-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
One more security layer for RANDAO contract #8
Comments
It's a interesting project.But I have not found the relationship with the reveal round? |
In reveal round you call TheDivine.GetPower() to get a number, and combine to RANDAO result before funding all participants. It will keep miner, attacker is not able to manipulate. |
Look at calculate function, if all participants send 0x000000000000000000000.... to your contract your result isn't RANDOMIZE at all. |
Firstly, I will refactoring this piece of code, there is some security problem.
And then, why we don't add something like block[N].hash or block[N].difficulty? In our README, we have explained it.
|
Vitalik has thrown out his randao++ idea, it looks more reasonable.But firstly, we need to finish this. |
I'm agree that we shouldn't trust the miner. And The Divine was created to protect us from miner manipulate. |
The Divine is more legit when the number of users are lager. And it become more legit for each time we call GetPower(). |
In the reveal round, only the revealer know the secret, and this is the only one factor which can effect the result. |
Yes, the weakness is that we need at least 1 HONEST PARTICIPANT, but I take this as the precondition.
Yes, this is also randomize. |
All participants are send malicious secrets, your result is able to calculate and it no more a random number. |
We just need one honest participant. |
If miner was mine this block he will know secret too.
I've suppose to remove block.timestamp that is my stupid.
RNG should trusted anyone or anything instead of participant. |
Yes, the RANDAO has two weakness:
But it is the most reasonable design we can think by now. |
I have removed I hope that The Divine may be an improvement for RANDAO, let's us work together. Block difficulty is removed, everything relating to miner is removed |
Here is the concept to make The Divine and Randao working together.
|
Sorry, I do not get the meaning of |
It's participant secrets. Sorry, i wasn't make it clear. Here is my latest concept: |
Firstly, why we need |
This concept is about save all random value in the past and lookup later. m is total number of random number have store in the past. I have created a pull request which is based on “anyone can make a change”. |
I have been created a smart contract which was generate a uncontrollable number:
https://github.com/tad88dev/thedivine
Would you use it as a security improvement at the reveal round ?
The text was updated successfully, but these errors were encountered: