A vulnerability in Fair Dice’s C++ source code was exploited by a hacker to steal $200,000 worth of EOS cryptocurrency from crypto-betting site, Fair Dice. The vulnerability involved the emplacement of an object which contained the amount of money to transfer into a vector. The problem was that there were not adequate parameters on the values that could be emplaced into this vector, which allowed the hacker to siphon this large amount of money. Moral of the story, always check your boxes when you are coding something involving other people’s money. It doesn’t take long to set instance variables, object parameters, etc. Better safe and have done some tedious work than very sorry.
source code:
https://github.com/Dappub/fairdicegame/blob/master/fairdicegame/include/fairdicegame.hpp#L240
original article:
https://www.zdnet.com/article/blockchain-betting-app-mocks-competitor-for-getting-hacked-gets-hacked-four-days-later/
Leave a Reply
You must be logged in to post a comment.