Topic: SatoshiDICE.com - The World's Most Popular Bitcoin Game - page 268. (Read 495694 times)

One more possible attack:

4. Duplicate transactions:  It is possible for the same transaction hash to occur more than once (see BIP 30 for details).  Since the result of a bet depends only on the day's secret and the bet transaction hash, it is possible to place a bet and if it wins, repeat the same bet again within the same day.  For example, prepare some transactions as follows: Mine a block with address A, then send the coins to B, then to C.  Mine another block with address A and send the coins to B.  Mine another block with address A and leave the coins there.  Now you can send coins from C to SatoshiDice and if the bet is a win, place two more bets B->C->SatoshiDice and A->B->C->SatoshiDice.  The site could prevent this attack easily though (perhaps even unintentionally, if it uses transaction hashes as keys in a database to determine whether a payout has been sent).

Yup, that make sense.  You'ld get away with it just one time though before detection (presuming SatoshiDice is detecting these when they occur.)  I doubt a pool would risk the negative goodwill on such a stunt.

I suppose the service could apply a delay before the payout transaction when winning wagers are exceed a certain threshold to prevent this, and then also to limit total payouts per-block to a certain maximum, for instance, to limit the potential loss that could occur.

So, has anyone executed a double spend attack on SatoshiDice yet?  The site claims it is not possible because the payout transaction depends on the bet transaction, so reversing the bet will also reverse the payout.  But that doesn't prevent attacks: all you have to do is wait to see if you win or lose, then reverse the bet (and hence the payout) only if you lose.  It could be done in a few ways:

1. Simple race: Try to connect to SatoshiDice as directly as possible, and as soon as you receive a losing payout, send a double spend of the bet transaction to any parts of the network that have not yet seen the original bet.  The site could prevent this attack fairly effectively by introducing a small delay and sending the original bet transaction to as many nodes as possible (especially mining nodes).

2. Finney attack: Generate a block that contains a payment to yourself but don't distribute the block.  Send the same coins to SatoshiDice.  If you lose, distribute the block and reverse the losing bet.  If you win, don't distribute the block.  This attack requires you to give up the block reward in the case of a wining bet, so it is only effective if bets can be high enough.  With current bet limits, it could be marginally profitable.  If bets of say 1000 BTC were permitted, attackers would be all over that.

3. Mining attack: Place a bet as usual.  If you lose, try to put a double spend of your bet transaction in the next block you generate.  With a few percent of the network hash power, you could overcome the house edge and make a profit.  Any decent sized mining pool could profit from this attack now, regardless of betting limits.

Same ones as on the BitLotto Compatability List:

 - http://bitlotto.com (click on link on left side)

BitcoinSpinner
 - https://play.google.com/store/apps/details?id=com.miracleas.bitcoin_spinner

Bitcoin Wallet by Andreas Schildbach
 - https://play.google.com/store/apps/details?id=de.schildbach.wallet&hl=en

Blockchain
 - https://play.google.com/store/apps/details?id=piuk.blockchain
 - http://itunes.apple.com/us/app/blockchain/id493253309
 - http://Blockchain.info/wallet  (Web access to same wallet)

Hosted ewallets (e.g., Mt. Gox mobile, PayTunia, FriendlyPay app, etc.) are not compatible as the payouts from Satoshi Dice are returned to the sender's address and that's not a feature supported with hosted ewallets.

Which android wallet should I get to wager with?

i'm not getting anything back either.  Love the idea though.  Just saw the link on bitcoinwatch

[edit: just got the bitcoins back.  now i get them back instantly when i send.  so addicting]

Nice site!

[EDIT: Got the btc back.]

Tried a game or two and enjoyed it.

http://blockchain.info/charts/n-transactions

Congratulations!  We just pushed past July 2011's peak number of transactions per day.

Sure would.

That is a good idea.  I could update a file in S3 on a daily basis with all the released secrets thus far.  Would that do?

Would there be a list of the keys and the secrets and each secret is published (i.e., 24 hours after it expired)?

I ask this as if for some reason the service is offline, there is no other way to verify the results for a previous transaction as the secret is used in that verification process.

Great game!

won some bitcents 

I've posted a reply:
https://bitcointalksearch.org/topic/m.881577

People on this forum might be interested in hearing it as well.

tl;dr: Sometimes we double spend when something goes wrong.  We are sorry and are trying to fix it.  But it is not terrible since only one of them eventually gets into the chain and everyone gets paid as they should.

I'll absolutely take a look.  Just FYI, I just did a transaction to that address via blockchain.info web interface and it went through fine.

http://satoshidice.com/full.php?tx=d8bc8c88240466b7184cd36540c524ff29cf2b0db3bb67a57147b65a14113934

What does "ABOVE MAX" mean ?
Nice site!

What do 'UNKONW' mena ?

but seems he only net a few, what are the chances of this happening:

Details   2012-05-04 01:41:53   lessthan 24000   dc1437f1   4533bc6a   PENDING   50.00000000   WIN   135.41666666   6136
Details   2012-05-04 01:41:17   lessthan 24000   99f74b78   916d90a7   PENDING   25.00000000   LOSE   0.10223388   58594
Details   2012-05-04 01:40:54   lessthan 24000   b6872772   18e6539f   PENDING   25.00000000   LOSE   0.10223388   53249
Details   2012-05-04 01:40:30   lessthan 24000   33ecd97d   83c8f192   PENDING   16.00000000   LOSE   0.06542968   61663
Details   2012-05-04 01:40:03   lessthan 24000   433586fe   feecae28   PENDING   8.00000000   LOSE   0.03271484   50156
Details   2012-05-04 01:39:49   lessthan 24000   a86ad80a   b37322bf   PENDING   4.00000000   LOSE   0.01635742   37135
Details   2012-05-04 01:39:32   lessthan 24000   2537ae1e   9c3c70ae   PENDING   2.00000000   LOSE   0.00817871   61231
Details   2012-05-04 01:39:21   lessthan 24000   2717bbeb   66051aa5   PENDING   1.00000000   LOSE   0.00408935   39306
Details   2012-05-04 01:38:59   lessthan 24000   49e50cf5   15e2712b   PENDING   0.50000000   LOSE   0.00204467   31378
Details   2012-05-04 01:38:35   lessthan 24000   ad3e2f3f   3ca464cc   UNKNOWN   0.25000000   LOSE   0.00102233   57358

Seems he lost 9 times in a roll, until the final win

Ahh crap someone just won 85 coins lol

I'll have fireduck comment on that HostFat - interesting problem.

Can you give a look here?

The discussion starts from this/my post:
https://bitcointalksearch.org/topic/m.881208

I can't use anymore the Blockchain.info wallet to sent to this address because of this problem:
1dice8EMZmqKvrGE4Qc9bUFf9PX3xaYDp

It seems that now it's a blacklisted address.