Pages:
Author

Topic: Decentralised Gambling Game vDice Announces Crowdsale - page 3. (Read 4730 times)

legendary
Activity: 2716
Merit: 2093
Join the world-leading crypto sportsbook NOW!
Some interesting notes from the October Audit mentioned in your ($49) press release.

It's no doubt that you have the right to make a comment but it looks like you're enjoying making caustic remarks about other people and finding some fault . If you don't like this project or doubt that you could make one yourself. Just my opinion.


I don't like it when people use deceptive tactics to try and convince innocent people to give them money.  I call them out because I think it's the right thing to do.  I know it's hard to believe, but I have no other motivation other than helping honest people not get scammed.

It looks like you are trying to make me out to be nothing more than a troll in attempt to validate OPs inevitable decision to ignore me and anyone else they choose. 
hero member
Activity: 785
Merit: 502
Really the issue is what RHavar wrote it's not truly decentralized if using centralized sites. I wish I could offer a way to actually help solve this dilemma but it's above my pay grade. Good luck
legendary
Activity: 1193
Merit: 1001
Chinese translator
Some interesting notes from the October Audit mentioned in your ($49) press release.

It's no doubt that you have the right to make a comment but it looks like you're enjoying making caustic remarks about other people and finding some fault . If you don't like this project or doubt that you could make one yourself. Just my opinion.
legendary
Activity: 2716
Merit: 2093
Join the world-leading crypto sportsbook NOW!
Some interesting notes from the October Audit mentioned in your ($49) press release.

Quote
Participants in the vdice smart contract bear a small amount of risk from the
‘house’ being a bad actor, and from a bad actor internal to Oraclize. Some
details are contained in the comments below. Vdice and Oraclize have responses
about these risks.

Quote
House Always wins?
Is it your intent to accrue all losses to investors and only accrue earnings to the
house? That’s how it’s currently written in isWinningBet/isLosingBet.

Quote
The “house” has some control of the contract. The house can trigger the
emergency at will, and can also increase the safe gas limit, allowing for some
recursive calls to be made, but I do not see significant benefits to the house for
a recursive call here.
Oraclize has some previously published attack vectors, in particular, they can
replay winning (or losing) bets at random.org until the desired number is
returned, and offer that TLS-Notarized proof. This would not be incentivized at
a corporate level, that is, I do not believe Oraclize would gain financially from
pursuing this strategy. But, it may be incentivized at an individual employee
level; consider an Oraclize employee that is a victim of extortion
legendary
Activity: 2716
Merit: 2093
Join the world-leading crypto sportsbook NOW!
It looks like TechInAsia has picked up on the hacked piece.

Geez. Do you really think everyone here that dumb? You've paid. They've not picked.

See, at the end of the post, small notice: "This is a sponsored story."

Regards,
Alex.

We didn't pay a cent for that article thanks.
Some guy contacted after the Hacked.com piece.

-- Edit: Just asked the writer to confirm that in the thread.


Well the "sponsored article" label was removed from the end of the article.

Also, it seems like it's just a community post now,  written by James Davies: https://www.techinasia.com/profile/james-davies

James Davies has made 1 contribution (the post were talking about) to techinasia

He seems reluctant to disclose his relationship with vDice...

full member
Activity: 194
Merit: 100
It looks like TechInAsia has picked up on the hacked piece.

Geez. Do you really think everyone here that dumb? You've paid. They've not picked.

See, at the end of the post, small notice: "This is a sponsored story."

Regards,
Alex.

We didn't pay a cent for that article thanks.
Some guy contacted after the Hacked.com piece.

-- Edit: Just asked the writer to confirm that in the thread.
sr. member
Activity: 247
Merit: 250
I think vDice should hire someone with experience developing and running a successful, provably fair crypto-based casino.

We already do. 3 people in fact. The extended vDice team is almost 30 people now. Some are subcontractors and some work directly.

We have, on our website, the head of each department overseeing important parts of operations.

When ico? How much btc and eth is your target?

ICO is November 15th - December 15th : https://crowdsale.vdice.io

There is a lot of interest picking up.
People are very interested in the vDice brand and platform.

Everyone is telling us they like that the product is real and works already. So they believe in us.

There is an upper limit of 700k ETH on the ICO smart contract. This was after discussion with our partners in China and Russia.

Mostly this is for security reasons. It is bad security practice to have an ICO Smart Contract with no upper limit.
So the ICO is defined by its end at December 15th or 700k eth, whichever comes first.

Then that is all the tokens that will exist and there will be no more. There is limited supply.

There is A LOT of interest from China and Russia markets at the moment. So that is very encouraging.



partners in China and Russia? Who? Will they get commissions from ico?
hero member
Activity: 776
Merit: 522
It looks like TechInAsia has picked up on the hacked piece.

Geez. Do you really think everyone here that dumb? You've paid. They've not picked.

See, at the end of the post, small notice: "This is a sponsored story."

Regards,
Alex.
hero member
Activity: 776
Merit: 522
I think vDice should hire someone with experience developing and running a successful, provably fair crypto-based casino.

They can't as Rhavar said, they have to use some services to receive data, no matter what data it is. I remember now why we throw away idea of smart contracts, there's no way to get genuine random number on smart contracts, that's why they use 3rd party smart contract to get it ( they could use their own smart contract, but that's centralised right? Smiley ) So they user random.org's smart contract to get random numbers. But the whole idea of being decentralized falling apart by flaws in design. And they not even first, first such project was hacked because they've used some pseudo random thing to get over this limitation and didn't test it enough. Happens.

PS: I do trust centralised casino's, rather than pseudo decentralized projects Smiley I think people learn, DAO already proved that all good things come to an end, but they was able to recover by making a hard fork, do you think they will do another one for you in case you will mess somewhere? Or you will pay investors from your own pocket?

Regards,
Alex.
full member
Activity: 194
Merit: 100
It looks like TechInAsia has picked up on the hacked piece.

Interest is growing in Asia for the decentralization of gambling.

https://www.techinasia.com/talk/blockchain-decentralizing-gambling



QUOTE FROM ARTICLE:

"How blockchain is decentralizing gambling:

Now there is a host of exciting new startups reimagining the gambling industry. They are decentralizing the entire structure and are building something truly new.

VDice is one example of such a startup. It is billed as the world’s first fully decentralized gambling platform. It went live this June and is already wildly popular amongst blockchain geeks. Using the Ethereum blockchain, they have leveraged Smart Contract technology and have created game codes that exist without a server. These games live on the Ethereum P2P network."


This was inspired from a piece in hacked.com it seems:

https://hacked.com/vdice-io-the-worlds-first-full-decentralized-gambling-platform-ethereum-or-blockchain-tech/
full member
Activity: 194
Merit: 100
I think vDice should hire someone with experience developing and running a successful, provably fair crypto-based casino.

We already do. 3 people in fact. The extended vDice team is almost 30 people now. Some are subcontractors and some work directly.

We have, on our website, the head of each department overseeing important parts of operations.

When ico? How much btc and eth is your target?

ICO is November 15th - December 15th : https://crowdsale.vdice.io

There is a lot of interest picking up.
People are very interested in the vDice brand and platform.

Everyone is telling us they like that the product is real and works already. So they believe in us.

There is an upper limit of 700k ETH on the ICO smart contract. This was after discussion with our partners in China and Russia.

Mostly this is for security reasons. It is bad security practice to have an ICO Smart Contract with no upper limit.
So the ICO is defined by its end at December 15th or 700k eth, whichever comes first.

Then that is all the tokens that will exist and there will be no more. There is limited supply.

There is A LOT of interest from China and Russia markets at the moment. So that is very encouraging.

full member
Activity: 194
Merit: 100
After reading discussion of RHavar with vDice team I gotta say that this project looks very complicated. To the point I can't even grasp how exactly this works.
Also Twitchy is right, you probably need someone experienced with Provably Fair mechanisms - unless your smart contract is totally different that standard Provably Fair systems...

We already have such team members.

The project is not that complicated. It's a smart contract ; a couple of hundred lines of code.

Actually, it's a lot simpler than a lot of centralized game services.
Because we don't have to worry about securing Hot Wallets from hackers and thieves.

Most of our developers that come from centralized games love working on our project.
They don't have to spend all day dealing with security and attacks on hot wallets, stolen funds.

That allows them to build the vDice platform.

Remember this story:
https://www.hackread.com/gambling-site-hacked-bitcoin-stolen/

Or this:
http://themerkle.com/bitstarz-refuses-to-pay-out-players-bitcoin-earnings-and-demands-credit-card-scans/

Blockchain gambling is important. It will be a huge part of the industries future. It will be successful.

The guy above wants to discuss the technology at a deep level.
That's why it seem complicated. It's not.

Actually it's a lot simpler in many way to centralized services. We believe in simplicity at vDice.
sr. member
Activity: 247
Merit: 250
I think vDice should hire someone with experience developing and running a successful, provably fair crypto-based casino.

We already do. 3 people in fact. The extended vDice team is almost 30 people now. Some are subcontractors and some work directly.

We have, on our website, the head of each department overseeing important parts of operations.

When ico? How much btc and eth is your target?
full member
Activity: 194
Merit: 100
I think vDice should hire someone with experience developing and running a successful, provably fair crypto-based casino.

We already do. 3 people in fact. The extended vDice team is almost 30 people now. Some are subcontractors and some work directly.

We have, on our website, the head of each department overseeing important parts of operations.
legendary
Activity: 1288
Merit: 1000
After reading discussion of RHavar with vDice team I gotta say that this project looks very complicated. To the point I can't even grasp how exactly this works.
Also Twitchy is right, you probably need someone experienced with Provably Fair mechanisms - unless your smart contract is totally different that standard Provably Fair systems...
legendary
Activity: 2716
Merit: 2093
Join the world-leading crypto sportsbook NOW!
I think vDice should hire someone with experience developing and running a successful, provably fair crypto-based casino.
legendary
Activity: 1463
Merit: 1886
The game works and the code is well tested. Go review it yourself.

I have =)


Quote
There is no need to be aggressive and start making wild, unfounded accusations. Let’s keep it civil please!

Sure, I'm merely asking some questions which you aren't giving a straight answer to =)

Quote
We have some of the finest developers in Ethereum on our team.

This I have no doubt

Quote
Our coders and game are live, working and can be verified. We are obviously legitimate.

Now, I have no idea why you are posting the same questions, over and over, in EVERY forum.  Huh

Because you have been ignoring my questions for days, which make me believe you are hiding something Grin I would think "blockchain nerds" like yourselves, would be happy to discuss things on a technical level


Quote
Requesting to kindly keep this just one forum.
It's really annoying to have to go and paste the same answer over and over again.

Sure, I'd be happy to keep it here if you reply to me here.

Quote
The very reason why the authenticated JSON-RPC APIs of random.org are used, is because of the "requestsLeft" field which is returned by each API call response ( https://api.random.org/json-rpc/1/signing ). This field content is tied to the API credentials specified in the query and is there to indicate how many requests are left in a given day.

However, AFAICT your contract never actually checks the "requestsLeft" field or the ids. Am I wrong? You also provide no tooling to check if any are skipped. Furthermore, this does not provide protection against oraclize making 2 or more requests at the same time, and re-arranging them. I would assume a properly designed contract would have an explicit checks for the id that it expects, and only accept a result that matches the one it expects?

Furthermore, using a service like random.org seems backwards, because there is absolutely no guarantee they're giving you a fair result. Contrast this provably fair bitcoin gambling services, where a cryptographic proof exists that the number was fair.

Quote
If we check all the TLSNotary proofs published on the blockchain (which contain the whole API response!), an independent auditor can verify whether any subsequent number in the "requestsLeft" fields is missing - when that happens, the auditor has a good indicator that something wrong happened (either on the Oraclize side - which sent more requests than expected - or by any external party knowing that specific API key (vDice itself & random.org)).

Why do you verify the TLS, when api.random.org actually provides its *own* signature. Checking the api.random.org signature seems to be the correct thing to do, not the TLS one. By verifying the TLS signature instead of the api.random.org one, it just introduces more opportunities for a party to cheat (notably: cloudflare, which the requests are going though).

Quote
Of course this doesn't say much about the intent in itself (can just be some failure in the HTTP request, which had to be sent again), but in general it provides some level of security against replay attacks.

Well, then it's not really provably fair as a player/investor has no way to distinguish being cheated with "http request failure"

Quote
I could go on forever about this. But, as I said before, it is an issue of centralization v decentralization.

Again this is nonsense. You have 1 decentralized part (ethereum contract) and 3 centralized single-points-of-failure (orclize, cloudflare, random.org). Players have significant less protections than playing at a current bitcoin gambling site, with a better user experience. I fail to see a single*advantage that your site offers a player, other than affording you the possibility of getting rich with an ICO
full member
Activity: 194
Merit: 100
Hacked.com Feature Piece on vDice is Live!

https://hacked.com/vdice-io-the-worlds-first-full-decentralized-gambling-platform-ethereum-or-blockchain-tech/

vDice.io, launched in June as the 1st FULLY decentralized gambling game.

Running on the first programmable P2P network, vDice will host a crowdsale from Nov. 15 - Dec. 15.
In exchange for Ether (ETH), investors will receive “vSlice” tokens, each of which is directly tied to the profits of the game.

The “vSlice” token will regularly distribute profits of the vDice game to token holders.

full member
Activity: 194
Merit: 100
I don't understand. You're saying you trust centralized more than decentralized   Huh

We respectfully disagree. That's why we love blockchain.
That's why we made the world's 1st FULLY decentralized gambling platform.

There are technical arguments we both can make.
But I think people in Bitcoin forum understand why decentralization is important.

wth? If this is your serious reply, I'm starting to suspect another ICO scam coin. My concerns are laid out pretty straight forward:

* random.org  can cheat (by picking any number they want)
* cloudflare can cheat (by signing any number they want)
* oraclize can cheat, by calling random.org as many times as they want and picking the result they most like (or reusing results?)


And not only can they cheat, they can undetectable do so.  And you dodge the question with "You're saying you trust centralized more than decentralized   Huh"

which is beside the point, and I believe nonsense as you're calling centralized services. It's like call "untitled dice" decentralized, as it's a serverless gambling app -- but the reality is it uses a centralized service (moneypot). Same with yours, you might not need to run a server, but random.org, cloudflare and oraclize all need to.


The game works and the code is well tested. Go review it yourself.
There is no need to be aggressive and start making wild, unfounded accusations. Let’s keep it civil please!

We have some of the finest developers in Ethereum on our team.
Our coders and game are live, working and can be verified. We are obviously legitimate.

Now, I have no idea why you are posting the same questions, over and over, in EVERY forum.   Huh

Requesting to kindly keep this just one forum.
It's really annoying to have to go and paste the same answer over and over again.

Anyway, these concerns are addressed in our 3rd Party Audit by Peter Vessenes.
You can read that here: https://blog.vdice.io/wp-content/uploads/2016/10/vdice_game_code_audit_october_2016.pdf

For his credentials as an auditor you can google him or go to his security blog: http://vessenes.com

That is on our website. Along with all other documentation.

As an addendum to the audit, in relation to Oraclize and Replay issue (which I am guessing you allude to):

The very reason why the authenticated JSON-RPC APIs of random.org are used, is because of the "requestsLeft" field which is returned by each API call response ( https://api.random.org/json-rpc/1/signing ). This field content is tied to the API credentials specified in the query and is there to indicate how many requests are left in a given day.

If we check all the TLSNotary proofs published on the blockchain (which contain the whole API response!), an independent auditor can verify whether any subsequent number in the "requestsLeft" fields is missing - when that happens, the auditor has a good indicator that something wrong happened (either on the Oraclize side - which sent more requests than expected - or by any external party knowing that specific API key (vDice itself & random.org)). Of course this doesn't say much about the intent in itself (can just be some failure in the HTTP request, which had to be sent again), but in general it provides some level of security against replay attacks.   


Otherwise, perhaps you are suggesting the oracle might have requested random numbers until a matching one >shows up? In which case:

Random.org JSON responses have a consecutive ID, so if we dropped some to advange ourselves in the game, by checking all of the bets and their respective responses it would be evident: at the end of the day, there would be some JSON responses missing, i.e ID 1, 2,3.. 5,6 present but 4 missing.

Further information on TLS notary:

With TLS notary (by the author of it in IRC), the third party has to keep the data to prevent the source from manipulating their data and making it seem as though your captured data is actually not authentic. In other words, a lying "I never said that!" from the webhost people.

It actually is secure because it is like when you browse to a HTTPS secure site, you are able to see provably that they are X company (if you inspect the certificates). TLS Notary is essentially able to record those bytes in such a way that you can play them back later so you can authenticate the bytes again! Very ingenious. (But the math of how it does this in the whitepaper goes above my head. https://tlsnotary.org/TLSNotary.pdf)

the notary server used at the moment is the default tlsnotarygroup1 notary - which is an "AWS oracle", as described here. So there is nobody having access to the secret, as you can easily verify indipendently by following these instructions and giving a look at the actual code for the pagesigner-oracles.

There are some great videos explaining this further. Here is one:
https://www.youtube.com/watch?v=b4ukd4I8S9A

I could go on forever about this. But, as I said before, it is an issue of centralization v decentralization.

vDice is fully decentralized in that there is no server architecture. There are 3rd party providers that do run some server architecture. But they are not part of vDice directly. They just give it what it needs. So, vDice is still serverless.
legendary
Activity: 1463
Merit: 1886
I don't understand. You're saying you trust centralized more than decentralized   Huh

We respectfully disagree. That's why we love blockchain.
That's why we made the world's 1st FULLY decentralized gambling platform.

There are technical arguments we both can make.
But I think people in Bitcoin forum understand why decentralization is important.

wth? If this is your serious reply, I'm starting to suspect another ICO scam coin. My concerns are laid out pretty straight forward:

* random.org  can cheat (by picking any number they want)
* cloudflare can cheat (by signing any number they want)
* oraclize can cheat, by calling random.org as many times as they want and picking the result they most like (or reusing results?)


And not only can they cheat, they can undetectable do so.  And you dodge the question with "You're saying you trust centralized more than decentralized   Huh"

which is beside the point, and I believe nonsense as you're calling centralized services. It's like call "untitled dice" decentralized, as it's a serverless gambling app -- but the reality is it uses a centralized service (moneypot). Same with yours, you might not need to run a server, but random.org, cloudflare and oraclize all need to.
Pages:
Jump to: