Bounty: 20 XCP bounty to build the ethereum smart contract logic for a powerball lottery on the blockchain using XCP
https://bitcointalk.org/index.php?topic=395761.msg9753544#msg9753544
Submission by semiel / Peter Borah: https://github.com/PeterBorah/ethereum-powerball
Review by Joris Bontje on https://github.com/PeterBorah/ethereum-powerball/commit/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b
Joris' XCP address 1Gu8Qo7Z87BbAUEp88s5Pgp875RBxUsBw9
0) if someone can write the logic on the lottory using whatever is compatible with what Adam has ported to mimic the powerball lottery.
clarified by PhantomPhreak: The two contracts systems are/will be 100% compatible. Just write PoC-7 Sepent [sic] code.
All contracts compile successfully with Serpent v1.7.6
The administrator will make their money from setting the probability and amounts for prize payouts, this is more closely of an implementation that 'taking a fee': https://github.com/PeterBorah/ethereum-powerball/blob/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b/contracts/lotto.se#L101-L120
The administrator can withdraw their cut (any amount) as long as there is no current lotto running: https://github.com/PeterBorah/ethereum-powerball/blob/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b/contracts/lotto.se#L122-L130
Players can buy tickets directly: https://github.com/PeterBorah/ethereum-powerball/blob/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b/contracts/lotto.se#L27-L47
3) it should distribute the winning based on how many numbers people get X of Y numbers (similar to how state lottos work)
Winnings are based on the number of matching balls: https://github.com/PeterBorah/ethereum-powerball/blob/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b/contracts/lotto.se#L143-L183
Tickets can be transfered: https://github.com/PeterBorah/ethereum-powerball/blob/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b/contracts/lotto.se#L57-L60
Winning players need to claim their own winnings explicitly: https://github.com/PeterBorah/ethereum-powerball/blob/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b/contracts/lotto.se#L83-L95
No, winnings can be claimed forever (but only once) https://github.com/PeterBorah/ethereum-powerball/blob/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b/contracts/lotto.se#L122-L130
Redemption deadline is configured, but not actually used when tickets are claimed: https://github.com/PeterBorah/ethereum-powerball/blob/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b/contracts/lotto.se#L19
Jackpot rolls over with configurable increment: https://github.com/PeterBorah/ethereum-powerball/blob/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b/contracts/lotto.se#L200-L203
8) the initiator should be able to choose how many number fields, time block period, and his pay out, and possibly the distribution logic (if you want to get fancy).
Except for field numbers (as mentioned by semiel in his submission), the time block periods and payouts are configurable: https://github.com/PeterBorah/ethereum-powerball/blob/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b/contracts/lotto.se#L14-L25 https://github.com/PeterBorah/ethereum-powerball/blob/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b/contracts/lotto.se#L101-L120
Yes, availabe on GitHub under MIT license https://github.com/PeterBorah/ethereum-powerball
10) one of the XCP dev's need to look at it and say that the code is good (or a known, respected Ethereum dev)
The intent of the code is good, but in the implementation I have identified a couple flaws:
- As stated under 6, the redemption deadline isn't fully implemented. This is problematic as it conflicts with the administrator being able to withdraw funds after the deadline.
- Winning numbers can be redrawn multiple times after the lottery deadline, potentially overriding previous drawings. https://github.com/PeterBorah/ethereum-powerball/blob/1a523c67dd7db7833c57c5d1c9fdb2a6f3acfc5b/contracts/lotto.se#L62-L81 As this can be triggered by anyone this is a serious concern. Suggested is to 'freeze' the lottery after the lottery deadline until the redemption deadline has expired as well.
- Relying on
block.prevhash
is a security risk as this can be abused by miners / mining pools using a block withholding attack. If this is a real threat depends on the payout amount of the lotto. Since the RNG is configurable, I'd consider this to be currently good enough for the bounty.
- use
def init
for automatic initialization upon contract creation - specify explicitly in
requirements.txt
which pyethereum / ethereum-serpent library are supported - create user interface ;)
hey FYI, i did not have explicit donation for the code reviewer but I have asked Peter, once he gets the donations from the people who pledged if he would consider sharing some with you. If you could please add your XCP/BTC address to this github.com page.
https://bitcointalk.org/index.php?topic=395761.msg9782323#msg9782323
Thanks again for this very thorough review and recommendations. In the future, as I do these donations/bounties with some of my trading profits, I will make sure to allocate some percentage to the reviewer.