You are viewing a single comment's thread from:
RE: [UPDATED] Epic Dice shut down due to witness cheating
@raycoms and I talked a lot about theoretical ways to crack such randomness and how to design it in a way that is not deterministic for the witness that signs the block.
But I didn't think someone would actually do it.
Upon investigation it seems that it was super easy to hack, you didn't even have to collude with a witness. Basically if you craft the right transaction it just works.
And that is really easy, so I can actually imagine a lot of people doing that. Would probably take someone 30 minutes to code it up.
I really don't pity the devs here, if they use the tx in isolation as the randgen seed then they are as incompetent as can be 🤷♂️ that is like hiding passwords in the client application 😂
I didn't think that someone would modify steemd to make their witness produce specially crafted blocks that alter the randgen. But seriously, transactions?
They will if there is enough money at stake (or even if it isn't and just feel like it is worth doing for the lulz anyway) and on a global network making assumptions about what someone somewhere will be willing to do nearly always ends badly.
Thanks. Now I'm speechless for the rest of the week.