> Let's say you're gambling 10k ETH on the last bit of RANDAO output being 1. You pay 5k to enter, and get either 0 or 10k back.
Ethereum does not let you make a gamble like that on the protocol level, so it sounds like your proposed attack is against a theoretical gambling platform that naively relies on RANDAO as its sole source of randomness for resolving bets, and that naively allows a user to resolve their bet based on a user-selected RANDAO round, correct? From your previous comment, I somehow got the idea that you were going to describe an attack against Ethereum's Proof of Stake.
This section of this article does a good mathematical analysis of RANDAO biasability in the context of leader selection in Ethereum's beacon chain, in my opinion:
The takeaway from the math is that while it's true the RANDAO is biasable in one-off circumstances through the last-actor pre-image withholding attack you describe, trying to use such an attack to influence network consensus is a no-go. The majority of honest actors ensure that any attempt to bias the RANDAO is ephemeral, where it's only useful for doing a bit flip attack at an unpredictable block height against improperly implemented casino software.
I have to say I am a bit disappointed. I thought you were going to describe an attack against PoS.
Ethereum does not let you make a gamble like that on the protocol level, so it sounds like your proposed attack is against a theoretical gambling platform that naively relies on RANDAO as its sole source of randomness for resolving bets, and that naively allows a user to resolve their bet based on a user-selected RANDAO round, correct? From your previous comment, I somehow got the idea that you were going to describe an attack against Ethereum's Proof of Stake.
This section of this article does a good mathematical analysis of RANDAO biasability in the context of leader selection in Ethereum's beacon chain, in my opinion:
https://eth2book.info/altair/part2/building_blocks/randomnes...
The takeaway from the math is that while it's true the RANDAO is biasable in one-off circumstances through the last-actor pre-image withholding attack you describe, trying to use such an attack to influence network consensus is a no-go. The majority of honest actors ensure that any attempt to bias the RANDAO is ephemeral, where it's only useful for doing a bit flip attack at an unpredictable block height against improperly implemented casino software.
I have to say I am a bit disappointed. I thought you were going to describe an attack against PoS.