BTC0.020
ETH0.020
HTX0.020
SOL0.020
BNB0.020
BTC0.020
ETH0.020
HTX0.020
SOL0.020
BNB0.020
The second round of Fomo3D awards was given out, hackers won the prize, and mechanism loopholes became the main reason for the decline of the game
安比(SECBIT)实验室
2018-09-28 02:07
本文约4405字,阅读全文需要约18分钟
Where technology and wealth intersect, hackers will always maintain the keenest sense of smell.

Editor's Note: This article is from SECBIT Lab, author: SECBIT Lab, published with authorization.

At 11:32 on September 24th, Beijing time, the final prize of the second round of Fomo3D was won by address 0x18a0, with a bonus of 3,264.668 Ether. The SECBIT laboratory analysis found that the winning skills of this round of games are exactly the same as those of the first round, all of which are "blocking transaction" attacks by hackers.

Compared with the previous first round of games, this round of games lasted for 33 days. Whether it is in terms of entry funds, duration, or the amount of the final grand prize, it has shrunk significantly compared to the previous round.

Looking back two months ago, Fomo3D’s first round of game entry funds once exceeded 40,000 Ether, and the final prize of the first round of the game exceeded 10,000 Ether. How lively.

However, since September, with the overall depression of the market, Fomo3D-like games have almost disappeared. The popularity of several active games represented by Fomo3D and Last Winner has dropped significantly. Most of the similar contracts are on hold because no one will start the next round of the game.

So up to now, the second round of Fomo 3D awards has been given out, and there is little suspense for the hackers to win the prize, and the popularity of the game is no longer the same.

The SECBIT laboratory conducted an analysis on this change, and the analysis results showed that the loopholes in the game’s airdrop mechanism [1] and the “blocking transaction” attack [2] that were continuously disclosed not long ago, despite the The attention has been pushed to a new height, but it is essentially the main reason for the decline of the game.

Prosperous vs cool?
How hot it used to be, how cold it is now

Panorama of game popularity
image description

Figure 1: Fomo3D player participation and entry funds

The figure above shows "Fomo3D Player Engagement and Funding Status". Red represents the number of people who called the contract to participate in the game, and blue represents the amount of funds entering the game contract. The highest peaks of the data curve appear on the left side of the graph, corresponding to July 20 and July 21. In the past two days, a large number of media have frantically reported the phenomenal game Fomo3D. At that time, many players followed suit and entered the game. The number of game contract participations and entry funds reached the highest peak. The entry funds exceeded 40,000 Ether, and the maximum number of participations exceeded 18,000 times. The highest point of the curve corresponds to the highest peak of the first round of the Fomo3D game.

image description

Figure 2: Last Winner player participation and entry funds

Similarly, the graph above shows "Last Winner Player Engagement vs. Bankroll Status". Last Winner has been partially modified for the Fomo3D game to lower the game time limit so each round ends faster. The first round of peaks occurred on August 8, and there have been multiple local peaks since then, representing the opening of different rounds, but obviously the number of calls and admission funds are not as good as one round.

Prize pool funds
image description

Figure 3: Changes in the Ether balance of the Fomo3D contract

image description

Figure 4: Changes in the Ether balance of the Last Winner contract

final prize
On August 17th, SECBIT laboratory andAnchain.aiThe team jointly disclosed the hacker team BAPT-LW20 exploiting the loopholes in the airdrop mechanism to grab a large amount of bonuses. On the same day, the first round of the Last Winner game ended, and the winner of the final prize was also the BAPT-LW20 team. According to statistics, the hacker team earned a total of 12,948 Ether from the first round of Last Winner.

In the first 9 rounds of games that Last Winner has completed, the account 0x5167 held by the hacker gang has won 4 final prizes in total.

Taking a closer look at the final jackpot amount and duration of each round of the game, it is not difficult to find that the amount of bonus decays very quickly, and each round ends faster and faster. This lines up nicely with the game engagement data graph above.

to reflect

to reflect
Mechanism loopholes are the main reason for the decline of the game

image description

Figure 5: Fomo3D game contracts being attacked

The picture above shows the "Fomo3D game contract being attacked". Before and after the peak of the first round of the game and after the start of the second round, some hackers frantically used the airdrop vulnerability to attack and grab high profits. At the end of the first round and the end of the countdown to the second round, some hackers frantically tried to "block transaction" attacks, with the goal of winning a huge final prize.

image description

Figure 6: Attack on the Last Winner game contract

The picture above is "Last Winner game contract being attacked". Similar to Fomo3D, the scale of hacking attacks is very large when the game is hot.

"Blocking transaction" attack
Fomo3D game cleverly designed a link, the last person to participate in the game will get half of the Ether in the prize pool as a reward. The developer wants to keep a large number of players entering the arena one after another through this design, and anyone can become the "lucky one". But after the hackers used the "blocking transaction" attack [5] to speed up the end of the game and become the beneficiary, this design that attracted players was broken. Therefore, ordinary players who enter the field later can only become cut leeks, and it is naturally difficult to attract players to participate.

"Airdrop" attack
In addition to the final prize, an airdrop reward mechanism is also designed in the game. Players have a certain probability of receiving airdrop rewards, which is also an important reason to attract players to participate. However, due to the random number loopholes in the airdrop mechanism, hackers can continue to take away rewards with a high probability through certain skills, and it is almost impossible for ordinary players to succeed. The fairness of such airdrop rewards has also been challenged.

Countermeasures and Prospects
dApps still have a long way to go

Such a smash hit game will definitely become an important milestone in the history of dApp game development. But the excessively fast depression has also brought us a lot of reflection. For Fomo3D-like games, or even all dApp games, there is still a long way to go. It is necessary to learn lessons from hacker attacks in a timely manner and take defensive measures.

The "airdrop vulnerability" attack is the most frequently attacked vulnerability in Fomo3D-like games. Hackers can continue to grab funds in the prize pool at low cost.

On the one hand, the airdrop mechanism of the Fomo3D game uses random numbers to control the probability of winning, but since the source of random numbers is some specific public parameters in the block or transaction, such as the address of the transaction initiator, block timestamp, block difficulty, etc. , all Ethereum smart contracts can easily predict random numbers [6]. Therefore, in scenarios involving random numbers, SECBIT Labs recommends that developers should be particularly cautious, or use certain means to increase the difficulty of predicting random sources. For example, developers can avoid the risk of random numbers being predicted by using multiple submissions and re-disclosures, or delaying the drawing of several blocks.

On the other hand, in order to prevent contract automation attacks, the Fomo3D game contract detects whether the caller is an ordinary account or a contract account. However, due to loopholes in the detection method, hackers can use some techniques to bypass the detection. Therefore, when the project party detects the identity of the players participating in the dApp game, it should also adopt a more reliable method. For example, by judging whether the original initiator of the transaction (tx.origin) and the caller of the current contract (msg.sender) are the same address.

The "blocking transaction" attack mentioned above is another major challenge faced by Fomo3D-like games.

Hackers use high fees to attract miners to package first, and use the contract to automatically judge the status of the game as a basis for whether to attack. Hackers can eventually block blocks at a low cost, and only pack a small number of transactions in each block (reducing the possibility of other people's transactions being packed), making the game end quickly and increasing the probability of winning the final prize.

In fact, this problem will not only threaten Fomo3D-like games. All similar mechanisms, that is, smart contracts that require players to compete to complete some kind of competitive operation within a certain time frame, are threatened by this. To prevent this problem, SECBIT Labs recommends that game developers start with the game mechanism and cut off the inevitable connection between the final victory of the game (obtaining a huge prize) and the end of the countdown (the last transaction is packaged), so that The hacker's attack profit probability and attack willingness are minimized.

Hackers in Fomo3D-like games take advantage of the features of the Ethereum consensus protocol to find loopholes in the game mechanism and launch attacks. This also reminds us that the mechanism design in dApp application is an extremely complicated project. In addition to the technology itself, it also involves issues such as the external environment of the platform and game theory. This is also a link that is easy to be attacked by hackers. Therefore, dApp projects should be particularly cautious in the mechanism design process.

references

one
references
[1] Pwning Fomo3D Revealed: Iterative, Pre-Calculated Contract Creation For Airdrop Prizes!,

https://peckshield.com/2018/07/24/fomo3d/

[2] The largest attack method in the history of smart contracts was exposed, and the details of the hacker gang’s crimes were counted

https://zhuanlan.zhihu.com/p/42318584
[3] Fomo3D Ten Million Award Winner's "Special Attack Skills" Most Fully Revealed

https://zhuanlan.zhihu.com/p/42742004
[4] Airdrop exploit POC proposed by Péter Szilágyi,

https://www.reddit.com/r/ethereum/comments/916xni/how_to_pwn_fomo3d_a_beginners_guide/, 2018/07/23
[5] Block rhythm: 80,000 transactions "blocked" the Ethereum network, just to grab the Fomo3D award?

https://mp.weixin.qq.com/s/5nrgj8sIZ0SlXebG5sWVPw
[6] Predicting Random Numbers in Ethereum Smart Contracts 

https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620


安比(SECBIT)实验室
作者文库
推荐文章
From bearish to 3 times increase at opening, Circle IPO's big turnaround
06-06 02:57
From bearish to 3 times increase at opening, Circle IPO's big turnaround
"Brotherhood" breaks down, Trump and Musk stage a century-long quarrel
06-06 02:17
"Brotherhood" breaks down, Trump and Musk stage a century-long quarrel
24H Hot Coins and News | Trump and Musk turned against each other; Circle closed at $87.71 on its first day of listing (6.6)
06-06 01:42
24H Hot Coins and News | Trump and Musk turned against each other; Circle closed at $87.71 on its first day of listing (6.6)
Circle IPO: The “ChatGPT” Moment for Stablecoins and On-Chain Finance
06-05 23:00
Circle IPO: The “ChatGPT” Moment for Stablecoins and On-Chain Finance
All Unregistered Crypto Companies Must Exit Singapore by the End of the Month! No Transition Period!
06-05 13:56
All Unregistered Crypto Companies Must Exit Singapore by the End of the Month! No Transition Period!
Plume mainnet is officially launched, ushering in a new era of real-world assets on-chain
06-05 15:00
Plume mainnet is officially launched, ushering in a new era of real-world assets on-chain