Nearly a month, the blockchain security company PeckShield has been found and the disclosure of EOSBet, EOSCast, FFgame, EOSDice, EOSWin, MyEosVegas, LuckyGo, EOS, Lelego and other ultra 8 EOS quiz games was hacked, the hacker grossed 170503.5 EOS prior to the market, the average price of 35 yuan / estimate, hackers have been from the game on the profit of over 5967662.5 yuan, has been a serious threat to the normal order of ecological EOS.
PeckShield security personnel by attacking the characteristics of a variety of games are extracted, preliminary findings: 1, the attackers behind different hacker Gang organized and targeted attacks in the implementation; 2 reasons, most successful attacks and vulnerabilities related to random number; 3, a similar attack is likely to become more frequent, and their attack efficiency signs of increasing.
Because most of the EOS guessing game is not yet open, in order to clarify the technical principle behind the random number of vulnerabilities, hackers often feel out the reason the attack succeeded. The PeckShield security team to typical EOS.WIN game as a sample for the hacker perspective the mystery behind, bring you a taste of the random number of exploits.
In November 12th, according to PeckShield data show: situation awareness platform 08:59 to 09:00 morning, less than a minute, a total of hackers to EOS.WIN game contract (eosluckydice) launched 10 attacks, profit exceeds 9180 EOS. PeckShield security personnel tracking and analysis found that hackers first to 22:46 last night in the implementation of the small test attacks, 165 attacks have attack methods, to choose the next day at 9 PM with multiple related account implementation of fast attack. Although the game also uses two time delay transaction more secure (deferred transaction) information as part of a random number, but hackers still cleverly circumvent these limitations, the successful implementation of the attack.
The hacker attack principle and lottery process:
EOS.WIN is mainly composed of 21 points and two guessing game, guessing game play, the user can select a number, the system will be selected in accordance with the size of the corresponding odds of users, then the system will give a random number, if results and user size matching as a winning amount is obtained investment amount multiplied by the odds.
The game is the process of lottery game game player received contract transaction request, delay the lottery method execution after 1.5 seconds (resolved function), and the use of lottery numbers in the lottery method in random number generation, also lottery results informs internationally through inline invocation (receipt function), then the lottery number plus 1 and save. The lottery process is shown below:
(the 1:DICE lottery game process)
PeckShield security staff analysis found that the random number of the contract is obtained through the get_random function, the influence factors of the random number generated by the txid ID tapos_block_num transaction transaction hash, block height, block tapos_block_prefix, ID prefix, bet_id Global lottery number etc..
In order to further understand, first some background knowledge of science:
1, delay the transaction with tapos_block_prefix: random number generation method in common, most of the use of tapos_block_num and tapos_block_prefix as an important part of the future a specified information block in the transaction, to ensure the unpredictability. If the delay of transactions by contract, that is to say at the time of the transaction (such as lottery) delay interval is specified, seemingly is the use of future information, in fact, issued this transaction, the system has been specified using the current synchronization to the latest piece of information (head_block), and tapos_block_num and tapos_block_prefix are also determined.
2, the transaction status information rollback: the EOS deal, if an action in a trade (action) implementation will lead to the abnormal state of the rollback transaction. For example, the deployment of contracts in their accounts, each received the transfer notice (transfer receipt) when an exception is thrown, can lead to the failure of the transfer process, all state information, including balances are intact.
3, calculate the transaction hash ID: a transaction (transaction) can contain multiple action, if all action parameters are determined, then combined with the above mentioned tapos_block_prefix (ref_block_prefix), can calculate its own transaction hash ID.
In short, an attacker using a lottery number (bet_id) in the random number generation and inline call failed state information can lead to characteristics of rollback, at the same time control multiple contracts account and send transaction request, to try to ensure the final request account can be obtained at the lottery number involved in generating random numbers, to win the award. In the case of EOS.WIN, the attacker first with 5 implementation of a small amount of betting account feint, in the grasp of higher probability, with the last 1 the largest amount of main account betting, with higher probability to get bonus.
The attack process is as follows (see below):
First, the attacker deployed 6 attack contract, call attack method, in the attack contract while allowing the 6 account to send the transaction request so that the request will be in the same block as the lottery lottery, consistent trading in tapos_block_num and tapos_block_prefix are the same, only bet_id may be different.
The first 5, the attacker in the lottery contract, received notice, access to the current bet_id, and the ID can make the final judgment of winning account.
1) if the calculation of the final account not winning the lottery account, notify the normal execution of the account using the new lottery number to calculate the random number;
2) if the calculation of the final account can make the lottery winning, notice the account fails, then the lottery number is retained until the end of the winning account;
(Figure 2: multi account attacker attack procedure)
The probability of winning:
From the lottery and the attack process, each adding a feint account, more than an early end of the calculation main account to the chance of winning. According to guess the number of 20 to calculate the odds for 5 times, 6 account will increase the probability of winning to about 74%, although still can not guarantee that each attack will win, but the attacker can attack 10 6 is already winning, winning probability high and disrupt the normal order of the game.
In the game and so on EOS.Win random number by the attacker can control the variable number lottery games (bet_id) effects, so PeckShield is proposed in the developer, random number generation DApp, the need to remove an attacker can control variables such as number of lottery games, lottery while avoiding action and action notice (receipt) in the same a transaction, so as to avoid the transaction state rollback, and prevent attacks from hackers.