Author

Topic: SatoshiDICE.com - The World's Most Popular Bitcoin Game - page 268. (Read 495794 times)

full member
Activity: 144
Merit: 100
One more possible attack:

4. Duplicate transactions:  It is possible for the same transaction hash to occur more than once (see BIP 30 for details).  Since the result of a bet depends only on the day's secret and the bet transaction hash, it is possible to place a bet and if it wins, repeat the same bet again within the same day.  For example, prepare some transactions as follows: Mine a block with address A, then send the coins to B, then to C.  Mine another block with address A and send the coins to B.  Mine another block with address A and leave the coins there.  Now you can send coins from C to SatoshiDice and if the bet is a win, place two more bets B->C->SatoshiDice and A->B->C->SatoshiDice.  The site could prevent this attack easily though (perhaps even unintentionally, if it uses transaction hashes as keys in a database to determine whether a payout has been sent).
legendary
Activity: 2506
Merit: 1010
3. Mining attack: Place a bet as usual.  If you lose, try to put a double spend of your bet transaction in the next block you generate.  With a few percent of the network hash power, you could overcome the house edge and make a profit.  Any decent sized mining pool could profit from this attack now, regardless of betting limits.

Yup, that make sense.  You'ld get away with it just one time though before detection (presuming SatoshiDice is detecting these when they occur.)  I doubt a pool would risk the negative goodwill on such a stunt.

I suppose the service could apply a delay before the payout transaction when winning wagers are exceed a certain threshold to prevent this, and then also to limit total payouts per-block to a certain maximum, for instance, to limit the potential loss that could occur.
full member
Activity: 144
Merit: 100
So, has anyone executed a double spend attack on SatoshiDice yet?  The site claims it is not possible because the payout transaction depends on the bet transaction, so reversing the bet will also reverse the payout.  But that doesn't prevent attacks: all you have to do is wait to see if you win or lose, then reverse the bet (and hence the payout) only if you lose.  It could be done in a few ways:

1. Simple race: Try to connect to SatoshiDice as directly as possible, and as soon as you receive a losing payout, send a double spend of the bet transaction to any parts of the network that have not yet seen the original bet.  The site could prevent this attack fairly effectively by introducing a small delay and sending the original bet transaction to as many nodes as possible (especially mining nodes).

2. Finney attack: Generate a block that contains a payment to yourself but don't distribute the block.  Send the same coins to SatoshiDice.  If you lose, distribute the block and reverse the losing bet.  If you win, don't distribute the block.  This attack requires you to give up the block reward in the case of a wining bet, so it is only effective if bets can be high enough.  With current bet limits, it could be marginally profitable.  If bets of say 1000 BTC were permitted, attackers would be all over that.

3. Mining attack: Place a bet as usual.  If you lose, try to put a double spend of your bet transaction in the next block you generate.  With a few percent of the network hash power, you could overcome the house edge and make a profit.  Any decent sized mining pool could profit from this attack now, regardless of betting limits.
legendary
Activity: 2506
Merit: 1010
Which android wallet should I get to wager with?

Same ones as on the BitLotto Compatability List:

 - http://bitlotto.com (click on link on left side)

BitcoinSpinner
 - https://play.google.com/store/apps/details?id=com.miracleas.bitcoin_spinner

Bitcoin Wallet by Andreas Schildbach
 - https://play.google.com/store/apps/details?id=de.schildbach.wallet&hl=en

Blockchain
 - https://play.google.com/store/apps/details?id=piuk.blockchain
 - http://itunes.apple.com/us/app/blockchain/id493253309
 - http://Blockchain.info/wallet  (Web access to same wallet)

Hosted ewallets (e.g., Mt. Gox mobile, PayTunia, FriendlyPay app, etc.) are not compatible as the payouts from Satoshi Dice are returned to the sender's address and that's not a feature supported with hosted ewallets.
sr. member
Activity: 257
Merit: 250
Not trusting third parties with my private keys
Which android wallet should I get to wager with?
sr. member
Activity: 257
Merit: 250
Not trusting third parties with my private keys
i'm not getting anything back either.  Love the idea though.  Just saw the link on bitcoinwatch

[edit: just got the bitcoins back.  now i get them back instantly when i send.  so addicting]
donator
Activity: 29
Merit: 252
Nice site!

[EDIT: Got the btc back.]

Tried a game or two and enjoyed it.
legendary
Activity: 2324
Merit: 1125
sr. member
Activity: 270
Merit: 250
1CoinLabF5Avpp5kor41ngn7prTFMMHFVc
http://blockchain.info/charts/n-transactions

Congratulations!  We just pushed past July 2011's peak number of transactions per day.
legendary
Activity: 2506
Merit: 1010
That is a good idea.  I could update a file in S3 on a daily basis with all the released secrets thus far.  Would that do?

Sure would.
sr. member
Activity: 392
Merit: 251

Would there be a list of the keys and the secrets and each secret is published (i.e., 24 hours after it expired)?

I ask this as if for some reason the service is offline, there is no other way to verify the results for a previous transaction as the secret is used in that verification process.


That is a good idea.  I could update a file in S3 on a daily basis with all the released secrets thus far.  Would that do?
legendary
Activity: 2506
Merit: 1010
So that there is an independent copy of the hash.keys file, I put a copy up on github.
 - https://github.com/sgornick/satoshidice/blob/master/hash.keys

Would there be a list of the keys and the secrets and each secret is published (i.e., 24 hours after it expired)?

I ask this as if for some reason the service is offline, there is no other way to verify the results for a previous transaction as the secret is used in that verification process.
hero member
Activity: 931
Merit: 500
Great game!

won some bitcents  Cheesy
sr. member
Activity: 392
Merit: 251
Can you give a look here?

The discussion starts from this/my post:
https://bitcointalksearch.org/topic/m.881208

I can't use anymore the Blockchain.info wallet to sent to this address because of this problem:
1dice8EMZmqKvrGE4Qc9bUFf9PX3xaYDp

It seems that now it's a blacklisted address.

I'll absolutely take a look.  Just FYI, I just did a transaction to that address via blockchain.info web interface and it went through fine.

http://satoshidice.com/full.php?tx=d8bc8c88240466b7184cd36540c524ff29cf2b0db3bb67a57147b65a14113934

I've posted a reply:
https://bitcointalksearch.org/topic/m.881577

People on this forum might be interested in hearing it as well.

tl;dr: Sometimes we double spend when something goes wrong.  We are sorry and are trying to fix it.  But it is not terrible since only one of them eventually gets into the chain and everyone gets paid as they should.
sr. member
Activity: 392
Merit: 251
Can you give a look here?

The discussion starts from this/my post:
https://bitcointalksearch.org/topic/m.881208

I can't use anymore the Blockchain.info wallet to sent to this address because of this problem:
1dice8EMZmqKvrGE4Qc9bUFf9PX3xaYDp

It seems that now it's a blacklisted address.

I'll absolutely take a look.  Just FYI, I just did a transaction to that address via blockchain.info web interface and it went through fine.

http://satoshidice.com/full.php?tx=d8bc8c88240466b7184cd36540c524ff29cf2b0db3bb67a57147b65a14113934
hero member
Activity: 714
Merit: 500
What does "ABOVE MAX" mean ?
Nice site!

What do 'UNKONW' mena ?
legendary
Activity: 1806
Merit: 1003
but seems he only net a few, what are the chances of this happening:

Details   2012-05-04 01:41:53   lessthan 24000   dc1437f1   4533bc6a   PENDING   50.00000000   WIN   135.41666666   6136
Details   2012-05-04 01:41:17   lessthan 24000   99f74b78   916d90a7   PENDING   25.00000000   LOSE   0.10223388   58594
Details   2012-05-04 01:40:54   lessthan 24000   b6872772   18e6539f   PENDING   25.00000000   LOSE   0.10223388   53249
Details   2012-05-04 01:40:30   lessthan 24000   33ecd97d   83c8f192   PENDING   16.00000000   LOSE   0.06542968   61663
Details   2012-05-04 01:40:03   lessthan 24000   433586fe   feecae28   PENDING   8.00000000   LOSE   0.03271484   50156
Details   2012-05-04 01:39:49   lessthan 24000   a86ad80a   b37322bf   PENDING   4.00000000   LOSE   0.01635742   37135
Details   2012-05-04 01:39:32   lessthan 24000   2537ae1e   9c3c70ae   PENDING   2.00000000   LOSE   0.00817871   61231
Details   2012-05-04 01:39:21   lessthan 24000   2717bbeb   66051aa5   PENDING   1.00000000   LOSE   0.00408935   39306
Details   2012-05-04 01:38:59   lessthan 24000   49e50cf5   15e2712b   PENDING   0.50000000   LOSE   0.00204467   31378
Details   2012-05-04 01:38:35   lessthan 24000   ad3e2f3f   3ca464cc   UNKNOWN   0.25000000   LOSE   0.00102233   57358

Seems he lost 9 times in a roll, until the final win

Ahh crap someone just won 85 coins lol
legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
Ahh crap someone just won 85 coins lol
legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
Can you give a look here?

The discussion starts from this/my post:
https://bitcointalksearch.org/topic/m.881208

I can't use anymore the Blockchain.info wallet to sent to this address because of this problem:
1dice8EMZmqKvrGE4Qc9bUFf9PX3xaYDp

It seems that now it's a blacklisted address.

I'll have fireduck comment on that HostFat - interesting problem.
staff
Activity: 4270
Merit: 1209
I support freedom of choice
Can you give a look here?

The discussion starts from this/my post:
https://bitcointalksearch.org/topic/m.881208

I can't use anymore the Blockchain.info wallet to sent to this address because of this problem:
1dice8EMZmqKvrGE4Qc9bUFf9PX3xaYDp

It seems that now it's a blacklisted address.
Jump to: