- Build a secure coinflip betting game between two players on Ethereum.
ONLY READ THIS DOCUMENT IF YOU WANT TO SPOIL BUILDING THE GAME. FIRST TRY TO BUILD IT YOURSELF, THEN SEE IF IT SURVIVES THE FOLLOWING ATTACKS.
- If you use the block timestamp as a source of randomness, that's directly manipulable by miners.
- If you use the block hash, an attacker who controls enough hashing power could withhold a mined block if the prize in the bet would make it worth it. There are non-miner-manipulable schemes you can use instead here.
- Commit-reveals!
- But if your commitments are too small, they're easy to brute-force. You have to ensure the commitments are sufficiently large, or have nonces appended.
- Can the second player withhold their reveal and stop the game? How can you avoid this?
- What if an adversary submits the same hash as the first player? How can they manipulate the outcome?