The evening of December 18th to 19 am, a EOS head DAPP attack. EOSMax, ToBet, BigGame and BetDice from transaction rollback attack, the loss of 55000 EOS and 22000 EOS respectively, 14903.18EOS, EOS 200000. In addition, hackers use replay attack vulnerabilities to attack the guessing game TRUSTBET, profit 11501 EOS. A few games a total loss of 303404.18 EOS, with EOS to estimate the price of 18 yuan, a total of about 5 million 460 thousand yuan.
Attack a few games for basic EOS head with active guessing games. According to PeckShield reports, the guessing games BetDice nearly a week of daily activity over 5000 people, the trading volume is over 50 million EOS.
PeckShield founder Jiang Xuxian said that behind this attack is the same groups or individuals. The attack BetDice hnihpyadbunv created the account account eykkxszdrnnc, EOSMax and BigGame used to attack. The account eykkxszdrnnc has created a sub account kfexzmckuhat to attack ToBet. After a successful attack, and frequently create sub accounts to transfer the assets.
For the attack, Jiang Xuxian to the daily planet Odaily said, ECAF EOS is expected to recover from difficult, has been involved in 1808 accounts, the amount is still increasing.
The attack on it?
PeckShield security researchers believe that EOSMax, ToBet, BigGame and BetDice these four guessing games are attacks, Node and EOS were about the existence of loopholes.
Hold the same view as EOS MAX, according to IMEOS.ONE reports, EOS MAX announced EOS Node, said it was due to the existence of loopholes in the game, not the existence of loopholes in the contract.
According to the unnamed sources revealed to the daily planet Odaily, this transaction rollback attack and project NodeOS opened speculative mode, developers need to shut down the mode to avoid the attack (to open speculative mode, can be simply understood as the exchange rate can be improved, but the security will reduce).
For the specific process of the transaction rollback attack, head of the Goh MEET.ONE Odaily told the daily planet, think the attack process is as follows:
1. hacker B to the game by attacking the contract contract account A transfer contract game bet, real-time lottery, award for account A.
Node 2. game began to contract B use EOS network synchronization C deal.
3. attack contract account A assert, super node without package C, all nodes rollback transaction C.
4. hackers access to C data transaction, if the bet wins, the normal execution of a transaction C if it fails to start the next attack.
The coin between “Punchinello” share an inferred Canon and MYKEY technical team for the survey based rollback attack:
The attack is to seize the DAPP node to read and write without separation of vulnerabilities, hackers use DAPP to read the node directly send the transaction, then the node will be the first to perform logic calculation of DICE results, if a hacker win that will not make any operation, such as the node to node broadcast synchronization block will win. If the hacker loses, hackers simultaneously send a transfer operation to the current block is the main node, let the account balance is not enough to complete the deal earlier, then the deal will be previously abandoned, so hackers will not lose.
The use of the traditional way: double!
DAPP should check whether the read and write and read about the separation of nodes is set to read-only.
At present, according to the IMEOS.ONE report, had suffered attacks and suspended transaction rollback operation EOSMax, solve after investigation, and BP team to discuss the program, have been successfully repair the problem, has been restored to service. The team will be used to read and write separate ways to fix the problem, read by read-only node, write by another node to avoid rollback transaction vulnerabilities.
In addition, the replay attack vulnerabilities suffered by TRUSTBET, PeckShield security staff believes that this is a first appeared in the EOS DApp ecological early form of attack, because the lottery random algorithm developers to design flaws, the attacker can take advantage of loopholes in the repeated contract award, is a relatively low-level error.
How to see the industry?
For this attack, head of the Goh MEET.ONE Odaily told the daily planet, this is not the first time EOS was attacked, and even attack tactics and discovered vulnerabilities are not technically difficult. Can only say that EOS ecological development very fast, but the project research and development capabilities and security capabilities lag. For the EOS project, the production environment is the best test environment , constantly encountered problems need continuous iteration.”
The white Xiaoxiang Odaily matrix founder Wu Daily Planet said, EOS’s vision is good, but needs more stable may be more suitable for developers. The mechanism design of EOS problems, for example, can replace the contract, the lack of access restrictions on developers. In addition, EOS also reflects the existing problems of BP long time. However, the recent release of EOS side chain, BM also launched the wasm interpreter, scan code login PC end of the Dapp, will be improved in terms of security, will continue to focus on EOS.
For this attack, there are people from the ecological point of view is given EOS. DappReview CEO Odaily Niu Fengxuan to the daily planet said, this is a very big accident, but since this morning to see, node and multiple occurrence attack game project began as a study, how to solve the problem. Moreover, BetDice also friendly reminder of their competitors. These benign behavior is very helpful for the ecological construction of EOS.
I am Odaily Daily Planet Qi Ming, exploring the real block chain, and the God of love daily chat. Please exchange, broke the news of WeChat qingmoruoshui, please note Name, company, position. Reprint / content / cooperation reports firstname.lastname@example.org; illegal reprint law.