VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Hackers launched continuous attacks on the EOS quiz game EOS Happy Valley, and they have profited hundreds of EOS. The game party has transferred the account balance away. Attackers still use transaction crowding out attacks. To completely fix this vulnerability, DApp developers should remove controllable variables such as account balance or time factors to participate in random number generation. Attack method (per SlowMist): Transaction congestion attack. Reported loss: 419 EOS.
Primary source
https://www.jinse.com/lives/83229.htm ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- EOS 欢乐谷(Happy Pool)
- bug_class
- logic
- date_occurred
- 2019-03-04
- loss_usd
- —
- source_id
- sm:eos-happy-pool-::2019-03-04
Related — same bug class· logic