30,000 EOS taken from EOSPlay using exploit

A player on the EOSPlay gaming app used an exploit to ensure their bets on the dice game were winners, every time.

Using this exploit the player got away with 30,000 EOS and spent just 300 EOS to enact the exploit.

How the exploit works

The player / attacker used the REX (and EOS resource exchange) to ensure that new blocks were filled with only their transactions. these transactions were deferred.

The EOSPlay dice game used the bandwidth which staking nodes give away free when they do not need it.

The EOSPlay dice game used these blocks to create entropy for the dice game

The player / attacker was somehow able to use or feed the winning blocks into the dice number picking algorithm and pick the winner every time, by triggering the deferred transactions to go into infinite loops so the loosing action never executes. source –

Below are the blocked used for the exploit:

Dan Larimer, adamant that this is not a EOS bug or operating failure tweeted:

#EOS is operating correctly. This is no different than when attackers flood eth or bitcoin with high fee transaction spam. The network didn’t freeze for token holders, there was just no extra bandwidth available for free use

Dan Larimer (@bytemaster7) tweeted

Signing the tweet storm off with:

This attack however may not be limited to EOSPlay, as @dexaran pointed out:

This is another in a long line of smart contract vulnerabilities found and exploited and these things will continue to happen when their are large sums of money at stake.