From 764eb2e5be573ffea8a82cb0dfe46d69fc66c422 Mon Sep 17 00:00:00 2001 From: jl777 Date: Wed, 15 Aug 2018 22:10:55 -1100 Subject: [PATCH] +dice attack vector --- src/cc/dice.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/cc/dice.cpp b/src/cc/dice.cpp index a697d238e..c2f055d8d 100644 --- a/src/cc/dice.cpp +++ b/src/cc/dice.cpp @@ -79,6 +79,12 @@ winner: timeout: same as winner, just without hentropy or proof +WARNING: there is an attack vector that precludes betting any large amounts, it goes as follows: + 1. do dicebet to get the house entropy revealed + 2. calculate bettor entropy that would win against the house entropy + 3. reorg the chain and make a big bet using the winning entropy calculated in 2. + + In order to mitigate this, the disclosure of the house entropy needs to be delayed beyond a reasonable reorg depth (notarization). It is recommended for production dice game with significant amounts of money to use such a delayed disclosure method. */ #include "../compat/endian.h"