Open mylamour opened 6 years ago
任何使用以下示例的决策将会给用户带来不公平机会
- 使用
blockhash
, timestamp`或者其他矿工可以定义的值。始终记住,每个矿工有权利选择是否打包一个块,所以可想而知,他们都有可能获取他们挖到每个块中奖金?? what fuck ?- 使用了任何用户提交的随机数。用户可能泄露预先提交了任何一个数值。
任何其他合约可见,或者公共的。
- 这意味着这个数字不应该在开奖前公布
EVM将不会追踪外部计算机
- 任何合约生成的数字都可以在块结束前被知晓。所以需要在数字的产生和使用之间留出时间
原文:
- Any decision that a user makes which affects the outcome gives that user an unfair advantage. Examples include:
- Using a blockhash, timestamp, or other miner-defined value. Keep in mind that the miner has a choice of whether to publish a block or not, so they could conceivably have one chance at the prize per block they mine.
- Any user-submitted random number. Even if the user pre-commits to a number, they have a choice in whether or not to reveal the number.
- Everything that the contract sees, the public sees.
- This means that the number should not be generated until after entry into the lottery has been closed.
- The EVM will not outrace a physical computer.
- Any number that the contract generates may be known before the end of that block. Leave time between the generation of the number and its use.
The Casino sets aside a reward for a random number 赌场为随机数留出奖池
Each user generates their own secret random number N
每个用户生成自己的随机数N
Users create their commitment by hashing their N with their address: bytes32 hash = sha3(N,msg.sender)
1
用户通过散列他们的随机数值和钱包地址创建他们的唯一凭证
Users send their hash to the contract, along with ether greater than or equal in value to the value of the random number. 2
用户发送他们的哈希值(这个就是你的彩票)到合约地址, 随着Ether
的值逐渐大于等于随机数的值
Submissions continue for some number of blocks, or until sufficient participants have joined. Once the submission round has ended, the reveal round begins. 继续提交新的块,直到有足够的参与者进来。一旦一轮提交结束,就开始开奖。
Each user submits their random number N to the contract
每个用户提交他们的随机数N
到合约
The contract verifies that the sha3(N,msg.sender)
matches the original submission
合约去验证这个sha3(N, msg.sender)
是不是和原来的提交一致。
N
in time, his deposit is forfeit.
如果用户的没有及时提交或者提交的是无效的,他的存款将会被没收。The N
s are all XOR
'd together to generate the resulting random number.
中奖的那个N
是所有的一起生成所产生的随机数的异或。
This number is used to determine which of the participants receives the reward.(N % numUsers)
3
这个数字决定了哪个参与者将接受奖金。
注解:
The users must concatenate their address to their N
before hashing. Otherwise, another user could simply submit an identical hash, then wait for N
to be revealed, then submit that. N XOR N
equals 0
, so this could be used to cancel out all submissions except the attacker's.
用户在哈希前吧随机数N
和他们的地址连接到一起。否则,另一个用户可以简单地提交一个相同的哈希,然后等待N
被显示,然后提交。N XOR N
等于0
,这可以用来抵消除了攻击者之外的所有提交。
This is where the trade-offs come in. The last person to reveal their N has a choice whether to reveal or to not reveal. This essentially gives them a double chance at winning. Enter enough times, and you get a new choice for each entry. Hint: Miners chose the order of transactions in a block. In order to discourage this, users must put up a large security deposit, equal to the value they would gain by manipulating the random number. This could be a problem for many users, especially for large jackpots, even with game-theoretic optimizations.
不知道什么情况,老板准备做游戏?还是做博彩?不清楚。让看下合约安全,然后给大家分享一下。不好说,两天时间,还要分析下几个Dapp的合约代码。还好之前自己学习过一点。然后现学现卖,搞了一下。想说的都在PDF里了。 PDF -> smart contract security basicly
Resources