FlipTheBitcoin.com - Double Your Bets - 50/50 Chances

Stunna

legendary

Activity: 3192

Merit: 1279

Primedice.com, Stake.com

Quote from: WiseOldOwl on April 28, 2013, 03:25:41 PM

Seriously, you should thank fortress for the input.
He may be brash but he might have saved you some money.
I guess I am giving to much credit to the start ups.

Yeah, dodged a bullet there =p , best of luck to you with changes and re-opening.

Suushi

newbie

Activity: 40

Merit: 0

I'm still working on it. I'll release a new version hopefully end of this week

And then you can confirm that everything is legit as well.

wolongong

member

Activity: 66

Merit: 10

Can you open a test net equivalent?

Suushi

newbie

Activity: 40

Merit: 0

@WiseOldOwl - I already thanked him, please view the first post.
@Zaih - Well, I'm taking all the money that's lost and donate it for our local dog shelter..
@Blazr - Yes, I understand and I'm working on the provable method

Zaih

hero member

Activity: 504

Merit: 500

Wait, so there's no house edge?

WiseOldOwl

full member

Activity: 238

Merit: 100

Seriously, you should thank fortress for the input.
He may be brash but he might have saved you some money.
I guess I am giving to much credit to the start ups.

Suushi

newbie

Activity: 40

Merit: 0

@brules - I have shut down the website.. I'm working on the better method. Some great guys contacted me and I'm working with them right now. Everything will be fixed in the next update.

BRules

sr. member

Activity: 293

Merit: 250

Quote from: Suushi on April 25, 2013, 05:15:13 AM

@BRules - I'm sorry if that sentence is not grammatically correct, my first language is not English. Also what it means is since I'm using your IP address as a point where to stand and track everything it's possible that somebody might have access to your PC or network and use your IP as a proxy.. So they pretty much can come and steal your bitcoins. This is why I added that message.

really? you're binding my money with my IP? man, this isn't good.

- TOR users can forget about your site as the IP changes a lot when navigating through TOR.
- I'm behind a ADSL dynamic IP, so, if for some reason my internet connection resets, I will lost my money.
- both problems above can lead to someone getting my coins if they connect to your site before the 24hrs has passed
- lets suppose I have a fixed IP and for some reason I lost my intenet connection for more than 24hrs, I will lost my money.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote

Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.
Chinese Proverb

http://stackoverflow.com/a/195019/804495
https://www.owasp.org/index.php/Category:OWASP_Guide_Project
https://www.owasp.org/index.php/Data_Validation

You should not codez production stuff without at least skimming the whole guide

If you think I'm a bit rude, sorry but that is the point - to show that you need to rethink what you are doing. I would be happy to properly disclose your security vulnerabilities if you didn't choose to make a site handling money (without a clue of what you're doing) as one of your first projects.

People who try to do this need to be discouraged. We don't want another bitcoinica or instawallet.

Suushi

newbie

Activity: 40

Merit: 0

Yup there is 0 because I'm working on it so I could test it myself as well as other players.
So there won't be any weird situations like you are pointing it out.

I would be happy if you could point me to the right direction so I could fix it faster ?
Also it would be nice if you could test it little bit later when I have applied the fixes.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Here's another vulnerability you should fix (on top of no coins for withdrawals, and the "free btc")

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: Suushi on April 25, 2013, 07:37:23 AM

Do you still understand that I'm not doing this game for profit?

That doesn't excuse the fact that you are making a coinflip game with no bankroll. You also will not make any profit (to donate) on 50/50 coinflips. Don't get me wrong, a dice game where the profits are donated to charity is great, but it shouldn't be done as someone's first coding project.

What if someone actually deposits a bitcoin, flips, and wins 2 BTC? How are they going to get paid, because your site has 0 coins to pay out winnings.

Suushi

newbie

Activity: 40

Merit: 0

Do you still understand that I'm not doing this game for profit?
And still, you are not very helpful

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: Suushi on April 25, 2013, 07:32:22 AM

This is nice, thank you for that test. That was what I was looking for in the testers.
Don't worry, I'll send your coins back

This is how beta testing works.

My coins? I haven't deposited anything.

Quote

Also please stop acting so internet gangsta. If you want the best then give advice not brag what you can do. It makes you look stupid not very friendly

Please also have a clue of what you are doing before handling people's money. Really, how many times do I need to say this?

Also, how big is your site's bankroll? It seems like you don't have one at all...

Suushi

newbie

Activity: 40

Merit: 0

This is nice, thank you for that test. That was what I was looking for in the testers.
Don't worry, I'll send your coins back

This is how beta testing works.

Also, can you please pm me the way you did it so I could fix it.

--

Also please stop acting so internet gangsta. If you want the best then give advice not brag what you can do. It makes you look stupid not very friendly

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: Suushi on April 25, 2013, 07:24:58 AM

But why don't you answer if you know the answer?

Yes, rand is not 100% accurate, but I made a little video as well showing how accurate rand is:

http://screencast.com/t/A2kt5VOb

I'm not sure if you legitimately have no clue or are just trolling.

Bad PRNGs allows an attacker to predict the next outputs if they have collected enough outputs. Your randomness distribution does not matter, a bad PRNG like rand should not be used for gambling or cryptography even if it has a good distribution.

Also, it took me literally 2 minutes to hack your website and give myself a balance without depositing anything:

Suushi

newbie

Activity: 40

Merit: 0

But why don't you answer if you know the answer?

Yes, rand is not 100% accurate, but I made a little video as well showing how accurate rand is:

http://screencast.com/t/A2kt5VOb

* edit *

Also you might notice that there is a little "luck" element in rand

because gambling basically bases on your luck as well Wink

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: Suushi on April 25, 2013, 07:20:28 AM

Hmm okay, I'll make a little test. Tell me how many times number 1 will occur when random number is generated 100k times.

LOL

I need a series of RNG outputs.

Please read: http://en.wikipedia.org/wiki/Pseudorandom_number_generator
http://www.random.org/randomness/
https://bitcointalksearch.org/topic/a-guide-to-how-provably-fair-works-161236

You're not making a flash game here, you are handling people's money.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Srsly, it's as simple as this:

$secret = "foobar";

function flipCoin($txid){
return substr(decbin(ord(hash("sha256", $txid . $secret))), 0, 1);
}

echo flipCoin("ebd4d32e72ce9cf4cff1f0baeb1df6243f65f2e16300b839ab96d3f64ad22ba1");

Suushi

newbie

Activity: 40

Merit: 0

Hmm okay, I'll make a little test. Tell me how many times number 1 will occur when random number is generated 100k times.

Topic: FlipTheBitcoin.com - Double Your Bets - 50/50 Chances (Read 2110 times)