Author

Topic: hello, i've recently launched a provably fair hourly bitcoin lottery website (Read 100 times)

newbie
Activity: 5
Merit: 0
Gotcha that would make sense and be a nice feature to add. And hey, thanks for your thoughtful responses. These are all valid concerns I must address
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
If a user wants to verify the payouts, they need to download the code and run it, yes. They can play the game without verifying the payouts though. I just need to provide a mechanism for users to verify the fairness if they wish to...
I'm not trying to discourage you or conclude it is not provable fair.I'm an avid JavaScript developer and I know what problems it may give when you leave the verification part to the script.The easiest way I could have made it possible is by providing a space for user to verify the script.He inputs the initial values or whatever the lottery suggests, and have them run through my server or console and give users the updated modified value.If users doubt the value isn't true, they can always run the script locally and get the same data.
newbie
Activity: 5
Merit: 0
If a user wants to verify the payouts, they need to download the code and run it, yes. They can play the game without verifying the payouts though. I just need to provide a mechanism for users to verify the fairness if they wish to...


edit: Ahh! I see the issue I think you're raising. Potentially I could change the contents of verifyscript.js every round in order to cheat. So I need to prove that this verifyscript.js doesn't change. So I need to post this script somewhere (on a forum like this), where it can be quoted and timestamped by others
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
The script linked is not being run on the client side. I run the selection algorithm on a private computer, then broadcast the results to my site's database.
How can we verify the script run on the remote computer is same as the script shown on your website ? Also, is there a way to change any constants and rebroadcast the updated data by the algorithm ?

My web server than sees the update by querying the database. I provide the verifyscript.js to the client so they can, on their own, download the file and run it via node on their private computer. So verifyscript.js doesn't actually execute unless the user downloads it onto their private computer, installs the necessary packages, and runs it from their own command line. Sorry for the confusion - does that make more sense?
No it doesn't make any sense to me.Do you think it will make sense to the actual players ? So a user needs to download the script and run it from their own command-line ? Don't you think this is a bit complicated ?
newbie
Activity: 5
Merit: 0
The script linked is not being run on the client side when they use the site. I run the selection algorithm on a private computer, then broadcast the results to my site's database. My web server than sees the update by querying the database. I provide the verifyscript.js to the client so they can, on their own, download the file and run it via node on their private computer. They do this if they want to verify the fairness of a previous round. So verifyscript.js doesn't actually execute unless the user downloads it onto their private computer, installs the necessary packages, and runs it from their own command line. And even then, it's only to verify that I have selected the results according to the published algorithm. Sorry for the confusion - does that make more sense?
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
You sure the fairness tab as describes, the future rolls of the lottery will also be provable fair ? Since the script is written in vanilla javascript and carried on the client side,do you think it will be safe from the cross script injection attacks ? I'm really comfortable about scripts written in JavaScript when something as serious as this is considered.It would have been a different thing if everything was validated through a node server.
newbie
Activity: 5
Merit: 0
I'm hoping that anyone who is interested can identify that my selection algorithm is indeed provably fair. I'm also hoping to get the word out about my site! The site is called Satoshi Pot.

The url is: satoshipot.org.

On the main page (after clicking "play"), there is a Fairness tab that describes how it is provably fair, and includes a link to a verification script. Here's a summary:

We have hour-long lotteries. People can purchase tickets by signing up and sending bitcoin payments to their provided Ticket Address. Any payments that have received 1 block confirmation by the end of the round will result in tickets being awarded to that user. At the end of each round, we use the hash of the most recent Bitcoin block to seed a Pseudo-Random Number Generator (PRNG). We then sort all the entries alphabetically by username (all usernames are unique), and run our selection algorithm using the seeded PRNG. This creates a provably random outcome so that nobody (including us) can cheat the system. Please let me know your thoughts! And of course I'd be thrilled if you played as well Smiley
Jump to: