0

Is the way Minereum Lucky Draw game works really safe 100% onchain RNG and verifiable on smart contract?

They claim yes but I would like to know expert technical answer for this, if so, isn't this a major breakthrough in generating random numbers on the blockchain without oracles?

More details: https://www.minereum.com/v2/luckydraw

They say:

The Random Number Generation is totally decentralized and fair, the source code can be verified here. The random numbers are generated based on the blockhash of the second block after purchase. There is an interval of 3 blocks between buying a ticket and playing to be able to guarantee complete unpredictable randomness 100% on-chain.

Manu
  • 9
  • 1
  • No, because what they claim is "Provavly Fair, Secure & Safe Random Number Generation 100% on-chain without the use of any oracles.

    Minereum Lucky Draw is a blockchain experiment to prove that 100% Safe onchain randomness is possible."this is quite a big statement, the link you posted actually states it is not 100% safe to use blockhash. So my question is still open

     – Manu Sep 19 '20 at 11:13
  • @Manu In the link provided there's no proof of any of their statements. Looking at the code in Etherscan they use blockhash in the same way as in the question pointed by Morten. It is not 100% safe, miners still have leverage because they can select a block that works for them and drop transaction that they don't like. – Ismael Sep 19 '20 at 22:11
  • @Ismael, you are wrong, read my answer. To be honest it is actually 200% safe. Have a look with some attention and you will find out the way they are doing it is actually genius – Resten Sep 20 '20 at 19:17
  • @Resten Please justify why it can't be taken advantage of by miners. I added a couple of attack from the top of my head to your answer. – Ismael Sep 20 '20 at 19:45
  • @Ismael, miners cant take any advantage see my comment on the reply, it is impossible. – Resten Sep 20 '20 at 20:27

1 Answers1

0

The way they are doing it is indeed a breakthrough in my view, it is the first time I actually see a 100% safe way to generate random numbers on a smart contract without oracles.

EDIT: And by the way, oracles are not even 100% safe because you are always trusting third parties.

How they do it:

  1. First you need to buy a ticket
  2. You can only use your ticket after 3 ethereum blocks
  3. When you use your ticket the random numbers are generated based on the blockhash of the 2ND block

This is actually genius, as there is no way for anyone to guess the blockhash because it is always a blockhash of the FUTURE! (the RNG are generated based on the blockhash AFTER you purchase the tickets)

EDIT2: Miners can't even check on invalid transactions because the blockhash is always done based on a future blockhash (after they pay the eth), the only downside of this method is that the tickets expire after 256 blocks due to ethereum limitations on caching the blockhashes, but 256 blocks is actually a good amount of time for the player to redeem the tickets (it's almost 1 hour), as a player you just have to make sure you play the tickets before they expire.

100% safe in my opinion and source code is good, couldn't find a flaw

Resten
  • 533
  • 1
  • 8
  • 14
  • A miner can still manipulate the result. For example by delaying so you can't redeem before the 256 blocks, or they will force you to pay more in gas. Since they generate a block they can determine before the block is solved whether they will win or not and search for another block in they not. – Ismael Sep 20 '20 at 19:45
  • The miner cannot manipulate the result, zero chance, it is impossible with this method. Look, think about it: 1. You buy a ticket (you transfer your eth, the eth is already gone from you), this is the block 1 of the RNG journey. 2. You can only use your ticket AFTER 3 blocks - 3. After 3 blocks when you use your tickets it will generate the random numbers based on the blockhash of BLOCK 2. BLOCK 2 is AFTER your block 1, in order for the miner to be able to manipulate the RNG the blockhash would have to be from Block 1 OR before, but in this case it is AFTER. Zero chance for manipulation. – Resten Sep 20 '20 at 20:22
  • @Ismael, And if I am wrong and you are right, go head and hack it... the current pool is almost 4.5 eth hehe – Resten Sep 20 '20 at 20:24
  • @Ismael, the magic here is that the RNG is always generated based on block 2 and you can only use it after block 3. No matter in what block you use the tickets after block 3 to trigger the RNG it will always generate them based on Block 2. Block 2 is always unpredictable on the moment you are purchasing the tickets, thus 100% safe RNG onchain without oracles, they are correct. – Resten Sep 20 '20 at 20:40
  • The miners generate blocks so they can check if you will win, and discard that block so you will not win. Probability is low but it is not zero, a miner may decide to attack depending on the total reward. Another attack is take advantage of short forks, they are pretty common. Send a bet wait three blocks if they don't win publish a block with higher pow. – Ismael Sep 20 '20 at 20:41
  • Miners can drop any block, that's not what is at play here I think. As miners cannot manipulate the blockhash I believe this is a good way to generate RNGs, possibly the best way to generate 100% onchain RNGs without oracles that exists out there. I would classify oracles more risky than this way, oracles are centralized. – Resten Sep 20 '20 at 21:23
  • You say a lot of thing but don't provide any proof. It is not new, it is not 100% safe, and miners can manipulate blockchash. – Ismael Sep 20 '20 at 22:46
  • How can miners manipulate the blockhash? Can you give me an example, when I'm talking about manipulation, I'm talking about them actually deciding the blockhash to the value they want, in that way they could brute force the blockhash until they get the blockhash to win the prize, however I am not aware that miners can actually dictate the blockhash value, can you point out sources on that if that's really the case? – Resten Sep 22 '20 at 09:16
  • Comments are not the place for extended discussion. First miners do not need to manipulate the whole blockhash to break your implementation, just enough to change the mod operator (%) output. – Ismael Sep 22 '20 at 12:45
  • Can you provide some sort of sources for what you are claiming? My understanding is that miners can not manipulate the blockhash at all, how can they do that? – Resten Sep 22 '20 at 12:53
  • The block hash is calculated hashing the block header which contains fields that are manipulable by miner, like timestamp and nonce. Please read solidity documentation Both the timestamp and the block hash can be influenced by miners to some degree. – Ismael Sep 22 '20 at 16:07
  • Yes the timestamp can be manipulated however blocks with invalid time are rejected by the ethereum network, so look for an eventual attack to occur this would have to happen: 1. Miner buys a ticket 2. Miner NEEDS to mine the second block after (uncertain) 3. Miner needs generate a blockhash based on a nearby timestamp of max + 30 seconds or something like that, so his chances AFTER all this work are for ex. 30/10000, not big deal! AND if a miner can do it all miners can compete for this, changes nothing to be honest I still support this is the most secure way to generate RNs on ethereum – Resten Sep 25 '20 at 08:05
  • Oracles on the other hand are much easier to manipulate, 1. Access the centralized server 2. Manipulate the response... – Resten Sep 25 '20 at 08:08
  • There are secure ways to generate random numbers without relying on blockhash, like randao for example. It is a research area with a lot of interest and published papers. – Ismael Sep 25 '20 at 15:04