[UPDATED] Epic Dice shut down due to witness cheating

themarkymark (78) in gambling • 5 years ago (edited)

View this post on Hive: [UPDATED] Epic Dice shut down due to witness cheating

5 years ago by themarkymark (78)

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

smooth (70) · 5 years ago (edited)

Not unforeseen. These types of vulnerabilities are well-known for years, and I've personally advised people building games about them.

The developers of this game are either incompetent or knew about the vulnerability but built the game that way anyway so they themselves could "hack" it using a sock puppet. I'm making no claim as to which.

reggaemuffin (66) · 5 years ago

@raycoms and I talked a lot about theoretical ways to crack such randomness and how to design it in a way that is not deterministic for the witness that signs the block.

But I didn't think someone would actually do it.

themarkymark (78) · 5 years ago

But I didn't think someone would actually do it.

reggaemuffin (66) · 5 years ago

Upon investigation it seems that it was super easy to hack, you didn't even have to collude with a witness. Basically if you craft the right transaction it just works.

And that is really easy, so I can actually imagine a lot of people doing that. Would probably take someone 30 minutes to code it up.

I really don't pity the devs here, if they use the tx in isolation as the randgen seed then they are as incompetent as can be 🤷‍♂️ that is like hiding passwords in the client application 😂

I didn't think that someone would modify steemd to make their witness produce specially crafted blocks that alter the randgen. But seriously, transactions?

smooth (70) · 5 years ago (edited)

I didn't think that someone would modify steemd to make their witness produce specially crafted blocks that alter the randgen

They will if there is enough money at stake (or even if it isn't and just feel like it is worth doing for the lulz anyway) and on a global network making assumptions about what someone somewhere will be willing to do nearly always ends badly.

$0.00

holybranches (60) · 5 years ago

But I didn't think someone would actually do it.

Thanks. Now I'm speechless for the rest of the week.

$0.00

dr-frankenstein (67) · 5 years ago

I like it more like this:

The developers of this game ~~are either incompetent or~~ knew about the vulnerability but built the game that way anyway so they themselves could "hack" it using a sock puppet. ~~I'm making no claim as to which.~~

... When provably fair isn't enough.

$0.00

cwow2 (65) · 5 years ago

So a witness exploited a bug and didn't tell. What a great witness to have on the steem blockchain.
Thankfully I havn't voted for him/her as a witness otherwise it would have been revoked immediately.

themarkymark (78) · 5 years ago

He is #212, would hardly call that a witness, but a witness none the same.

$0.00

cwow2 (65) · 5 years ago

Ye okay.
Still a shame tho.

$0.00

isnochys (66) · 5 years ago

Where would you draw the line? :)

$0.00

smooth (70) · 5 years ago

Literally everyone can be a witness. All you need to do is download the and run the steemd code and vote for yourself. Your ranking will be low but you'll be a witness.

$0.00

isnochys (66) · 2 years ago

_

$0.00

smooth (70) · 5 years ago

It actually turns out it had nothing to do with any witness, but doesn't really change much.

$0.00

cwow2 (65) · 5 years ago

That changes nothing for me. He still exploited a bug in my opinion :D

snackaholic (57) · 5 years ago

@mys good job finding this exploit! I hope you informed the team about this so they can fix it :)

cwow2 (65) · 5 years ago

He stole 2.5k without saying anything and another user told them...
Mark even wrote that under the pics x)

holybranches (60) · 5 years ago

He didn't "steal" anything.

$0.00

cwow2 (65) · 5 years ago

So exploiting a bug isn't stealing or cheating? Oo
And he has a witness account. How is that acceptable?

$0.00

smooth (70) · 5 years ago

Everyone has a witness account. As soon as you get a single vote (even from yourself) and wait long enough you will get to produce a block.

cwow2 (65) · 5 years ago

I dont and if I do, I have no idea how to use it :p

But I guess what you are saying is that its not hard to become a witness x)

Marky also told me he is witness nr. 212, so hardly a witness.

$0.00

isnochys (66) · 5 years ago

Bug or feature?
He did just that, what could be done.
Where is it written, that he couldn't bet in that way?

$0.00

cwow2 (65) · 5 years ago

A software bug is an error, flaw, failure or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways.

Copied from wiki :)

Thats how I see it.
You might see it a different way :D

$0.00

drakos (70) · 5 years ago (edited)

Busted! Get that hammer.

themarkymark (78) · 5 years ago

Love this movie

$0.00

drakos (70) · 5 years ago

I've watched it hundreds of times.

$0.00

themarkymark (78) · 5 years ago

Checkout Cooler and 21.

$0.00

manniman (63) · 5 years ago

the best :D

$0.00

justyy (82) · 5 years ago

I wish I knew this!

$0.00

abh12345 (76) · 5 years ago

So you could give it all back and tell them to fix their code, yes? :)

justyy (82) · 5 years ago

Haha... yes. and maybe they will tell me to keep the STEEMs as a reward :) who knows?😂

$0.00

gikitiki (60) · 5 years ago (edited)

Back in the day ... Steemit fork 1,2,or 3, a similar ~~"random" number~~ algorythm was exploited such that an individual with 20-30 alt accounts managed to maintain ~~18-19~~ some of the top 20 witness rankings for weeks.

When @dan and @ned found it, ~~they provided the individual with even more steem (than already amassed) to provide them with the explanation of the exploit.~~ Congratulated the individual. They then forked to fix the hole.

@mys took advantage of a weakness in the code, but in this realm that is not a crime ... (it is being a dick though) however, I'll be curious to see what he does with the "winnings". This could quickly end his bid to ever be a top ranking witness.

If @mys returned all the winnings with a memo stating "fix the code - look at how smart I was to do what I did", he would win some respect in the eyes of many steemians.

Here's the link to one of the better explanations on that "hack"

https://steemit.com/steem/@arhag/how-supercomputing-was-able-to-dominate-the-mining-queue-and-how-the-bug-was-fixed

EDIT: I used strike through to correct what I remembered happening versus what really happened as explained in @arhag's post.

$0.00

smooth (70) · 5 years ago (edited)

maintain 18-19 of the top 20 witness rankings for weeks

He only maintained ONE of the top 21 slots, the mining slot. The backup voted witness slot and the top 19 voted witness slots all functioned normally.

I also don't know if it is accurate that he was paid to disclose the exploit. As far as I know @arhag (one of the top witnesses at the time) figured it out on his own.

$0.00

gikitiki (60) · 5 years ago (edited)

You are correct. I remembered the urban myth. I found @arhag's post after I'd replied. :-(

I have ~~struck out~~ my errors in memory.

dr-frankenstein (67) · 5 years ago (edited)

Hey @mys, the cake taste guud?

Thank you for doing a service to the community.

$0.00

cyberblock (65) · 5 years ago

I like this @mys guy :)

$0.00

chekohler (70) · 5 years ago

Ouch! The house always wins but when it doesn’t man does it crash and burn epic for sure

$0.00

eturnerx (64) · 5 years ago

In meat space, the house will "break" after loses are too high. They also have other fail safes to limit house losses JIC the game has some flaw or there's cheating.

Posted using Partiko Android

onyechi (64) · 5 years ago

Busted, I hope it gets fixed soon

Posted using Partiko Android

$0.00

blewitt (72) · 5 years ago

Ouch. This is disappointing.

Posted using Partiko iOS

$0.00

kaminchan (70) · 5 years ago

Wow! Luckily someone spotted the cheating!! Transparency in blockchain!

$0.00

hungryharish (66) · 5 years ago (edited)

Oops! I invested in epic dice. At first the glance of title make my heart beat skip by remembering exit of magic dice 😅 that's why they didn't delivered my payout today.

$0.00

eturnerx (64) · 5 years ago

Any software will have exploits. If they can come back from this then the code'll be stronger for it.

Posted using Partiko Android

balticbadger (66) · 5 years ago

Crazy!!!

Posted using Partiko iOS

$0.00

fervi (66) · 5 years ago (edited)

Generate priv key and Bitcoin address
Give bitcoin address to verify and use priv key as seed
Give a seed (privkey) after play
??
Profit

$0.00

cryptospa (73) · 5 years ago

That's really interesting.

Posted using Partiko Android

$0.00

moderndayhippie (67) · 5 years ago

People fucking suck! What happened to honest people? What happened to the golden rule? What happened to morals??

$0.00

luvlylady (56) · 5 years ago

Let's be honest though I haven't seen morality in gambling like ever.

$0.00

moderndayhippie (67) · 5 years ago

LoL, touché

$0.00

oivas (66) · 5 years ago

Wow, that happened! @mys does explain how he did it.. I wonder if he is going to return the money, though.

Posted using Partiko Android

$0.00

hirotokyung (25) · 5 years ago

Seriously!

$0.00

freebornangel (73) · 5 years ago

How many others in the 1% club?
Is there any way to know this wasn't exploited by others, perhaps with less extreme odds, but over more time?

$0.00

pennsif (79) · 5 years ago

This post has been included in the latest edition of The Steem News - a compilation of the key news stories on the Steem blockchain.

$0.00

wanderingmoon (52) · 5 years ago

#Thingsthatmakeyagohmm

$0.00

skramatters (66) · 5 years ago

Overvalued post, you're a hypocrite

Posted using Partiko Android

$0.00