Smart Contract, AWS Lambda and React App for securely playing Roulette.
Smart contracts in Ethereum allow anyone to verify its source code. This enables smart contract gambles, where any participant can be certain, that the bank is in fact not cheating on you. If we want to play high-stakes games, there is a potential risk though.
The miner incentive to cheat becomes a serious threat, because we might a rely on the block hash for our random number generation. Playing high-stakes implies an increased chance for the current block reward to be lower than the expected gain from the gamble. This encourages a miner to cheat by not publishing a newly found block if its block hash implies loosing the gamble.
A commitment-based approach for generating the random number solves the miner incentive issue. Both parties, i.e., the bank and the player, commit to a secret value V by calculating the commitment C = SHA(V). They first send C and wait for the other person to send C. Subsequently they reveal their secret value V and the smart contract can calculate the random number as Vb XOR Vp.
-
The bank chooses a hash and submits it to the smart contract.
-
The player submits a value to the smart contract.
-
The bank submits the value fitting to the previously submitted hash.
-
Smart contract calculates a roulette number (0-36) by calculating (bank value XOR player value) % 37.
- Smart Contract: The key component of the application. Is used for all game functions.
- Front-end: The React application that runs inside a players browser.
- AWS Lambda: The nodejs server application that represents the bank.
- Netlify: The hosting service for the Front-end application.
- serverless: The deployment tool for AWS lambda functions.
- AWS S3: The encrypted database of the bank for storing and retrieving secret values.
- Web3: The JavaScript framework for talking with smart contracts.
- MetaMask: The browser plugin for verifying transactions.
- Infura: An Ethereum node service to talk with the Ethereum blockchain without running your own node.
- Truffle: A framework that provides a default front-end application as well as tools for compiling, deploying and maintaining the deployed smart contracts.
Rinkeby: 0xe4f53c8de2020de632b496290375a419b93f9dc2
Skipping the confirmation from the smart contract that the bank has set its hash significantly decreases the time for a game round. However, in rare situations it might lead to a failed round when in fact the user transaction reaches the smart contract first. Furthermore, it poses a security issue because the bank can look at the pending transactions and quickly send a new transaction with a high gas price for setting its hash. Due to the high gas price it might overtake the user transaction giving the bank the possibility to cheat. Any such cheating would be public and can be detected by a user.
Since we know the bank and user value, we can calculate the result of the round in the front-end. That is why we do not have to wait for the evalutation inside the smart contract. However, it means a user might have to wait a little bit before he can play the next round. The smart contract only allows one game round per user at the same time.
Google reCAPTCHA, Code clean-up, User Interface and design improvements
The commitment scheme was improved:
- Bank sends commitment
- Player sends value
- Bank reveals value
Two options for speedup:
(1) Skip waiting for confirmation for bank hash set
(2) Game evaluation in JavaScript
The commitment scheme worked as followed:
- Player sends commitment
- Bank sends commitment
- Player reveals value
- Bank reveals value