Pages:
Author

Topic: crypto-games.net, 30% house edge, bugs and vulnerabilities, screw the investors! - page 13. (Read 13017 times)

legendary
Activity: 1288
Merit: 1043
:^)

If someone were to exploit/employ the +EV strategy on your site, then it would appear that they are simply getting lucky. Also there would be nothing that would stop someone from making small amounts of money across multiple accounts so they would each be under the radar.

Based on posts in this thread, it looks like the OP was offered a total of .5 BTC for his disclosure.

there were 2 bugs, 1 for the +EV bug and a second bug that dooglus found that would allow for players to manipulate some bet data to exceed that parameters set by the site, which i thought 1.5 BTC in total would be more than fair for the disclosure and explanation of these, but upon hearing of the second bug, the admin started getting rather hostile in tone and dissuaded me from accepting any sort of deal.

Well, the EV Bug was so easy to find that it was revealed by a player.
Still watching this thing though.
Was the EV bug leaked? If so then what was it? If not then don't leak it.

it was a simple rounding error; the site's client allowed the player to choose a multiplier up to 6500x, every number inclusive. however, their % win chance was rounded to the hundredth place (decimal), allowing for a 0.02% win chance on a 6500x roll, when the correct multiplier for such a roll should be around 5000. this is the worse case scenario allowing for a 30% edge, but as dooglus pointed out above, the second bug allows for even more of an edge.
legendary
Activity: 3066
Merit: 1129
Eh, when owners listen to the users only when they want to be too honest.
I bet if the user was an uncorrect and used the ev+ method just for personal profit the owner would just pay.
Now that even the owner knows the problem, is in hurry to fix it Cool
If I only was smart enough to bug find on sites... i would be rich Tongue
copper member
Activity: 2996
Merit: 2374

If someone were to exploit/employ the +EV strategy on your site, then it would appear that they are simply getting lucky. Also there would be nothing that would stop someone from making small amounts of money across multiple accounts so they would each be under the radar.

Based on posts in this thread, it looks like the OP was offered a total of .5 BTC for his disclosure.

there were 2 bugs, 1 for the +EV bug and a second bug that dooglus found that would allow for players to manipulate some bet data to exceed that parameters set by the site, which i thought 1.5 BTC in total would be more than fair for the disclosure and explanation of these, but upon hearing of the second bug, the admin started getting rather hostile in tone and dissuaded me from accepting any sort of deal.

Well, the EV Bug was so easy to find that it was revealed by a player.
Still watching this thing though.
Was the EV bug leaked? If so then what was it? If not then don't leak it.
legendary
Activity: 1288
Merit: 1043
:^)

We are pretty confident in our code.

Sure you are and now there are many bugs to find Smiley


if i were in his position, i would be scouring the code line for line at this moment; as i mentioned before in the thread, there is another bug that dooglus found (all credit goes to dooglus on this one) that allows a player to manipulate their bet to exceed the parameters given by the client. this is all client-side. that alone should be a gigantic red alarm for any developer, especially one that is "confident in their code."
legendary
Activity: 2562
Merit: 1414
but upon hearing of the second bug, the admin started getting rather hostile in tone and dissuaded me from accepting any sort of deal.

It seems like he is too proud with his site and the code while in fact is that this site is barely touched or known around here . With his statement here, he is digging his own graveyard for his site because +30 % means a bad things for his investor as well .
On the other note, he keeps on luring you to "exploit" the site which means that he will log through your games and finds out how you did them. This is such a cheap way to not pay the bounty


Regarding the bolded part, it seems like he is always hostile in tone even to his player ( which is something that a site owner shouldnt do )

up to 20,500 ? it's impossible!
-snip-
-snip-
if you don't like it just don't play. LOL
hero member
Activity: 602
Merit: 500

If someone were to exploit/employ the +EV strategy on your site, then it would appear that they are simply getting lucky. Also there would be nothing that would stop someone from making small amounts of money across multiple accounts so they would each be under the radar.

Based on posts in this thread, it looks like the OP was offered a total of .5 BTC for his disclosure.

there were 2 bugs, 1 for the +EV bug and a second bug that dooglus found that would allow for players to manipulate some bet data to exceed that parameters set by the site, which i thought 1.5 BTC in total would be more than fair for the disclosure and explanation of these, but upon hearing of the second bug, the admin started getting rather hostile in tone and dissuaded me from accepting any sort of deal.

Well, the EV Bug was so easy to find that it was revealed by a player.
Still watching this thing though.

yup, it took him minutes to find it lol..

We are pretty confident in our code.

Sure you are and now there are many bugs to find Smiley
legendary
Activity: 1288
Merit: 1043
:^)

If someone were to exploit/employ the +EV strategy on your site, then it would appear that they are simply getting lucky. Also there would be nothing that would stop someone from making small amounts of money across multiple accounts so they would each be under the radar.

Based on posts in this thread, it looks like the OP was offered a total of .5 BTC for his disclosure.

there were 2 bugs, 1 for the +EV bug and a second bug that dooglus found that would allow for players to manipulate some bet data to exceed that parameters set by the site, which i thought 1.5 BTC in total would be more than fair for the disclosure and explanation of these, but upon hearing of the second bug, the admin started getting rather hostile in tone and dissuaded me from accepting any sort of deal.

Well, the EV Bug was so easy to find that it was revealed by a player.
Still watching this thing though.

so it would seem, it really wasnt that hard to see honestly, was more so wondering why that was even there in the first place. im expecting that to be fixed rather quickly, which is good for their script, but as for their publicity, thats rather questionable.
legendary
Activity: 854
Merit: 1000

If someone were to exploit/employ the +EV strategy on your site, then it would appear that they are simply getting lucky. Also there would be nothing that would stop someone from making small amounts of money across multiple accounts so they would each be under the radar.

Based on posts in this thread, it looks like the OP was offered a total of .5 BTC for his disclosure.

there were 2 bugs, 1 for the +EV bug and a second bug that dooglus found that would allow for players to manipulate some bet data to exceed that parameters set by the site, which i thought 1.5 BTC in total would be more than fair for the disclosure and explanation of these, but upon hearing of the second bug, the admin started getting rather hostile in tone and dissuaded me from accepting any sort of deal.

Well, the EV Bug was so easy to find that it was revealed by a player.
Still watching this thing though.
legendary
Activity: 1288
Merit: 1043
:^)

If someone were to exploit/employ the +EV strategy on your site, then it would appear that they are simply getting lucky. Also there would be nothing that would stop someone from making small amounts of money across multiple accounts so they would each be under the radar.

Based on posts in this thread, it looks like the OP was offered a total of .5 BTC for his disclosure.

there were 2 bugs, 1 for the +EV bug and a second bug that dooglus found that would allow for players to manipulate some bet data to exceed that parameters set by the site, which i thought 1.5 BTC in total would be more than fair for the disclosure and explanation of these, but upon hearing of the second bug, the admin started getting rather hostile in tone and dissuaded me from accepting any sort of deal.
copper member
Activity: 2996
Merit: 2374
I am not even sure that I would trust the site to pay out large wins that a +EV strategy would result in. The site is very new, has a tiny bankroll, and is acting very unprofessionally.

big point here; even if they decide to pay out, their decisions in handling this entire matter were questionable at best, announcing their site as the subject of this thread was probably the biggest mistake, this is a lose-lose situation for them now.

Yeah, and it's not only them at risk, but also investor's money.
Them being "confident" is totally going to bring a lot of people down.

Time to take a couple of last looks at the site lol.

great point, after this, their site is dead regardless of the outcome. inviting people to come and dump your bankroll and not even consulting with your investors? that's some special publicity right there.

How do you know we didn't notify our investors? Did you ask them? We have notified every single investor on site.
in my opinion, before pulling this sort of stunt you should notify your investors ahead of time and give them time to process their withdrawals, just go and pull the trigger and invite people to dump their investments. judging from the timeframe between the messages and the announcement you made, your investors had little to no time to make a decision regarding the matter.

Not sure if you understand how our system works. But one thing is sure, investors have priority before players. And almost all of our funds are on cold wallets. So all will receive their funds if they want to withdraw it.
So what you are saying is that if a player were to win with this strategy, that you would not pay out the player?

The fact that you have investors means that you need to act in their best interest. Not paying out a measly 1 btc bug bounty for something that you are most likely responsible for only shows how bad of an idea it is to invest at your site.


We said we would pay you 1 btc and no more. But you didn't want to talk about it. So we have decided we won't talk with you either. We will have to wait for you to start earning "serious money", then we will fix it. But as you can read in terms, every exploit or bug should be reported and abuses are not allowed. If we see you abuse it you will stay without your funds.

It is your bad that you didn't want 1 btc, not ours.
To be clear, I have had no prior communications with you in the past. I do not see that anywhere in your terms on your website.

If someone were to exploit/employ the +EV strategy on your site, then it would appear that they are simply getting lucky. Also there would be nothing that would stop someone from making small amounts of money across multiple accounts so they would each be under the radar.

Based on posts in this thread, it looks like the OP was offered a total of .5 BTC for his disclosure.
sr. member
Activity: 395
Merit: 255
crypto.games: #1 Gambling Site
We said we would pay you 1 btc and no more. But you didn't want to talk about it. So we have decided we won't talk with you either. We will have to wait for you to start earning "serious money", then we will fix it. But as you can read in terms, every exploit or bug should be reported and abuses are not allowed. If we see you abuse it you will stay without your funds.

It is your bad that you didn't want 1 btc, not ours.

and it is also your problem that you practically killed off your own site. you just publicly stated that you will not pay out, right there. say good bye to crypto-games.net.

Really, I don't see anyone exploiting anything, and all works fine for me. Not sure what you are talking about Wink
legendary
Activity: 1288
Merit: 1043
:^)
We said we would pay you 1 btc and no more. But you didn't want to talk about it. So we have decided we won't talk with you either. We will have to wait for you to start earning "serious money", then we will fix it. But as you can read in terms, every exploit or bug should be reported and abuses are not allowed. If we see you abuse it you will stay without your funds.

It is your bad that you didn't want 1 btc, not ours.

and it is also your problem that you practically killed off your own site. you just publicly stated that you will not pay out, right there. say good bye to crypto-games.net.
sr. member
Activity: 395
Merit: 255
crypto.games: #1 Gambling Site
I am not even sure that I would trust the site to pay out large wins that a +EV strategy would result in. The site is very new, has a tiny bankroll, and is acting very unprofessionally.

big point here; even if they decide to pay out, their decisions in handling this entire matter were questionable at best, announcing their site as the subject of this thread was probably the biggest mistake, this is a lose-lose situation for them now.

Yeah, and it's not only them at risk, but also investor's money.
Them being "confident" is totally going to bring a lot of people down.

Time to take a couple of last looks at the site lol.

great point, after this, their site is dead regardless of the outcome. inviting people to come and dump your bankroll and not even consulting with your investors? that's some special publicity right there.

How do you know we didn't notify our investors? Did you ask them? We have notified every single investor on site.
in my opinion, before pulling this sort of stunt you should notify your investors ahead of time and give them time to process their withdrawals, just go and pull the trigger and invite people to dump their investments. judging from the timeframe between the messages and the announcement you made, your investors had little to no time to make a decision regarding the matter.

Not sure if you understand how our system works. But one thing is sure, investors have priority before players. And almost all of our funds are on cold wallets. So all will receive their funds if they want to withdraw it.
So what you are saying is that if a player were to win with this strategy, that you would not pay out the player?

The fact that you have investors means that you need to act in their best interest. Not paying out a measly 1 btc bug bounty for something that you are most likely responsible for only shows how bad of an idea it is to invest at your site.


We said we would pay you 1 btc and no more. But you didn't want to talk about it. So we have decided we won't talk with you either. We will have to wait for you to start earning "serious money", then we will fix it. But as you can read in terms, every exploit or bug should be reported and abuses are not allowed. If we see you abuse it you will stay without your funds.

It is your bad that you didn't want 1 btc, not ours.
legendary
Activity: 2562
Merit: 1414
We are pretty confident in our code. We log many different hack attempts every day.

Judging from your words, it seems you are losing confident yourself with your code . Basically if you are confident enough, you wouldnt even invite people to "exploit it" . Also if substrata decided to exploit it, you will know whats the exploit is by checking on the log and fix them yourself without the need to pay him the bounty

Code:
Exploit it please, and earn 1 btc. 

Dooglus never speak ill of a gambling sites without proper calculations . If he says there is an exploit at your site then there is, take his words and fix your site rather bashing through this thread because it is a harm to your business if you dont . The lost for you will be much more if you dont take his advice

P.S : Im fairly confident that the number of people rolling in your site might be 2x more than the usual number . With all of them trying to find how to get the +EV
legendary
Activity: 1288
Merit: 1043
:^)
big point here; even if they decide to pay out, their decisions in handling this entire matter were questionable at best, announcing their site as the subject of this thread was probably the biggest mistake, this is a lose-lose situation for them now.

Don't get me wrong, the owners of this site are giant morons, acting unimaginably unprofessional. They've basically gone all dadice, and made themselves toxic to anyone with a few braincells after the way they are acting now.

 But after seeing the nature of the exploit, it's obvious why you're acting like you are. You didn't exploit it, because you didn't think you could get away with it for long enough to make any money. And you didn't mention the site name, not out of fear of shaming them but because you knew the exploit was easy to find and didn't want anyone to give it to them for free. Wink

youre free to think what you want; but i didnt try and exploit it in any way after seeing it. i honestly tried to help the admin out but he dissuaded me from doing so. anyways, this has escalated into a rather interesting event.
copper member
Activity: 2996
Merit: 2374
I am not even sure that I would trust the site to pay out large wins that a +EV strategy would result in. The site is very new, has a tiny bankroll, and is acting very unprofessionally.

big point here; even if they decide to pay out, their decisions in handling this entire matter were questionable at best, announcing their site as the subject of this thread was probably the biggest mistake, this is a lose-lose situation for them now.

Yeah, and it's not only them at risk, but also investor's money.
Them being "confident" is totally going to bring a lot of people down.

Time to take a couple of last looks at the site lol.

great point, after this, their site is dead regardless of the outcome. inviting people to come and dump your bankroll and not even consulting with your investors? that's some special publicity right there.

How do you know we didn't notify our investors? Did you ask them? We have notified every single investor on site.
in my opinion, before pulling this sort of stunt you should notify your investors ahead of time and give them time to process their withdrawals, just go and pull the trigger and invite people to dump their investments. judging from the timeframe between the messages and the announcement you made, your investors had little to no time to make a decision regarding the matter.

Not sure if you understand how our system works. But one thing is sure, investors have priority before players. And almost all of our funds are on cold wallets. So all will receive their funds if they want to withdraw it.
So what you are saying is that if a player were to win with this strategy, that you would not pay out the player?

The fact that you have investors means that you need to act in their best interest. Not paying out a measly 1 btc bug bounty for something that you are most likely responsible for only shows how bad of an idea it is to invest at your site.
legendary
Activity: 854
Merit: 1000
Not sure if you understand how our system works. But one thing is sure, investors have priority before players. And almost all of our funds are on cold wallets. So all will receive their funds if they want to withdraw it.
thats good then, at least you ensure the safety of your investors' funds.

I actually found the exploit too lol.
seems everyone did. except the admin HAHA
legendary
Activity: 1288
Merit: 1043
:^)
Not sure if you understand how our system works. But one thing is sure, investors have priority before players. And almost all of our funds are on cold wallets. So all will receive their funds if they want to withdraw it.
thats good then, at least you ensure the safety of your investors' funds.
sr. member
Activity: 395
Merit: 255
crypto.games: #1 Gambling Site
I am not even sure that I would trust the site to pay out large wins that a +EV strategy would result in. The site is very new, has a tiny bankroll, and is acting very unprofessionally.

big point here; even if they decide to pay out, their decisions in handling this entire matter were questionable at best, announcing their site as the subject of this thread was probably the biggest mistake, this is a lose-lose situation for them now.

Yeah, and it's not only them at risk, but also investor's money.
Them being "confident" is totally going to bring a lot of people down.

Time to take a couple of last looks at the site lol.

great point, after this, their site is dead regardless of the outcome. inviting people to come and dump your bankroll and not even consulting with your investors? that's some special publicity right there.

How do you know we didn't notify our investors? Did you ask them? We have notified every single investor on site.
in my opinion, before pulling this sort of stunt you should notify your investors ahead of time and give them time to process their withdrawals, just go and pull the trigger and invite people to dump their investments. judging from the timeframe between the messages and the announcement you made, your investors had little to no time to make a decision regarding the matter.

Not sure if you understand how our system works. But one thing is sure, investors have priority before players. And almost all of our funds are on cold wallets. So all will receive their funds if they want to withdraw it.
legendary
Activity: 1288
Merit: 1043
:^)
I am not even sure that I would trust the site to pay out large wins that a +EV strategy would result in. The site is very new, has a tiny bankroll, and is acting very unprofessionally.

big point here; even if they decide to pay out, their decisions in handling this entire matter were questionable at best, announcing their site as the subject of this thread was probably the biggest mistake, this is a lose-lose situation for them now.

Yeah, and it's not only them at risk, but also investor's money.
Them being "confident" is totally going to bring a lot of people down.

Time to take a couple of last looks at the site lol.

great point, after this, their site is dead regardless of the outcome. inviting people to come and dump your bankroll and not even consulting with your investors? that's some special publicity right there.

How do you know we didn't notify our investors? Did you ask them? We have notified every single investor on site.
in my opinion, before pulling this sort of stunt you should notify your investors ahead of time and give them time to process their withdrawals, just go and pull the trigger and invite people to dump their investments. judging from the timeframe between the messages and the announcement you made, your investors had little to no time to make a decision regarding the matter.
Pages:
Jump to: