Topic: Coinroll.it - Dice rolling game | Instant bets | Off-the-chain | 1% House edge - page 41. (Read 81545 times)
May 21, 2013, 01:03:03 AM
Awesome script. Nicely done Doog!
May 21, 2013, 12:58:37 AM
Thank you for releasing this script. As promised, I tipped you.
May 20, 2013, 06:15:30 PM
Should be fine now.
Yes, it's good now.
I wrote a script that verifies the whole db:
Code:
$ ./coinroll.py
missing secret for 05-20-2013
662354 right and 0 wrong
$
missing secret for 05-20-2013
662354 right and 0 wrong
$
It can't verify the bets from today, since the secret isn't public yet. But it can verify all the rest, and they're all fine.
Here's the script:
Code:
#!/usr/bin/env python
# verify all coinroll.it bets from their db dump
#
# 1. download secrets and bets from https://coinroll.it/verification
# 2. bunzip2 bets.csv.bz2
# 3. run this script in the same folder
import hashlib, hmac, string, time
def hash(txid, nonce, secret):
return int(hmac.new(secret, "%s:%s" % (txid, nonce), hashlib.sha512).hexdigest()[:4],16)
secrets = {}
for line in open('secrets.txt').readlines():
(date, secret) = string.split(line[:-1])
secrets[date] = secret
fp = open("bets.csv")
fp.readline() # throw away first line - it's the field names
missing = {} # note which dates we don't know the secrets for
wrong = 0 # count errors
right = 0 # count successes
while True:
line = fp.readline()
if (not line): break
(betid, user, stamp, nonce, lucky, target, win, diff, txid) = string.split(line[:-1], ',')
nonce = string.atoi(nonce)
lucky = string.atoi(lucky)
txid = string.split(txid, '"')[1]
stamp = string.atof(stamp)/1000
date = time.strftime('%m-%d-%Y', time.gmtime(stamp))
if not secrets.has_key(date):
missing[date] = 1
continue
secret = secrets[date]
calc = hash(txid, nonce, secret)
if calc != lucky:
wrong += 1
found = False
for off in range(1,5):
if lucky == hash(txid, nonce - off, secret):
target = string.atoi(target)
print "bet %s txid %s:%-5d should be %-5d (off by %d)" % (betid, txid, nonce, nonce - off, off)
found = True
break
if (not found):
print "%s lucky number is wrong (%5d != %5d): %s" % (betid, lucky, calc, time.ctime(stamp))
else:
right += 1
for i in missing.keys():
print "missing secret for", i
print "%d right and %d wrong" % (right, wrong)
# verify all coinroll.it bets from their db dump
#
# 1. download secrets and bets from https://coinroll.it/verification
# 2. bunzip2 bets.csv.bz2
# 3. run this script in the same folder
import hashlib, hmac, string, time
def hash(txid, nonce, secret):
return int(hmac.new(secret, "%s:%s" % (txid, nonce), hashlib.sha512).hexdigest()[:4],16)
secrets = {}
for line in open('secrets.txt').readlines():
(date, secret) = string.split(line[:-1])
secrets[date] = secret
fp = open("bets.csv")
fp.readline() # throw away first line - it's the field names
missing = {} # note which dates we don't know the secrets for
wrong = 0 # count errors
right = 0 # count successes
while True:
line = fp.readline()
if (not line): break
(betid, user, stamp, nonce, lucky, target, win, diff, txid) = string.split(line[:-1], ',')
nonce = string.atoi(nonce)
lucky = string.atoi(lucky)
txid = string.split(txid, '"')[1]
stamp = string.atof(stamp)/1000
date = time.strftime('%m-%d-%Y', time.gmtime(stamp))
if not secrets.has_key(date):
missing[date] = 1
continue
secret = secrets[date]
calc = hash(txid, nonce, secret)
if calc != lucky:
wrong += 1
found = False
for off in range(1,5):
if lucky == hash(txid, nonce - off, secret):
target = string.atoi(target)
print "bet %s txid %s:%-5d should be %-5d (off by %d)" % (betid, txid, nonce, nonce - off, off)
found = True
break
if (not found):
print "%s lucky number is wrong (%5d != %5d): %s" % (betid, lucky, calc, time.ctime(stamp))
else:
right += 1
for i in missing.keys():
print "missing secret for", i
print "%d right and %d wrong" % (right, wrong)
May 20, 2013, 06:05:11 PM
So '41881' changed to '41880.0'. Can we get rid of the decimal '.0'?
Should be fine now.
May 20, 2013, 05:48:05 PM
The fixed rows are now showing a decimal place for the offending nonces:
Code:
old: "0022382334fe","cb4a-d75e-142d",1368486703517.0,41881,5890,49189,true,319,"090de7a9a363bc41c992ec000f77ffe6692155308ae5020a4e1e58c4222a1b65"
new: "0022382334fe","cb4a-d75e-142d",1368486703517.0,41880.0,5890,49189,true,319,"090de7a9a363bc41c992ec000f77ffe6692155308ae5020a4e1e58c4222a1b65"
new: "0022382334fe","cb4a-d75e-142d",1368486703517.0,41880.0,5890,49189,true,319,"090de7a9a363bc41c992ec000f77ffe6692155308ae5020a4e1e58c4222a1b65"
So '41881' changed to '41880.0'. Can we get rid of the decimal '.0'?
May 20, 2013, 05:40:15 PM
Is the db dump fixed now too?
Yes.
Being British, 'nonce' always seems like unfortunate terminology...
Dammit, I always thought there was something wrong with that word.
May 20, 2013, 05:38:35 PM
The messed up nonces have been fixed.
Is the db dump fixed now too?
Quote
From Wikipedia, the free encyclopedia
Nonce may refer to:
Cryptographic nonce, a number or bit string used only once, in security engineering
Nonce (slang), a British and Australian slang term for a sex offender, usually a child sexual abuser
Nonce may refer to:
Cryptographic nonce, a number or bit string used only once, in security engineering
Nonce (slang), a British and Australian slang term for a sex offender, usually a child sexual abuser
Being British, 'nonce' always seems like unfortunate terminology...
May 20, 2013, 05:19:49 PM
The messed up nonces have been fixed.
May 20, 2013, 04:10:38 PM
Wow.
Just lost 15 in a row of the 25% chance win bet.
Brutal.
No BTC left
Just lost 15 in a row of the 25% chance win bet.
Brutal.
No BTC left
That happens 1.33% of the time, so it's not that rare:
Code:
>>> (0.75**15) * 100
1.3363461010158062
1.3363461010158062
May 20, 2013, 03:02:11 PM
Wow.
Just lost 15 in a row of the 25% chance win bet.
Brutal.
No BTC left
Just lost 15 in a row of the 25% chance win bet.
Brutal.
No BTC left
That happens 1.33% of the time, so it's not that rare:
Code:
>>> (0.75**15) * 100
1.3363461010158062
1.3363461010158062
May 20, 2013, 12:50:07 PM
If you're like me and what even payouts instead of even odds:
Less than 32440 for 2x payout
Less than 21626 for 3x payout
Less than 16220 for 4x payout
Less than 32440 for 2x payout
Less than 21626 for 3x payout
Less than 16220 for 4x payout
May 20, 2013, 12:31:08 PM
Wow.
Just lost 15 in a row of the 25% chance win bet.
Brutal.
No BTC left
Just lost 15 in a row of the 25% chance win bet.
Brutal.
No BTC left
May 20, 2013, 04:51:23 AM
Thank you for pointing this out dooglus. I will investigate.
As you said, this only affects the archiving of the bets since it is a separate routine.
Edit: This is a concurrency bug. The lucky number calculation correctly uses the atomically incremented nonce while the archiving operation increments it by itself. This will be fixed.
As you said, this only affects the archiving of the bets since it is a separate routine.
Edit: This is a concurrency bug. The lucky number calculation correctly uses the atomically incremented nonce while the archiving operation increments it by itself. This will be fixed.
May 20, 2013, 01:50:04 AM
Well that is an issue if historic bets are to be verified with a script. Although if it only impacts the archive, correcting the issue should be easy.
Yes. I tested them all, and no nonce is off by more than 4, so it's easy to find out what the correct nonce should be.
May 20, 2013, 01:24:58 AM
Short story:
Only the bets archive/history seems to have the wrong nonces (repeated) as viewed in archive or on the website. The lucky numbers appear to be the one that would have been generated with the correct nonce (not skipped like on the archived bets).
Ex:
https://coinroll.it/bet/26c991a300e6
Shows nonce 41875 & lucky number 45957 (Which can be generated with nonce 41874)
https://coinroll.it/bet/916f4107ff33
Shows nonce 41875 & lucky number 25074 (Which can be generated with nonce 41875)
Well that is an issue if historic bets are to be verified with a script. Although if it only impacts the archive, correcting the issue should be easy.
Only the bets archive/history seems to have the wrong nonces (repeated) as viewed in archive or on the website. The lucky numbers appear to be the one that would have been generated with the correct nonce (not skipped like on the archived bets).
Ex:
https://coinroll.it/bet/26c991a300e6
Shows nonce 41875 & lucky number 45957 (Which can be generated with nonce 41874)
https://coinroll.it/bet/916f4107ff33
Shows nonce 41875 & lucky number 25074 (Which can be generated with nonce 41875)
Well that is an issue if historic bets are to be verified with a script. Although if it only impacts the archive, correcting the issue should be easy.
May 19, 2013, 11:31:34 PM
I was asked to audit the provable fairness, and did so.
I found a problem, though I don't think it's important, and can be corrected.
Take https://coinroll.it/bet/0024cd8925bf for instance. It says the nonce was 41988, that the lucky number was 41982, and that I can verify this by running:
However, as you can see, that gives 56785 as the lucky number. If I use 41987 as the nonce, I get the correct lucky number:
I think all that's happened is that for a few thousand bets the database recorded the wrong nonce. If we look at the database dump, we see records for nonces 41985, 41986, 41988 (twice), 41989, etc. 41987 is missing, and 41988 was recorded twice. https://coinroll.it/bet/abd8a11aba66 is the other time it was used.
Here are the two verification screens for the two bets. Notice that the shell commands are identical in the two cases, but the lucky numbers they are meant to produce are different...
Edit: note that sometimes the reported nonce is off by as much as 4:
Edit2: Note also that none of this seems to affect the fairness. It does just seem to be an issue with the archiving of the bets, specifically the nonces. The stored lucky number and result is correct, and presumably so was the payout.
I found a problem, though I don't think it's important, and can be corrected.
Take https://coinroll.it/bet/0024cd8925bf for instance. It says the nonce was 41988, that the lucky number was 41982, and that I can verify this by running:
Code:
$ echo -n '090de7a9a363bc41c992ec000f77ffe6692155308ae5020a4e1e58c4222a1b65:41988' | openssl dgst -sha512 -hmac 'mEL0R7en4QQZtJpHkath9YtvEed2YbzrOAQrIkTkd1ZmX5YNoPprlWf6XeTFoQZD' | sed 's/^.* //' | cut -c1-4 | xargs -I{} printf "%d\n" 0x{}
56785
56785
However, as you can see, that gives 56785 as the lucky number. If I use 41987 as the nonce, I get the correct lucky number:
Code:
$ echo -n '090de7a9a363bc41c992ec000f77ffe6692155308ae5020a4e1e58c4222a1b65:41987' | openssl dgst -sha512 -hmac 'mEL0R7en4QQZtJpHkath9YtvEed2YbzrOAQrIkTkd1ZmX5YNoPprlWf6XeTFoQZD' | sed 's/^.* //' | cut -c1-4 | xargs -I{} printf "%d\n" 0x{}
41982
41982
I think all that's happened is that for a few thousand bets the database recorded the wrong nonce. If we look at the database dump, we see records for nonces 41985, 41986, 41988 (twice), 41989, etc. 41987 is missing, and 41988 was recorded twice. https://coinroll.it/bet/abd8a11aba66 is the other time it was used.
Here are the two verification screens for the two bets. Notice that the shell commands are identical in the two cases, but the lucky numbers they are meant to produce are different...
Edit: note that sometimes the reported nonce is off by as much as 4:
Code:
bet "04ea204f8cb5" nonce 42290 should be 42286 (off by 4)
bet "c56d77775b9e" nonce 42290 should be 42287 (off by 3)
bet "9e2e44e570c0" nonce 42290 should be 42288 (off by 2)
bet "2ec74cf218a1" nonce 42290 should be 42289 (off by 1)
bet "70cb835c740f" nonce 42299 should be 42296 (off by 3)
bet "de7c0b0ceb1d" nonce 42299 should be 42297 (off by 2)
bet "715dd2d635ee" nonce 42299 should be 42298 (off by 1)
bet "c56d77775b9e" nonce 42290 should be 42287 (off by 3)
bet "9e2e44e570c0" nonce 42290 should be 42288 (off by 2)
bet "2ec74cf218a1" nonce 42290 should be 42289 (off by 1)
bet "70cb835c740f" nonce 42299 should be 42296 (off by 3)
bet "de7c0b0ceb1d" nonce 42299 should be 42297 (off by 2)
bet "715dd2d635ee" nonce 42299 should be 42298 (off by 1)
Edit2: Note also that none of this seems to affect the fairness. It does just seem to be an issue with the archiving of the bets, specifically the nonces. The stored lucky number and result is correct, and presumably so was the payout.
May 19, 2013, 05:58:54 PM
The live bets feed page is very neat.
May 19, 2013, 07:18:46 AM
Added a live of view of all bets being played at https://coinroll.it/bets
Over half-million bets and counting, nice.Very nice.
Grats 
May 19, 2013, 07:13:02 AM
Added a live of view of all bets being played at https://coinroll.it/bets
Over half-million bets and counting, nice. May 18, 2013, 07:20:42 PM
Added a live view of all bets being played at https://coinroll.it/bets
Jump to: