DragonX/dragonx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

+dice attack vector

Browse Source
This commit is contained in:
jl777
2018-08-15 22:10:55 -11:00
parent 59e96a4256
commit 764eb2e5be
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/cc/dice.cpp
View File

@@ -79,6 +79,12 @@ winner:
timeout: timeout:
same as winner, just without hentropy or proof same as winner, just without hentropy or proof
WARNING: there is an attack vector that precludes betting any large amounts, it goes as follows:
1. do dicebet to get the house entropy revealed
2. calculate bettor entropy that would win against the house entropy
3. reorg the chain and make a big bet using the winning entropy calculated in 2.
In order to mitigate this, the disclosure of the house entropy needs to be delayed beyond a reasonable reorg depth (notarization). It is recommended for production dice game with significant amounts of money to use such a delayed disclosure method.
*/ */
#include "../compat/endian.h" #include "../compat/endian.h"