Just-Dice.com : Invest in 1% House Edge Dice Game - page 211.

/dev/null

sr. member

Activity: 308

Merit: 250

Quote from: A Meteorite on July 16, 2013, 07:47:00 PM

Quote from: /dev/null on July 16, 2013, 07:42:53 PM

DOOGLUS FOOLED ALL OF YOU. IT WAS A PLANNED SCAM.

WHALE did withdraw -> dooglus paid him
whale keept playing and lost funds -> funds moved to dooglus

Now can someone tell me how the fuck he got loss??

All he needed to do is, remove bettings from WHALE's account.

You must be confused. The whale legitimately won 1300 BTC and cashed out. Dooglus cashed him out, but forgot to debit his account balance. 1300 BTC was left in the whale's balance (effectively, but by mistake, a freeroll), which he then gambled away and lost it all, putting the investors up by 1300 BTC in paper. Because the 1300 BTC in the account was effectively funny money, the wallet would have been short by 1300 BTC, so dooglus first covered it out of his own pocket. He later then reversed the bets by the whale and took the money back the investors should have never made to begin with.

Reversing fake bet was right but he did something else too and look at site, it shows profits in negative.

nimda

hero member

Activity: 784

Merit: 1000

0xFB0D8D1534241423

Site is down.

A Meteorite

full member

Activity: 120

Merit: 100

Quote from: /dev/null on July 16, 2013, 07:42:53 PM

DOOGLUS FOOLED ALL OF YOU. IT WAS A PLANNED SCAM.

WHALE did withdraw -> dooglus paid him
whale keept playing and lost funds -> funds moved to dooglus

Now can someone tell me how the fuck he got loss??

All he needed to do is, remove bettings from WHALE's account.

You must be confused. The whale legitimately won 1300 BTC and cashed out. Dooglus cashed him out, but forgot to debit his account balance. 1300 BTC was left in the whale's balance (effectively, but by mistake, a freeroll), which he then gambled away and lost it all, putting the investors up by 1300 BTC in paper. Because the 1300 BTC in the account was effectively funny money, the wallet would have been short by 1300 BTC, so dooglus first covered it out of his own pocket. He later then reversed the bets by the whale and took the money back the investors should have never made to begin with.

/dev/null

sr. member

Activity: 308

Merit: 250

DOOGLUS FOOLED ALL OF YOU. IT WAS A PLANNED SCAM.

WHALE did withdraw -> dooglus paid him
whale keept playing and lost funds -> funds moved to dooglus

Now can someone tell me how the fuck he got loss??

All he needed to do is, remove bettings from WHALE's account.

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: Raoul Duke on July 16, 2013, 03:26:01 PM

And there is even more potential value to lose if he can cancel a Pending withdrawal that was already processed and gamble it away. You can't have your cake and eat it too, you know?

And so the solution is to check that the account is properly debited before making the transaction on the blockchain, and automating that process. Then we can allow pending, cancel-able withdrawals safely. And will do so.

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Quote from: bobboooiie on July 16, 2013, 03:24:32 PM

Quote from: nimda on July 16, 2013, 03:21:56 PM

Quote from: Raoul Duke on July 16, 2013, 01:44:28 PM

Withdrawal requests should be final, even if they go to pending. If you allow them to cancel the requests then you still have the same problem.

The solution is to warn the user before they finalize their withdrawal that they will not be paid by the hotwallet.

Hmm I think for gambling site this is bad idea. There is just a lot of value lost when player just cancel withdrawal while waiting for it and gamble more.

And there is even more potential value to lose if he can cancel a Pending withdrawal that was already processed and gamble it away. You can't have your cake and eat it too, you know?

bobboooiie

hero member

Activity: 656

Merit: 500

Quote from: nimda on July 16, 2013, 03:21:56 PM

Quote from: Raoul Duke on July 16, 2013, 01:44:28 PM

Withdrawal requests should be final, even if they go to pending. If you allow them to cancel the requests then you still have the same problem.

The solution is to warn the user before they finalize their withdrawal that they will not be paid by the hotwallet.

Hmm I think for gambling site this is bad idea. There is just a lot of value lost when player just cancel withdrawal while waiting for it and gamble more.

nimda

hero member

Activity: 784

Merit: 1000

0xFB0D8D1534241423

Quote from: Raoul Duke on July 16, 2013, 01:44:28 PM

Withdrawal requests should be final, even if they go to pending. If you allow them to cancel the requests then you still have the same problem.

The solution is to warn the user before they finalize their withdrawal that they will not be paid by the hotwallet.

RationalSpeculator

sr. member

Activity: 294

Merit: 250

This bull will try to shake you off. Hold tight!

Quote from: dooglus on July 16, 2013, 04:09:38 AM

Thanks everyone for this. I really wasn't thinking straight this morning. I'm sure some will say I've done the wrong thing by rolling the bets back, but I do think it's the right way to handle this.

You are very welcome.

Really happy you changed your mind.

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: wolverine.ks on July 16, 2013, 01:31:53 PM

is there anyone in a different time zone or different sleep schedule that could contribute to these withdrawals?

Probably, but do you want to have to trust another third party with site funds?

I don't think it's unreasonable to have to wait a few hours for a large withdrawal. Most of the time I'm online and can process them quickly.

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Withdrawal requests should be final, even if they go to pending. If you allow them to cancel the requests then you still have the same problem.

wolverine.ks

sr. member

Activity: 375

Merit: 250

is there anyone in a different time zone or different sleep schedule that could contribute to these withdrawals?

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: Raoul Duke on July 16, 2013, 01:01:52 PM

dooglus needs to use "Pending" state and remove the coin from the user balances when they request a withdrawal and the hot wallet is empty or doesn't have enough funds.
Then he just needs to change the withdrawal state to "Processed". If he forgets to change the withdrawal from "Pending" to "Processed" at least he knows the user will not have the balance at the site to gamble and lose(or win).

Yes, that too.

People have asked "why don't you just send the 1300 BTC to the hot wallet and let it do the sending to the player". The answer is that the hot wallet doesn't send out coins until the incoming coins have a confirmation. But an attacker can send out the 0-conf coins. So the 1300 BTC would be vulnerable to a server break-in until they were confirmed.

Having "pending" withdrawals is a good idea, and one that I will implement, but I don't know that it solves the problem. I think there must be the ability for players to "cancel" their pending withdrawal. Sometimes I sleep for 5 or 6 hours at a time. That's a long time for a withdrawal to be pending, tying up funds. Perhaps the user wants to cancel the large withdrawal and make a few smaller withdrawals via the hot wallet (which gets refilled automatically by new deposits). Or maybe they want to cancel the withdrawal request and play a little more which waiting.

This ability to cancel requests means that I still need to run the 4 steps outlined above, to make sure the withdrawal request wasn't cancelled as I was filling it.

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: Bugpowder on July 16, 2013, 12:04:17 PM

There definitely needs to be new protocols in place. Once is an accident. Twice gets suspicious.

As with everything else, I am open to suggestions.

The issue as I see it is that I need a manual step in the processing of large withdrawals, so I can eyeball things before large amounts of coins are sent out. I need to decouple the wallet which holds the large amounts from the live system, or it may as well be on the live system.

Currently I've been doing a 4-step process:

1) query balance on site
2) if enough, debit balance on site
3) query balance on site again the make sure user didn't somehow reduce balance during step 2 leaving negative balance
4) send coins

When I made the mistake with celeste's withdrawal I missed steps 2 and 3.

I will automate the 4 steps with a simple script which runs locally and queries the remote server, and only use that script for cashing out large withdrawals.

There's nothing that can physically stop me from typing "bitcoind sendtoaddress 1abc... 1300" without doing steps 1 through 3 first, but if I have a script that does the 4 steps for me, I won't feel the need to be typing bitcoind commands like that.

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Quote from: stripykitteh on July 16, 2013, 12:22:42 PM

Quote from: mechs on July 16, 2013, 12:17:00 PM

Dooglas should post what new steps he will take to prevent this sort of error in the future.

+1

dooglus needs to use "Pending" state and remove the coin from the user balances when they request a withdrawal and the hot wallet is empty or doesn't have enough funds.
Then he just needs to change the withdrawal state to "Processed". If he forgets to change the withdrawal from "Pending" to "Processed" at least he knows the user will not have the balance at the site to gamble and lose(or win).

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: atrax1978 on July 16, 2013, 09:12:36 AM

Hi, Doog, I found out what happened in this morning just now, seems I was much luckier when i was a divestor than being a better Grin

, I am the "-3.51195573", and have deposited back to JD. And I think your rollback-decision is right, keep the faith to move on.

Thank you for doing that.

stripykitteh

legendary

Activity: 1176

Merit: 1001

CryptoTalk.Org - Get Paid for every Post!

Quote from: mechs on July 16, 2013, 12:17:00 PM

Dooglas should post what new steps he will take to prevent this sort of error in the future.

+1

Lohoris

hero member

Activity: 630

Merit: 500

Bitgoblin

I approve this rollback decision, I'm very glad it was taken!

That said, I agree we need to set up some clear policy about large withdrawals, such as stating they can take "up to 2 working days", so that doog have all the time to handle them with the proper care.

mechs

full member

Activity: 210

Merit: 100

Dooglas should post what new steps he will take to prevent this sort of error in the future.

Bugpowder

sr. member

Activity: 394

Merit: 250

Quote from: TheFuneral on July 16, 2013, 11:01:25 AM

Quote from: dooglus on July 16, 2013, 06:35:17 AM

Quote from: cowbay on July 16, 2013, 06:27:25 AM

I have received both my investment and donation back, and I wish JD and Doog success. This is one of the most well thought out and transparent sites I have seen. Maybe I will revisit in the future.

Thanks for giving your opinion. I'm new to all this, and am making plenty of mistakes. As has been said before, the site has grown too quickly really. I shouldn't be making these novice mistakes with such large amounts.

Thanks also for voting with your coins. You didn't like what you saw, and you left, rather than just complaining about it.

Thanks for your support and trust. You're welcome back any time.

I haven't seen this addressed yet, but I'm glad it's been recognized now. What changes are we making in the future to prevent this from happening? Or are we fine with the mistake and moving forward?

There definitely needs to be new protocols in place. Once is an accident. Twice gets suspicious.

Topic: Just-Dice.com : Invest in 1% House Edge Dice Game - page 211. (Read 435353 times)