each other of over 500 BTC. They are effectively the same person in this scenario. Collusion is not a possibility, it should be a presumption. If investors distrust Ryan OR Daniel, they should not invest! Trusting one is not enough, because they could easily collude. (Once again, this is just an observation. I would invest in bustadice because I trust them both.)

I saw Hunter's bets live and I was amazed. He turned 0.005 BTC into 35 BTC. That's just fucking insane. I've had some crazy runs, but nothing as crazy or lucky as that.

In the past I have considered whether having the same hosting provider, same programming language, etc. is still "single point of failure" in this perspective though. But that is probably being extremely paranoid (and I obv don't know details here anyway.) But sure, on any other invest site (without "audit server") I would withdraw my funds right away now lol. Those bets are pretty sick lol, not the profit itself, but 1.01x the whole time and then the timing of switching to this huge target, damn. But congrats until otherwise proven I guess.

The good news with bustadice's system is that you don't have to trust RHavar. He needs to collude with devans to cheat, which is much better than having a single point of failure without any real accountability.

690 bets of sizes below 100k satoshi...then, suddenly he 2500x's his tiny amount catapulting to over 9BTC, then plays THE ENTIRE 9.784BTC in winnings in THE VERY NEXT BET for a total of 47~ BTC profit
He then loses 12BTC following spin and stops after this.

Do you understand how unlikely this is, in reality?

And of course...as BAC said, there is no way to prove if this was an inside job or not, everyone just has to trust your words that it wasn't you.

I've verified the bets, and I can confirm he did indeed win that. Which means either:

a) Daniel and I have both been compromised [1]
b) He was lucky



[1] By "compromised" I mean either "acting dishonestly" or "have been hacked". If I hacked Daniel for instance, that would count as both compromised. (me for being dishonest, Daniel for losing his server seed).  But if only 1 of us were compromised, the other one should be seeing the games aren't verifying.


I hate to be over-confident (I always feel like I'm jinxing reality), but I'd say there's probably a >99.999% chance that the win is legitimate.

https://bustadice.com/player/Hunter

his 2nd 'bigger' bet is so lucky. and then risking everything you earned on the next risky bet doesnt look a thing most people would do. is there a way server seed could have been compromised. is this really 100% for sure just luck?

The problem turned out to be just a minor hardware issue. I've fixed the issue and bustadice is back online.

I'm looking into what the problem is right now and will restart the server ASAP.

It appears that the bustadice game server is currently down (I was in-game and I got a "lost connection to server" message, and on refreshing, nothing is loading). Similar reports from other players on my Discord server. Just posting here in case any other player checks -- it's not your Internet, it's the server!

Have tried my luck and yes, have gained profits as well. The best casino site i played with. Seriously guts needed to take risk and play with lots of money not worrying of loosing it.  

I can totally understand why "not trusting" is the default position but give me a break, you are RHavar, if I need to trust anyone, like gun to my head pick someone there is only 2 people in the whole casino world that I can trust with my eyes closed, stunna and you.

So, if you tell me everything is okay I would not get scared, if I am in a building that caught on fire and everywhere around me is in flames and you come up and tell me "don't worry everything is under control" I would sit back on my PC and continue gambling and not care about the flames knowing that you will take care of it. It is of course sad to see what happened in bustabit but this is casino world and sometimes those things happen, short term setback but long term profit for anyone who invest when others are out.

Yeah, you're right. I believe from my perspective it's completely provably fair, and I'm an investor. And running the audit server doesn't allow me to cheat, so no one needs to trust me. But if someone trusts me, they can trust that I verified the games. And if they don't trust me (which i think should be the default position) it's the same as a normal investment scheme anyway.


But the real cool thing is the security guarantees it offers. The security disaster that happened today on bustabit, couldn't have have happened on bustadice cause of the system. As even a total compromise of the server-seed isn't enough to predict rolls (Unless I was the attacker... )

Good to know you are a step ahead

Hey, glad to hear that you took action as professionals and reviewed your script for bugs and security flaws.
That shows seriosity and that you take players safety and yours very serious.
Keep up the good work bustadice team !

Nah, we aren't.  All good on this end of the stick.  If we would have bought a copy or used the Open Source recommended by Devan... I believe we would have been vulnerable, but we didn't.

Did you read about the attack that stole over 122 BTC from the Crash game at Bustabit?

You might want to make sure you are not vulnerable since you are operating a copy that was modified.