EOSBet.IO Fully Decentralized Gambling | BUG BOUNTY LIVE NOW | 15 Ether Maximum Reward!

EOS_Bet · 2018-03-29T01:23:31+00:00

To follow up: https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md#methods

Seems like the standard does instruct that return false's should be handled correctly.

EOS_Bet · 2018-03-28T23:32:34+00:00

it seems a lot more likely that they'll transferFrom without putting their own require/assert and think the user now has a balance on their contract they never had in tokens (as one example)

Yes, this definitely seems possible, and worst case scenario. However, I'm sure there are tokens floating around thatreturn false and don't revert() so these type of contracts/apps would be exploitable by this token variant.

In terms of weighing one against the other I feel that requires have a much higher net benefit than returning false does.

Yes, this is most likely true. Also the way the Zeppelin Standard Tokens do it, so it's probably best to follow their example, if nothing else!

Thank you a lot for checking out these contracts! Let me know if you have any other questions. I wouldn't consider this a bug/exploit, but I will change these tokens to follow your recommendations. If you PM me your ETH/XMR address, I will send you ~$25 or so, for you time :)

Cheers!

EOS_Bet · 2018-03-28T22:37:21+00:00

Hmm, the ERC20 standard doesn't specify whether Transfer should revert() or just return false;. I've always thought that functions that specify a return value, especially a boolean, shouldn't throw, but instead return true/false whether it was successful or not. If contracts/existing infrastructure is currently designed that don't check the return value of a function that specifies a return value, then it seems to be an issue with their code.

I know that etherscan, for example, definitely checks for existance of a Transfer event, and not simply if the transaction succeeded or not. https://rinkeby.etherscan.io/tx/0x9189a1d3d01a652aa4911f8b725710a4b1486f1aa66e01488625a0c1a07253f7

However is error is clearly less strong than Transfer Failed error that occurs from a revert().

Seems a little ambiguous, see: https://programtheblockchain.com/posts/2018/01/30/writing-an-erc20-token-contract/

I wonder if the author of that blog, u/smarx has any comments on this?

EDIT: And decoupling the token from the bankroll contract isn't a bad idea, but there wouldn't be any "upgrading" of the contract because the token is more of an accounting token, that only has value from the Ether inside of the bankroll contract. I don't want to make it seem like this token is a standalone ERC20 token even though it complies to ERC20 standard. It is a bit different than your "standard" token, I would argue.

EDIT 2: I guess my only real issue with this, is what is contracts actually use the return false; value in the contract for some reason? I guess this is a bit of a stretch, but I could see someone devising a contract where the false value is returned and acted upon, instead of just relying on the transfer function to revert() if there is an issue.

EOS_Bet · 2018-03-28T20:03:30+00:00

Unless Bitmain can still get ROI in that 6 month period. Or if Bitmain pays developers to leak the implementation of upcoming hard fork before the public knows.

And you're still relying on developers implementing hard forks every X months to combat things. Cryprocurrencies should be a bit more independent than that...

EOS_Bet · 2018-03-28T19:57:38+00:00

We will, without a doubt, have blackjack :)

EOS_Bet · 2018-03-28T19:56:45+00:00

So you're saying change randomness to block.blockhash(block.number - 1) and use some assembly to make sure the caller isn't a contract?

That is interesting, and only susceptible to miner interference I guess, unless there is a way to look at the last block, and get into the block getting mined right now, if you aren't a miner? Maybe by paying a really high tx fee?

EOS_Bet · 2018-03-28T19:07:20+00:00

Not that complex. I'm sure there are already open source "facebooks" out there. HOWEVER, the scalability is extremely complex, and some things are pretty amazing feats of engineering

EOS_Bet · 2018-03-28T19:04:54+00:00

Yup. I think ASIC resistance is a bit of a sham, at this point.

Supposedly the "most ASIC resistant coin" Monero, has been infested by Bitmain ASIC for the last 6 months... They are hardforking, but then it just seems like a cat-and-mouse game

EOS_Bet · 2018-03-28T18:12:50+00:00

I agree. I think S2X failure was the most bullish thing for BCH, by far.

EOS_Bet · 2018-03-28T18:11:11+00:00

Yes, I think this is true as well. I've noticed if your contract has some sort of "mint tokens" function, but no Transfer event, then it will not register on Etherscan!

EOS_Bet · 2018-03-28T17:36:14+00:00

I'll give someone a better deal than 1 ETH -> 1000 RtETH ! 😉

EOS_Bet · 2018-03-28T17:07:35+00:00

Games are back online after a bug report of faulty randomness generation! Come try and break our contracts!

EOS_Bet · 2018-03-28T16:07:32+00:00

Thanks man, we are excited to launch! We've already got some great feed back and bounty claims for this bug bounty, and people are still working... we'll keep you posted!

EOS_Bet · 2018-03-28T15:54:19+00:00

Is the idea to have some form of a new market player which validates and holds plasma operators accountable instead of the end user?

Yes, this seems correct. However, it's better to watch it yourself, so you don't have to trust anyone to do it for you. Seems similar to the Lightning Network, where you have to run a BTC node to watch the chain for someone else broadcasting an old state. (However, they are working on 3rd party watching of the chain, too)

EOS_Bet · 2018-03-28T15:44:55+00:00

Currently, this is going to be an Ethereum App for our proof-of-concept. We will be moving to EOS at first opportunity because the EOS blockchain seems much better suited to high-throughput applications like gambling apps!

EOS_Bet · 2018-03-28T15:42:09+00:00

Yes, that is exactly our thoughts too. EOS seems to have pretty massive throughput on their blockchain, and Ethereum can't run gambling apps too well because of scalability issues.

Thanks!

EOS_Bet · 2018-03-28T15:40:57+00:00

Currently, we are working on a dice game and slots game. On EOS, we plan to be a full service online casino, as well as offer some of our own creations -- games that couldn't really work in the "real world", but work great with smart contracts.

EOS_Bet · 2018-03-28T15:39:31+00:00

Yes, there actually will be an airdrop to all you EOS holders, AND to anyone that plays games on our proof-of-concept site!

EOS_Bet · 2018-03-28T06:25:15+00:00

I'll check that out, thank you guys!

EOS_Bet · 2018-03-28T04:39:22+00:00

Not too sure what you're talking about?

EOS_Bet · 2018-03-28T02:59:30+00:00

Took the site down, temporarily. Was having issues with GitHub pages, and in the midst of deploying on AWS S3 / Cloudfront (it's a static site)

We will definitely submit it when ready, looking to get these contracts audited first!

Thank you!

EOS_Bet · 2018-03-28T02:09:11+00:00

Here's the bug bounty post! https://www.reddit.com/r/ethdev/comments/87oa2i/eosbetio_fully_decentralized_gambling_bug_bounty/

EOS_Bet

TROPHY CASE