A Backdoor was found in Gorgona
The security loophole was found in the Gorgona, a kind of Ponzi Game, whose official website is gorgona.io, and the contract address is 0x4A5Fc826441A16B86aA850B3DDC4b1Bc02f21b6C.
All the game players should keep your eyes peeled for that potential risk!!!
The claims published by its official website are about that a player can obtain 3% ROI (Return of Investment) at every single day only if he or she transfers 1 Eth into this game, and that the operation won’t be impacted by the owner. However, according to the analysis made by Chengdu LianAn Technology, there is a back-door that can be accessed by the owner authority: the owner can call setDatePayout to create investors[addr].date, which can give rise to overflow skipping the logical verification, and can steal all Eth in the smart contract by calling selfdestruct.
Nevertheless, the game engagement does not have a slowdown. We suggest all users of Gorgona should stop playing that game to avoid unnecessary losses. There is a Gentle Reminder on this matter: it is necessary for all the project parties of the game to test and audit the security of code before deploying it on the blockchain, and when necessary, it is better to use the third-party auditing company to nip the risk in the bud.
About Chengdu LianAn Technology
Chengdu LianAn Technology Co. Ltd. is headquartered in Chengdu and focuses on blockchain security field. Founded by Prof. Xia Yang and Prof. Wensheng Guo of UESTC, LianAn Tech’s core team members consist of more than 30 associate professors, postdoctoral students, doctors and masters with experience of studying at overseas leading universities and laboratories (CSDS, Yale, and UCLA) as well as industry elite from Alibaba Huawei, and other famous enterprises. Using formal verification as its core technology, this team has been providing years of services for security critical systems in aerospace, military and other fields. Chengdu LianAn Technology Co. Ltd. is the one and only company in China that applies this technology to blockchain security field.
Being the only blockchain security company that obtained strategic investment from Fenbushi capital, LianAn Technology has signed strategic cooperation agreements with well-known corporations such as Huobi, OKEX, KuCoin, LBank, CoinMex, Becent, ONT, Scry, CareerOn, IoTeX, DALICHAIN, Bplus, Bytom, Bubi Blockchain, and YUNPHANT. In addition, it has made cooperative agreement with France Inria, the top formal verification team in the world. LianAn Tech was listed on the “2018 China Blockchain Industry White Paper” issued by the Ministry of Industry and Information Technology, and it has also been selected for the smart contract security audit recommendation List.
Let’s connect
E-mail:vaas@lianantech.com
Official website:https://www.lianantech.com
Twitter: https://twitter.com/LianAnTech_com
Facebook: https://www.facebook.com/LianAnTechChengdu/
Telegram Chinese Group:https://t.me/joinchat/IRgNDA4iCF0Rs92sg5qoVg
Telegram English group: https://t.me/joinchat/IRgNDBBpCon-695ATmbA4w
