Topic: Luckynumber.me has holes in their provably fair system, allows for manipulation - page 2. (Read 3350 times)
May 01, 2014, 05:21:36 AM
So what?
May 01, 2014, 05:19:52 AM
In my opinion there is no ideal system for off-chain sites right now, I have voiced my opinion that someone should develop an open-source standard and require all sites to run it to be "provably fair".
Even Stunna is acknowledging that every system has no ideal provably fairness.
New developments have to be made to end this scam accusations that lack insight.
I think this thread is pretty closed then.
I'd agree in saying that each system has its flaws, but the way this site implements it's provably fair allows for a much easier way for rolls to be manipulated, there isn't a 100% sure-fire way to know that your roll hasn't been manipulated. Other sites display a non-changing nonce (displayed before rolls) or an editable field, which as long as we record the nonce or edit our client-seed we can be sure our roll is not manipulated. We can neither edit or be sure of the time that the roll was placed because the time ticks by too quickly and as pointed out by another user, the time isn't even accurate.
Sure thing. But I'd risk to say that 99.9% of the players on PD, for example, do not change client seed every bet.
Is it not - statistically - the same room for manipulation on both sites? Considering that both can, at their will, manipulate the rolls. The thing is that they don't. The problem is on the system itself, they have different provably fairs, and hopefully they can both change them one day, when a new system arrives that is more foolproof than now.
It's almost a linguistics question. People are saying that LN can't affirm it's provably fair because they cannot prove it's fair. But PD can't prove its fair system either, if client seed is not changed. Yet they are provably fair?
I think there are accusations being made that are pointless, yet very serious because they are alarming users that don't understand how this fair system works.
Truth is we need a new system, to end up all this misunderstandings.
I'm pretty much sure that PD and LN are not manipulating anything, though.
May 01, 2014, 05:18:30 AM
In my opinion there is no ideal system for off-chain sites right now, I have voiced my opinion that someone should develop an open-source standard and require all sites to run it to be "provably fair".
Even Stunna is acknowledging that every system has no ideal provably fairness.
New developments have to be made to end this scam accusations that lack insight.
I think this thread is pretty closed then.
I'd agree in saying that each system has its flaws, but the way this site implements it's provably fair allows for a much easier way for rolls to be manipulated, there isn't a 100% sure-fire way to know that your roll hasn't been manipulated. Other sites display a non-changing nonce (displayed before rolls) or an editable field, which as long as we record the nonce or edit our client-seed we can be sure our roll is not manipulated. We can neither edit or be sure of the time that the roll was placed because the time ticks by too quickly and as pointed out by another user, the time isn't even accurate.
Sure thing. But I'd risk to say that 99.9% of the players on PD, for example, do not change client seed every bet.
Is it not - statistically - the same room for manipulation on both sites? Considering that both can, at their will, manipulate the rolls. The thing is that they don't. The problem is on the system itself, they have different provably fairs, and hopefully they can both change them one day, when a new system arrives that is more foolproof than now.
It's almost a linguistics question. People are saying that LN can't affirm it's provably fair because they cannot prove it's fair. But PD can't prove its fair system either, if client seed is not changed. Yet they are provably fair?
I think there are accusations being made that are pointless, yet very serious because they are alarming users that don't understand how this fair system works.
Truth is we need a new system, to end up all this misunderstandings.
I'm pretty much sure that PD and LN are not manipulating anything, though.
May 01, 2014, 05:05:54 AM
In my opinion there is no ideal system for off-chain sites right now, I have voiced my opinion that someone should develop an open-source standard and require all sites to run it to be "provably fair".
Even Stunna is acknowledging that every system has no ideal provably fairness.
New developments have to be made to end this scam accusations that lack insight.
I think this thread is pretty closed then.
I'd agree in saying that each system has its flaws, but the way this site implements it's provably fair allows for a much easier way for rolls to be manipulated, there isn't a 100% sure-fire way to know that your roll hasn't been manipulated. Other sites display a non-changing nonce (displayed before rolls) or an editable field, which as long as we record the nonce or edit our client-seed we can be sure our roll is not manipulated. We can neither edit or be sure of the time that the roll was placed because the time ticks by too quickly and as pointed out by another user, the time isn't even accurate.
May 01, 2014, 04:31:20 AM
In my opinion there is no ideal system for off-chain sites right now, I have voiced my opinion that someone should develop an open-source standard and require all sites to run it to be "provably fair".
Even Stunna is acknowledging that every system has no ideal provably fairness.
New developments have to be made to end this scam accusations that lack insight.
I think this thread is pretty closed then.
May 01, 2014, 03:10:18 AM
Wow. No wonder I have lost so much money there.
April 30, 2014, 10:39:07 PM
The forum does not do scammer tags.
April 30, 2014, 08:58:12 PM
good catch guys, anyway they can get the scammer tag???
April 24, 2014, 12:33:20 PM
Something I also noticed:
Given that they offer 60 coin payouts for individual bets with a very small bank it makes this possibility more concerning. This all goes without saying that giftcoins was unethical in stealing actual design files from PD that were unreleased, not just images. I will post more about that in the near future.
Quote from: stunna
Another ridiculous detail is that the server time on site is different to actual server time as it uses javascript to calc individual server times. I have both my laptops open on luckynumber and the time is off by 2 sec. So effectively he can choose between the best few server times (with ease)
Given that they offer 60 coin payouts for individual bets with a very small bank it makes this possibility more concerning. This all goes without saying that giftcoins was unethical in stealing actual design files from PD that were unreleased, not just images. I will post more about that in the near future.
April 24, 2014, 08:12:00 AM
Thanks for a warning.
This seems like dangerous for players and for them in a same time.
I hope they will read your post and maybe will change something in their system.
Regards
This seems like dangerous for players and for them in a same time.
I hope they will read your post and maybe will change something in their system.
Regards
April 24, 2014, 07:33:36 AM
Luckynumber.me is not provably fair, because of the inclusion of time down to the millisecond in the decision of the final roll, this is why.
Say you make a bet at 3:34 PM, 13.23 seconds. The outcome of the roll was a win.
Luckynumber looks at your roll and calculates that it would be a win. So they pretend the server got the message a millisecond later. Let's do a new roll with a new time.
Your bet was now made at 3:34 PM, 13.24 seconds. The outcome of this roll is a loss.
This allows for major roll manipulation. They don't have to do this every bet. They can just do it on larger bets, or once every 20 rolls or so. It doesn't matter if some people win because they still have to keep their image up.
They can also repeat the time process multiple times until they get a losing roll.
You might say that you can see the clock at the bottom of the game and you know exactly when you clicked roll. Did you really? Do you know exactly how long it takes the message to get to the server and for the server to record the time? These are all things that can be used against you.
Gamble carefully.
Say you make a bet at 3:34 PM, 13.23 seconds. The outcome of the roll was a win.
Luckynumber looks at your roll and calculates that it would be a win. So they pretend the server got the message a millisecond later. Let's do a new roll with a new time.
Your bet was now made at 3:34 PM, 13.24 seconds. The outcome of this roll is a loss.
This allows for major roll manipulation. They don't have to do this every bet. They can just do it on larger bets, or once every 20 rolls or so. It doesn't matter if some people win because they still have to keep their image up.
They can also repeat the time process multiple times until they get a losing roll.
You might say that you can see the clock at the bottom of the game and you know exactly when you clicked roll. Did you really? Do you know exactly how long it takes the message to get to the server and for the server to record the time? These are all things that can be used against you.
Gamble carefully.
Jump to: