30,000 EOS taken from EOSPlay using exploit
A player on the EOSPlay gaming app used an exploit to ensure their bets on the dice game were winners, every time.
Using this exploit the player got away with 30,000 EOS and spent just 300 EOS to enact the exploit.
How the exploit works
The player / attacker used the REX (and EOS resource exchange) to ensure that new blocks were filled with only their transactions. these transactions were deferred.
The EOSPlay dice game used the bandwidth which staking nodes give away free when they do not need it.
The EOSPlay dice game used these blocks to create entropy for the dice game
The player / attacker was somehow able to use or feed the winning blocks into the dice number picking algorithm and pick the winner every time, by triggering the deferred transactions to go into infinite loops so the loosing action never executes. source –
Some DAPPs were using future blocks to generate random numbers. The hacker rented 1.2m CPU from REX to create thousands of deferred trxs, blocking the network.— Michael Fletcher (@Mikefletcher42) September 14, 2019
The hacker then cherry pick the trxs they wanted to go through(winning ones), and the others(losing ones) stay blocked
Below are the blocked used for the exploit:
Dan Larimer, adamant that this is not a EOS bug or operating failure tweeted:
#EOS is operating correctly. This is no different than when attackers flood eth or bitcoin with high fee transaction spam. The network didn’t freeze for token holders, there was just no extra bandwidth available for free useDan Larimer (@bytemaster7) tweeted
Signing the tweet storm off with:
This attack however may not be limited to EOSPlay, as @dexaran pointed out:
It seems that the scale of the attack is much larger than we originally expected.— Dexaran (@Dexaran) September 13, 2019
These are attacker’s accounts:https://t.co/wdeRVVHT4Vhttps://t.co/euC2gEncj7https://t.co/7mrpdRfGLihttps://t.co/Wsl578HVPahttps://t.co/I0aTR8OvbQhttps://t.co/7ixE6VCoLfhttps://t.co/1QIOQDfDlw
This is another in a long line of smart contract vulnerabilities found and exploited and these things will continue to happen when their are large sums of money at stake.