Skip to content

Instantly share code, notes, and snippets.

@Haseeb-Qureshi

Haseeb-Qureshi/coinflip_security_hints.md

Last active July 8, 2018 17:58
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Haseeb-Qureshi/8261d70c4fb8ad8cdf1776f55bdcd4c2 to your computer and use it in GitHub Desktop.
Save Haseeb-Qureshi/8261d70c4fb8ad8cdf1776f55bdcd4c2 to your computer and use it in GitHub Desktop.
Download ZIP
Coinflip game hints
Raw
coinflip_security_hints.md

Your task:

  • Build a secure coinflip betting game between two players on Ethereum.

ONLY READ THIS DOCUMENT IF YOU WANT TO SPOIL BUILDING THE GAME. FIRST TRY TO BUILD IT YOURSELF, THEN SEE IF IT SURVIVES THE FOLLOWING ATTACKS.

.

.

.

.

.

.

.

.

.

.

.

.

  1. If you use the block timestamp as a source of randomness, that's directly manipulable by miners.

.

.

.

.

.

.

.

.

.

.

.

.

  1. If you use the block hash, an attacker who controls enough hashing power could withhold a mined block if the prize in the bet would make it worth it. There are non-miner-manipulable schemes you can use instead here.

.

.

.

.

.

.

.

.

.

.

.

.

  1. Commit-reveals!

.

.

.

.

.

.

.

.

.

.

.

.

  1. But if your commitments are too small, they're easy to brute-force. You have to ensure the commitments are sufficiently large, or have nonces appended.

.

.

.

.

.

.

.

.

.

.

.

.

  1. Can the second player withhold their reveal and stop the game? How can you avoid this?

.

.

.

.

.

.

.

.

.

.

.

.

  1. What if an adversary submits the same hash as the first player? How can they manipulate the outcome?

.

.

.

.

.

.

.

.

.

.

.

.

Long story short: creating a secure coinflip game is surprisingly nontrivial! See if you can build a solution that survives all of these attacks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment