Introduction
When we hear about blockchain technology, we instantly think of the financial industry. But nowadays, it’s used in data sharing, copyright and royalty protection, the real estate market, and even in winemaking. The capabilities of the EOS network have turned out to be useful for gambling.
At the end of 2018, we witnessed the hacking of EOS casinos – EOSBet and DEOS Games. They lost $538,000 and $24,000, respectively. This was possible because hackers exploited vulnerabilities in EOS smart contracts.
Our development team has vast experience in cybersecurity and deep knowledge of blockchain vulnerabilities. We had already analyzed pros and cons of cybersecurity for blockchain technology. In this article, we analyze the causes of these recent EOS casino hacks and see if they could have been avoided.
Contents
Why is EOS Popular?
EOS was launched on June 9, 2018, by the company Block.one. It’s a relatively new network with great support for smart contracts. The most prominent features of EOS are:
- High transaction throughput in the range of tens of thousands of transactions per second
- No transaction fees
- Ability to redeploy and modify smart contracts
These features make the EOS platform appealing for creating DApps.
The EOS development team is constantly working on improving the network. But unfortunately, the network is still a work in progress and has a few bugs and kinks.
Read also:
How Does an EOS Casino Work?
Gambling is somewhat popular on blockchain networks. Here are several reasons why EOS is a good choice for a crypto casino DApp:
- Transactions are free and anonymous.
- Tokens are transferred within 10 minutes.
- It’s easy to develop EOS smart contracts.
- Casinos can offer no commission and set a minimum bet.
The two largest EOS casinos – EOSBet and DEOS games – work similarly: they’re games of chance, similar to dice. They allow players to bet some tokens, guessing the value of a randomly generated number. If a player guesses correctly, she/he receives a prize. The prize amount is proportional to the probability of guessing correctly. The wider the range of possible values, the larger the prize.
Selecting a wider possible range gives players a chance to win the jackpot. Obviously, this is extremely unlikely. The probability of winning the jackpot is less than 1% the chance of a normal win. An average player would waste a lot of tokens before winning the jackpot, resulting in a net loss. However, in both recent DApp smart contract hacks, hackers managed to manipulate and exploit vulnerabilities of the smart contracts in order to guarantee a jackpot.
The EOSBet Hack
In the autumn of 2018, gambling DApp EOSBet suffered from two attacks. The first time the EOSBet casino gaming platform was hacked on September 14. The casino lost 40,000 EOS, or $200,000, from its wallet. The second hack happened on October 15. That hack cost 65,000 EOS, or $338,000. These attacks are similar, as both are connected with an EOS DApp smart contract exploit. Let’s analyze the second, which was the larger one.
To carry out this second attack, hackers designed a vulnerable contract that was capable of responding to token transfers. They placed bets using this contract. Processing notifications from other contracts is a legitimate mechanic of EOS smart contracts. But in this scenario, a notification was handled improperly. In order to select a way to handle an invocation (or a notification), EOS smart contracts use a single function. This function contains a big switch that selects an appropriate action for the given parameters. Usually, for simple smart contracts, this function can be generated automatically. However, you need to design a custom handler for processing specific notifications.
The eosio.token smart contract has to be added as a source of notifications in order to detect and handle token transfers. A function with an appropriate signature also has to be added.
The function from the vulnerable contract was implemented in this way:
#define EOSIO_ABI_EX( TYPE, MEMBERS ) \
extern "C" { \
void apply( uint64_t receiver, uint64_t code, uint64_t action ) { \
auto self = receiver; \
if( action == N(onerror)) { \
\
eosio_assert(code == N(eosio), "onerror actions are
only valid from the \"eosio\" system account"); \
} \
if( code == self || code == N(eosio.token) || action == N(onerror) ) { \
TYPE thiscontract( self ); \
switch( action ) { \
EOSIO_API( TYPE, MEMBERS ) \
} \
\
} \
} \
}
However, the transfer function actually has no way of verifying if a notification came from the eosio.token smart contract. This means that the hacker could call the transfer function without actually transferring any tokens. In other words, the applied function allows the contract to receive notifications from the eosio.tokens smart contract. The transfer function handles any incoming tokens.
Since no actual tokens were transferred, the attacker was able to keep calling this function as many times as they wanted. But the contract believed that it was receiving real bets and unknowingly gave out prizes in real tokens.
The attack on DEOS Games is more interesting. This casino was hacked on September 9, 2018. In this case, the vulnerability of the casino smart contract was in the way the protocol generated random numbers. An EOS blockchain is implemented in a deterministic environment in order to make different nodes be able to verify transactions and agree on a common state. If random numbers that are generated on the blockchain are indeed random, they would be different for each node and consensus would be impossible.
So in order to predict the outcome of a roll, the attacker wrote a smart contract that would execute the same code with the same parameters as an authentic contract. This way, they would know for sure if they would win and wouldn’t have to waste tokens while trying for a jackpot.
Both issues that made the attacks possible are well-known vulnerabilities in smart contracts.
The first issue is an example of an unprotected function. While the specific mechanics are unique to EOS, the general idea is universal. A function that was supposed to be internal to the contract (called only during a notification) was accessible to anyone. Essentially, this is the same issue that brought down Parity.
The issue wasn’t difficult to fix. The DEOS development team only had to verify if the tokens came from the correct smart contract during transfer:
if( action == N(transfer)){ \
eosio_assert( code == N(eosio.token), "Must transfer EOS"); \
} \
The second issue is a more classic example of using predictable values to generate random numbers. There’s no way to generate non-deterministic random values in a deterministic network. Any contract that generates a random value can be hacked if called from another smart contract. We’ve seen a similar issue in FoMo3D, and it can be found in most other gambling smart contracts.The casino’s team quickly patched this vulnerability, and the DApp was back up and running in no time.
Fortunately, the payout from these attacks wasn’t particularly large, especially compared to other blockchain hacks.
The EOS tools and practices aren't mature enough to completely guarantee EOS smart contract security. But since these issues were known in other networks, the developers should have predicted that they would exist in EOS.
But there would have been another way to discourage hackers from attacking. The developers could have organized a bug bounty. In this case, the hackers could have simply disclosed the discovered vulnerabilities instead of exploiting them. The two vulnerabilities described here require a lot of effort to execute, and the results weren’t really massive as far as blockchain heists go.
EOS is a relatively new technology with a few vulnerabilities that allow hackers to exploit EOS smart contracts. Like any new technology, EOS requires particular attention to cybersecurity. Luckily, both EOSBet and DEOS Games did no harm to users. But the DApp owners were unable to regain the stolen money.
- 14th December, 2018: Initial version
ApriorIT is a software research and development company specializing in cybersecurity and data management technology engineering. We work for a broad range of clients from Fortune 500 technology leaders to small innovative startups building unique solutions.
As Apriorit offers integrated research&development services for the software projects in such areas as endpoint security, network security, data security, embedded Systems, and virtualization, we have strong kernel and driver development skills, huge system programming expertise, and are reals fans of research projects.
Our specialty is reverse engineering, we apply it for security testing and security-related projects.
A separate department of Apriorit works on large-scale business SaaS solutions, handling tasks from business analysis, data architecture design, and web development to performance optimization and DevOps.
Official site: https://www.apriorit.com
Clutch profile: https://clutch.co/profile/apriorit
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.
Submit an article or tip
