Introducing BIT-CHIKUN.COM, worlds first bitcoin game which is also an ecosystem

RHavar

legendary

Activity: 1463

Merit: 1886

Quote from: derrend on June 12, 2016, 12:00:32 AM

The same can be said for most of the bitcoin exchanges and some of them handle missions of $$ per day.

No, that's not the case. Bitcoin exchanges are provably fair by default. I mean, if I deposit $1000 to bitstamp and they only give me $500, then I know I was ripped off. Hence it's provably fair. With your site, I have no way of knowing if I got ripped off, which is what makes it not provably fair.

The advice I give to people wrt to provably fair, imagine you were an evil bastard absolutely intent on stealing peoples money. Think about how you could steal their money without them noticing (e.g. using house bots that see how much they deposited and then beating them). Now, if you could come up with a way to steal peoples money undetectably, then the game is not provably fair. If you can steal money, but they will be able to see that you stole their money, then the game is provably fair.

RHavar

legendary

Activity: 1463

Merit: 1886

Quote from: derrend on June 11, 2016, 11:25:08 PM

I must be wrong about the complexity of the encryption then, feel free to check out the certificate on the website

...or maybe you should Grin

Just go to your website with chrome, click on the lock next to https and go "details" to see the cert. Hint: it's RSA 2048 bits (e 65537).

Quote

Nessus scan picked up nothing over "info" priority.

Um ok? So that just shows they don't check for CVE-2016-2107 vulnerability, that doesn't make it secure. See: https://dl.dropboxusercontent.com/spa/rmczv2tqcr196vz/gahrpmvr.png

Quote

You are right about that, we go into greater detail on reddit: https://redd.it/4msogu

If i'm right about it, maybe you should, you know, edit your advertisements to avoid making those claims (about being identified and accountable) ><

Normally I'd assume someone making fake claims like that is malicious, but I think in your case you genuinely don't know how this stuff works :/

Also on a side not (from reading that reddit thread) it seems you misunderstand provably fair. Being open-source and provably fair are orthogonal. Even if we can review or assume the open-sourced code is completely fair, we have no way of knowing that you are running that exact version on your server.

derrend

hero member

Activity: 707

Merit: 505

Quote from: WaffleMaster on June 11, 2016, 11:26:08 PM

Yeah... I don't like that it's just a "Oh that guy deposited more than you, you lost" because that means its not provable then is it. Just trust the website that it is true. So they can snipe any deposit... and also the game just feels weird that you have to trust the website with more Bitcoin to produce wins. It feels like a sketchy game.

I understand what you are saying. We only hold the funds for 1 confirmation, we published the source code and we publish the results for what it's worth.
The same can be said for most of the bitcoin exchanges and some of them handle missions of $$ per day.

WaffleMaster

hero member

Activity: 966

Merit: 546

Quote from: ?? on ??

Quote from: derrend on June 11, 2016, 05:08:14 PM

A word on security:
All of our sites traffic is processed using HTTPS 128-bit encryption for maximum privacy and security.

Also this shows that we have registered with a trustworthy certificate authority and can be identified/held accountable for any fraudulent activity were it to occur on our site.

Huh? First of all, there's no way your key is 128 bits, no browser is going to accept a key that weak. Secondly your server is vulnerable to the recent padding oracle attack ( https://www.openssl.org/news/secadv/20160503.txt ) which almost invalidates the point of using https

And lastly, "and can be identified/held accountable" is blatant misinformation. Your certificate (DV SSL) shows one thing, and one thing only: that it was issued to someone who controls the domain. I'm going to guess you already know this based on the fact you never had to prove who you were.

And " for any fraudulent activity" is a empty claim, as you because as you know any cheating is 100% undetectable, as your game make no effort to be provably fair, and players have to 100% trust you that they lost =)

Yeah... I don't like that it's just a "Oh that guy deposited more than you, you lost" because that means its not provable then is it. Just trust the website that it is true. So they can snipe any deposit... and also the game just feels weird that you have to trust the website with more Bitcoin to produce wins. It feels like a sketchy game.

derrend

hero member

Activity: 707

Merit: 505

Quote from: ?? on ??

Huh? First of all, there's no way your key is 128 bits, no browser is going to accept a key that weak.

I must be wrong about the complexity of the encryption then, feel free to check out the certificate on the website

Quote

Secondly your server is vulnerable to the recent padding oracle attack ( https://www.openssl.org/news/secadv/20160503.txt ) which almost invalidates the point of using https

Nessus scan picked up nothing over "info" priority.

Quote

And lastly, "and can be identified/held accountable" is blatant misinformation. Your certificate (DV SSL) shows one thing, and one thing only: that it was issued to someone who controls the domain. I'm going to guess you already know this based on the fact you never had to prove who you were.
And " for any fraudulent activity" is a empty claim, as you because as you know any cheating is 100% undetectable, as your game make no effort to be provably fair, and players have to 100% trust you that they lost =)

You are right about that, we go into greater detail on reddit: https://redd.it/4msogu

derrend

hero member

Activity: 707

Merit: 505

Quote from: Bytecoiner419 on June 11, 2016, 08:53:53 PM

I wish you luck with your site. do you offer a referral program?

Thanks, no referral programme at the moment I'm afraid.

Bytecoiner419

hero member

Activity: 638

Merit: 516

I ❤ the bitcoin community

Quote from: maku on June 11, 2016, 06:28:51 PM

So if I understand concept of this game correctly the winner is individual who are willing to deposit more money, always. Correct?
Then he take all deposits of others plus his initial funds. I don't know if I like the concept of 'rich takes it all'.

agreed, this seems like a crazy game and too rich for my blood. Tongue

I wish you luck with your site. do you offer a referral program?

derrend

hero member

Activity: 707

Merit: 505

Quote from: maku on June 11, 2016, 06:28:51 PM

So if I understand concept of this game correctly the winner is individual who are willing to deposit more money, always. Correct?
Then he take all deposits of others plus his initial funds. I don't know if I like the concept of 'rich takes it all'.

It's not rich takes all, the deposits are shuffled and then pared randomly on a one 2 one basis, the highest of the pair takes all.
You can take a look at the results page and see the history to get a better understanding - https://bit-chikun.com/results/

maku

legendary

Activity: 1288

Merit: 1000

So if I understand concept of this game correctly the winner is individual who are willing to deposit more money, always. Correct?
Then he take all deposits of others plus his initial funds. I don't know if I like the concept of 'rich takes it all'.

derrend

hero member

Activity: 707

Merit: 505

Some dude has harvested the last 9 deposits with the exact same stake every time, isn't anyone going to try and take him out??
https://bit-chikun.com/results/

derrend

hero member

Activity: 707

Merit: 505

Quote from: greyhawk on June 11, 2016, 05:18:17 PM

There is something wrong with the captcha. I constantly get "Invalid Captcha" even though I'm entering it correctly.

Are you actually solving the sum or just typing what you see?
4 + 4 = 8, not "4 + 4 ="

greyhawk

hero member

Activity: 952

Merit: 1009

There is something wrong with the captcha. I constantly get "Invalid Captcha" even though I'm entering it correctly.

derrend

hero member

Activity: 707

Merit: 505

Translations:

Chinese		Malay		Hindi		Spanish		Russian
Arabic		Bengali		Portuguese		Indonesian		French

Contact us:

Twitter		- link
Website		- https://bit-chikun.com/
Source		- https://github.com/bit-chikun/chikun
Audit		- https://blockchain.info/address/12LmXkeVmSL3nBrMMBCPcLw2Jt97G1W4gr

The first ever gambling website based purely on risk aversion, made possible by the emergence of cryptographic currencies.

About bit-chikun.com:
Inspired by Satoshi Nakamoto's example of what the global financial system would look like when occams razor is liberally applied (and Googles simplicity regarding their search page), we decided to re-examine the concept of gambling.

Commonly, when a wager is placed the outcome of that wager will depend on an event such as a coin toss, horse race, football game etc, but now thanks to the instantaneous and irreversible nature of crypto we can take occams razor (like Satoshi) to this situation and remove the third party event!

How bit-chikun.com works in a nutshell:
A user visits our website, generates a one time bitcoin deposit address and sends some BTC there.
This deposit is registered by our website and matched to another deposit completely at random.
A minimum deposit of 0.001 BTC is deposited by the site every 30 minutes to attract users.
The user who made the highest deposit (was less risk averse) wins the pot total and has all the BTC sent back to them! (the loser goes home empty handed).

or...

Imagine a worm wriggling in the sand, along come some hungry fish to prey on it but on arrival they see more of a meal in the other fish and try and eat them instead!
The site puts up a small stake to entice users to play, the stake is always the same value and is deposited at a regular interval (about every 30 minutes).
Opportunistic users put up a slightly higher stake in order to claim it (this is happening right now) which in turn incentivises other users to make ever higher stakes.

A word on security:
All of our sites traffic is processed using HTTPS 128-bit encryption for maximum privacy and security.

Also this shows that we have registered with a trustworthy certificate authority and can be identified/held accountable for any fraudulent activity were it to occur on our site.

Fees:
Minimum deposit amount is 0.001 BTC.
Deposits lower than the minimum will not be picked up or processed by our system and we will make no effort to return them.

We take a 2% vig from the losing deposit in each successful matching.

Example -
Alice deposits 10 BTC
Bob deposits 1 BTC

Alice’s' deposit is greater than Bobs so she gets her 10 BTC back plus 0.98 of Bobs BTC since we (bit-chikun) took 0.02 as a fee from Bobs deposit.

Deposit addresses:
Deposit addresses are single use only.

More on security:
Only the bare minimum amount of BTC is in our possession at any one time, deposits are typically held for one confirmation and then sent away.

When a deposit comparison is made and funds are sent, the inputs used are the exact same inputs that correspond to the deposit addresses which basically means that double spend attacks would be very difficult because if the attack was unsuccessful then the attackers funds would be processed as a legitimate bet (no harm done), if successful the attackers funds would evaporate from out wallet address and it would be like the deposit never happened (again, no harm done).
SatoshiDice employs a similar tactic apparently.

We require only 1 confirmation before a transaction becomes eligible to be processed so in a normal scenario you should not be without your bitcoins for more than 10minutes (average block discovery time regarding BTC).
We attempt to match your wager with other deposits in the system to a maximum of 3 confirmations at which point your funds are returned as we were unsuccessful in providing you with an opponent.

Transparency:
All successful interactions are published on our results page with links to the wallet addresses and transaction numbers. An index ID is also provided for easy identification should a problem ever arise.

The results page is searchable for IDs, addresses, deposit amounts and transaction identification numbers.

Double deposits and minimum amount deposits are not displayed on the results page, in these cases your deposit address and transaction id and even the BTC address you sent it from can be used to identify your deposit and it will be easily viewable on the blockchain.

Return addresses:
Return addresses are supplied by users before making their deposits, bit-chikun.com takes no responsibility for funds returned to addresses outside of your control.

More info:
bit-chikun.com ltd's method for random database matching as a form of decision making regarding cryptographic currencies and their interactions or determining the nature of an interaction based purely on the risk aversion of the participants as opposed to the outcome of an event is protected by international copyright.

Topic: Introducing BIT-CHIKUN.COM, worlds first bitcoin game which is also an ecosystem (Read 689 times)