FlipTheBitcoin.com - Double Your Bets - 50/50 Chances

Stunna

legendary

Activity: 3192

Merit: 1279

Primedice.com, Stake.com

Quote from: WiseOldOwl on April 28, 2013, 03:25:41 PM

Seriously, you should thank fortress for the input.
He may be brash but he might have saved you some money.
I guess I am giving to much credit to the start ups.

Yeah, dodged a bullet there =p , best of luck to you with changes and re-opening.

Suushi

newbie

Activity: 40

Merit: 0

I'm still working on it. I'll release a new version hopefully end of this week

And then you can confirm that everything is legit as well.

wolongong

member

Activity: 66

Merit: 10

Can you open a test net equivalent?

Suushi

newbie

Activity: 40

Merit: 0

@WiseOldOwl - I already thanked him, please view the first post.
@Zaih - Well, I'm taking all the money that's lost and donate it for our local dog shelter..
@Blazr - Yes, I understand and I'm working on the provable method

Zaih

hero member

Activity: 504

Merit: 500

Wait, so there's no house edge?

WiseOldOwl

full member

Activity: 238

Merit: 100

Seriously, you should thank fortress for the input.
He may be brash but he might have saved you some money.
I guess I am giving to much credit to the start ups.

Suushi

newbie

Activity: 40

Merit: 0

@brules - I have shut down the website.. I'm working on the better method. Some great guys contacted me and I'm working with them right now. Everything will be fixed in the next update.

BRules

sr. member

Activity: 293

Merit: 250

Quote from: Suushi on April 25, 2013, 05:15:13 AM

@BRules - I'm sorry if that sentence is not grammatically correct, my first language is not English. Also what it means is since I'm using your IP address as a point where to stand and track everything it's possible that somebody might have access to your PC or network and use your IP as a proxy.. So they pretty much can come and steal your bitcoins. This is why I added that message.

really? you're binding my money with my IP? man, this isn't good.

- TOR users can forget about your site as the IP changes a lot when navigating through TOR.
- I'm behind a ADSL dynamic IP, so, if for some reason my internet connection resets, I will lost my money.
- both problems above can lead to someone getting my coins if they connect to your site before the 24hrs has passed
- lets suppose I have a fixed IP and for some reason I lost my intenet connection for more than 24hrs, I will lost my money.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote

Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.
Chinese Proverb

http://stackoverflow.com/a/195019/804495
https://www.owasp.org/index.php/Category:OWASP_Guide_Project
https://www.owasp.org/index.php/Data_Validation

You should not codez production stuff without at least skimming the whole guide

If you think I'm a bit rude, sorry but that is the point - to show that you need to rethink what you are doing. I would be happy to properly disclose your security vulnerabilities if you didn't choose to make a site handling money (without a clue of what you're doing) as one of your first projects.

People who try to do this need to be discouraged. We don't want another bitcoinica or instawallet.

Suushi

newbie

Activity: 40

Merit: 0

Yup there is 0 because I'm working on it so I could test it myself as well as other players.
So there won't be any weird situations like you are pointing it out.

I would be happy if you could point me to the right direction so I could fix it faster ?
Also it would be nice if you could test it little bit later when I have applied the fixes.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Here's another vulnerability you should fix (on top of no coins for withdrawals, and the "free btc")

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: Suushi on April 25, 2013, 07:37:23 AM

Do you still understand that I'm not doing this game for profit?

That doesn't excuse the fact that you are making a coinflip game with no bankroll. You also will not make any profit (to donate) on 50/50 coinflips. Don't get me wrong, a dice game where the profits are donated to charity is great, but it shouldn't be done as someone's first coding project.

What if someone actually deposits a bitcoin, flips, and wins 2 BTC? How are they going to get paid, because your site has 0 coins to pay out winnings.

Suushi

newbie

Activity: 40

Merit: 0

Do you still understand that I'm not doing this game for profit?
And still, you are not very helpful

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: Suushi on April 25, 2013, 07:32:22 AM

This is nice, thank you for that test. That was what I was looking for in the testers.
Don't worry, I'll send your coins back

This is how beta testing works.

My coins? I haven't deposited anything.

Quote

Also please stop acting so internet gangsta. If you want the best then give advice not brag what you can do. It makes you look stupid not very friendly

Please also have a clue of what you are doing before handling people's money. Really, how many times do I need to say this?

Also, how big is your site's bankroll? It seems like you don't have one at all...

Suushi

newbie

Activity: 40

Merit: 0

This is nice, thank you for that test. That was what I was looking for in the testers.
Don't worry, I'll send your coins back

This is how beta testing works.

Also, can you please pm me the way you did it so I could fix it.

--

Also please stop acting so internet gangsta. If you want the best then give advice not brag what you can do. It makes you look stupid not very friendly

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: Suushi on April 25, 2013, 07:24:58 AM

But why don't you answer if you know the answer?

Yes, rand is not 100% accurate, but I made a little video as well showing how accurate rand is:

http://screencast.com/t/A2kt5VOb

I'm not sure if you legitimately have no clue or are just trolling.

Bad PRNGs allows an attacker to predict the next outputs if they have collected enough outputs. Your randomness distribution does not matter, a bad PRNG like rand should not be used for gambling or cryptography even if it has a good distribution.

Also, it took me literally 2 minutes to hack your website and give myself a balance without depositing anything:

Suushi

newbie

Activity: 40

Merit: 0

But why don't you answer if you know the answer?

Yes, rand is not 100% accurate, but I made a little video as well showing how accurate rand is:

http://screencast.com/t/A2kt5VOb

* edit *

Also you might notice that there is a little "luck" element in rand

because gambling basically bases on your luck as well Wink

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: Suushi on April 25, 2013, 07:20:28 AM

Hmm okay, I'll make a little test. Tell me how many times number 1 will occur when random number is generated 100k times.

LOL

I need a series of RNG outputs.

Please read: http://en.wikipedia.org/wiki/Pseudorandom_number_generator
http://www.random.org/randomness/
https://bitcointalksearch.org/topic/a-guide-to-how-provably-fair-works-161236

You're not making a flash game here, you are handling people's money.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Srsly, it's as simple as this:

$secret = "foobar";

function flipCoin($txid){
return substr(decbin(ord(hash("sha256", $txid . $secret))), 0, 1);
}

echo flipCoin("ebd4d32e72ce9cf4cff1f0baeb1df6243f65f2e16300b839ab96d3f64ad22ba1");

Suushi

newbie

Activity: 40

Merit: 0

Hmm okay, I'll make a little test. Tell me how many times number 1 will occur when random number is generated 100k times.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

1. Yes, I can tell what the result will be if I play enough times. This is the problem of a PRNG, they go 123 -> 342 -> 492 -> 123 -> 342 except on a much larger scale.

Please learn this before handling other people's money.

2. Make it provably fair.

Suushi

newbie

Activity: 40

Merit: 0

Are you suggesting that it's possible to hack rand function?

Also there's nothing cryptographic about this system it's just a random choice between 0 or 1

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

First of all, you are using rand. That is not cryptographically secure.

Quote

Caution

This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.

secondly, read this: https://bitcointalksearch.org/topic/a-guide-to-how-provably-fair-works-161236

You can't prove to me that your odds are 50/50. Provably fair lets you prove it and let anyone else verify it.

Suushi

newbie

Activity: 40

Merit: 0

@BRules - I'm sorry if that sentence is not grammatically correct, my first language is not English. Also what it means is since I'm using your IP address as a point where to stand and track everything it's possible that somebody might have access to your PC or network and use your IP as a proxy.. So they pretty much can come and steal your bitcoins. This is why I added that message.

@TradeFortress - Explain me, what "fair" means

This game is simple and everything works pretty much like this:

Code:

$rand = rand(0, 1)

if($rand == 1)
{
// You will win
}
else
{
// You will lose
}

It's super simple.

@WiseOldOwl - Thank you for your input

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: WiseOldOwl on April 25, 2013, 04:26:35 AM

Stop asking people to do this, if they felt it was in their blueprint or plans it would be included.

I'm expressing my feedback which is "make it provably fair". Given how a new bitcoin casino (without provably fairness and usually also without a clue on how to not get trapped w/ doublespending) pops up at the rate of 2 per day, I really cannot be bothered to "It would be easier to garner trust in this specific community (which is small and insignificant in gambling terms) by providing a service to prove the fairness of your bets...just a suggestion"

The issue is it is very hard to tell if a coin flip site actually has 50/50 chances, or 49/51 chances, or 45/55 chances. When there's something that allows everyone to verify their odds and RNG are fair, then there's no reason to not do it short of the development time. I don't think most people realize that you are handling other people's money.

WiseOldOwl

full member

Activity: 238

Merit: 100

Quote from: 🏰 TradeFortress 🏰 on April 25, 2013, 12:57:00 AM

Make it provably fair.

Stop asking people to do this, if they felt it was in their blueprint or plans it would be included.
It just annoying now. Just dont play if you dont think he is fair. Additionally, He may not even know what that is. You could say something like, "It would be easier to garner trust in this specific community (which is small and insignificant in gambling terms) by providing a service to prove the fairness of your bets...just a suggestion" You make it sound like it is a requirement or something even though like no gambling site ever has ever brought that up or offered such a service to its patrons.
Shut up about provably fair for gods sakes
it will reveal itself through analytics if you really care so much.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

EDIT: Pwnt. Seriously, a site handling money of any kind should not be your first project.

Quote

Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.
Chinese Proverb

http://stackoverflow.com/a/195019/804495
https://www.owasp.org/index.php/Category:OWASP_Guide_Project
https://www.owasp.org/index.php/Data_Validation

If you think I'm a bit rude, sorry but that is the point - to show that you need to rethink what you are doing. I would be happy to properly disclose your security vulnerabilities if you didn't choose to make a site handling money (without a clue of what you're doing) as one of your first projects.

People who try to do this need to be discouraged. We don't want another bitcoinica or instawallet.

Also helpful reading: https://bitcointalk.org/index.php?topic=124441.120

BRules

sr. member

Activity: 293

Merit: 250

"Our system will remove your
balance in 24 hours after playing.
We do it to protect players."

Can you explain in more details this sentence?

Suushi

newbie

Activity: 40

Merit: 0

Hey guys!

I had some free time and I decided to create a simple Bitcoin game called "Flip The Bitcoin".

Address: http://flipthebitcoin.com

This game is still in beta state and I'm looking for people who are interested in helping me with testing this game. Please tell me when you find something suspicious or some holes in the game.

It basically works exactly like a real coin flipping game. You flip the coin and if that side lands that you chose you will win and double your bet that will be added to your balance.

If you are ready to withdraw your winnings, just go to withdraw page and your Bitcoins will be sent to your address instantly.

---

One of the reasons besides the free time was to collect money to our local dog shelter. So all the money that doesn't go to the winnings will go to our local dog shelter.
If I collect enough money, I will post pictures/videos as well.

---

If you have questions, please PM me here, answer to this post or email me: support - at - flipthebitcoin - com

---

For beta testers:

Please email me all the bugs that you can find.
Also if you are interested in translating this game into your language, please email me.

---

For supporters:

Please put the following code to your signature:

Code:

[url=https://bitcointalk.org/index.php?topic=186637.0]FlipTheBitcoin.com - Double Your Bets - 50/50 Chances[/url]

---

People I would like to thank for help:

TradeFortress - For being rude, but pointing out the problems

Thank you in advance

Topic: FlipTheBitcoin.com - Double Your Bets - 50/50 Chances (Read 2110 times)