Game dies, but security problems never do | Chengdu LianAn Technology Vulnerability Analysis Series Phase VI

Game Contract Vulnerabilities

We are witnessing the rapid change and development of blockchain industry nowadays. The new ideas of applying blockchain technology come from all kinds of project initiators from various fields. We always say that having fun is human nature, and that’s also the reason we create games. Blockchain features being added to games to create Ethereum or EOS games is the new trend in blockchain industry. All kinds of blockchain games draw large amount of money and the market value of a token could easily reach hundreds of thousands of dollars. The promised return also catches the eyes of more investors. It seems that the trend of being ‘Player One’.

However, the lack of one complete, verified SDK library is the major problem of the development of blockchain games. Most of the game developers are independently developing smart contracts for those games. The more complex development process inevitably contains all kinds of vulnerabilities. Once these vulnerabilities are exploited by attackers or made into honeypot by project initiators, players are always victims.

We’ve done some research and analysis on incidents that already happened in blockchain game industry, two major issues are concluded.

1. Security issues in source code

Currently, the security issues in source code of game contracts are repeating the mistakes appeared in token contracts. Despite of the entertaining and colorful covers, game contracts are still vulnerable in terms of programming. Some of them are even worse because of the gaming mechanism. It’s like building, when the foundation is not stable enough, building more levels means faster collapse.

Vulnerability Types and fix-ups

a. Integer overflows/underflows

The integer overflow is one of the biggest problems in token contracts. It also appears in game contracts. No matter it’s Ethereum or EOS, one integer type can only show as a number with certain range. For instance, uint 8 allows only numbers within range of [0,255] to be stored in it. If number 256 is stored in it, uint 8 will generate 0. Without paying attention and double check on input data, calculation will lead to the stored data exceed the allowed range of certain data types, which we call overflow. This security issue is used for attacking often. We’ve already introduced this topic in Vulnerability Analysis Series Phase I.

Now let’s see an example of game contracts

Name: EOS FOMO 3D

Platform: EOS

From the front page we can see that a severe overflow has happened. The price pool has become an extreme negative value. It directly leads to complete loss for all players.

Bug-fix

This game has 3 major security issues:

(1) EOS Fomo3D is not opensource, so security institutions and players could not have done any risk assessment based on the source code.

(2) This game requires users to give so many accesses that it can alter the ownership and transfer out users’ EOS on the backend.

(3) Right after the incident happened, EOS Fomo3D didn’t freeze the attacker’s account immediately, which led to the loss of over 60 thousand EOS even after the security update. So, we urge all game project initiators to add security precautions into the design of the game, including vicious account freeze function, transaction pause function etc.

b. Issues related to authorization of function call represented by ownership theft

The origin of this type of vulnerability comes from mismatch of constructor or missing caller check in owner-altering function. The constructor in smart contracts usually carries the initiating and owner address binding functions. Incorrect statement of constructor will make it a normal function, which means anyone could call it and anyone could make himself/herself as the owner. The owner-altering functions are used to set a new address as the owner. This type of function needs a check of caller’s address, or anyone could change the owner as themselves.

This is very similar to our analysis months ago. Please refer to Do Not Ignore Simple Mistakes for more information

Let’s see an example,

Name: Ether Cartel

Platform: Ethereum

The constructor of this smart contract (DrugDealer) and contract name (EtherCartel) are different. This leads to the mismatch of constructor, thus the contract DrugDealer turning into a normal function. According to the code, anyone could call this contract and turn his/her address into ceoAddress. What’s worse, the code logic following allows the attacker to receive the ETH which should have been sent to the deployer’s address.

Bug-fix

To avoid this kind of problem, developers need to be cautious enough to conduct testing when developing contract. Please beware that constructor can only be executed once, if the address of owner is still 0x00 after the deployment of the contract, and users can invoke the function which implements the construction. There must be a mismatch of the constructor, a security check and bug-fix will be required then.

c. RNG problem of blockchain.

Up till now, Ethereum and EOS still haven’t officially provided Random Number Generator, which is the core of the lucky draw of many gambling games. To implement equal functions, developers need to rely on experience to code RNG functions by themselves. These functions usually use block properties as their parameter and proceed calculations to obtain a ‘random number’. However, using block properties in the calculation with same algorithm will lead to same results. Attackers can exploit this feature by deploying an attack contract to try out all random numbers and choose the timing when the best one generates to enter the game. This certainly will affect the balance in the game.

Besides, the resources are still limited since blockchain is a distributed network. To maintain steadiness of the platform, the developers of public chains added limits and precautions on resource consumptions such as gas limit (Ethereum), CPU/Memory resources limits (EOS), which make it more difficult for developers to optimize the logic and make sure contracts with correct logic will not malfunction because of resource limits.

We’ve mentioned RNG problem in a flash news before. Now let’s get into details using a case:

Name: FoMo3D long

Platform: Ethereum

The RNG in this airdrop function is using block properties, they are: block.timestamp, block.difficulty, block.coinbase, block.gaslimit, block.number. These properties of block were used with msg.sender to calculate if a certain player can get the airdrop reward or not. While attackers can deploy an intermediate contract to pre-calculate if the current block gives airdrop or not. When the result is true, attackers enter the game and gain profit.

Bug-fix

There are several advices for resolving this issue:

(1) We can use the RNG methods recommended by Ethereum, such as Oraclize library in the official document of Solidity

(2) Intermediate contracts should be prohibited in the game. Developers should be aware that using extcodesize function can not decide whether an address is a contract. The reason is that extcodesize is 0 when deploying the contract, so constructors can still interact with other contracts. If using intermediate contracts in this way, attackers can still enter the game. A safer way is to use tx.origin==msg.sender to verify.

d. Race condition attack

There are some gambling games rising in Ethereum. However, they have a common feature — Time Dependence. They interact with players in a certain duration, announcing the winner list after the deadline. This mechanism leads to a risk that attacker can fill the whole block with spam transactions and make other players unable to enter. Attackers will use large amount of gas to be the only one performing transactions.

Case Study:

Name: Exitscam/FoMo 3D

Platform: Ethereum

The rules of FoMo3D on Ethereum platform are similar to a transparent pyramid scheme.

(1) Every round has a certain duration

(2) If you are the last player to enter the prize pool, you will be the winner (90% of the prize pool)

(3) If someone enter the prize pool right after you, you will receive dividends. Currently, the dividend is still below 1% of the bet ETH.

(4) Every 0.005 ETH will increase the finish time by 30 seconds, which equal to 2 blocks. The limit of increase time is 24 hours.

It’s very simple to use race condition to win this game: When the countdown is about to finish, enter the prize pool, and buy every block till the end of the countdown, ensure no one bets after you. If your calculation is precise enough, you will win the first prize.

This game has a loop hole in the mechanism similar to TOD. We’ve discussed TOD in Vulnerability Analysis Series Phase III

Bug-fix

Developers need to understand the logical vulnerabilities of how reentrancy and TOD happen. If the game under development may have these vulnerabilities, precaution or counter measures should be undertaken.

2. Trust issues of games

Although blockchain has the feature of being public, it doesn’t mean project initiators cannot leave back doors during development. Especially for those who haven’t gone opensource, they can hide a function inside the contract, which could be called by owner of the contract to flee away with all the money in the contract. What’s worse, there has not been a reliable decompiler to decompile the bytecode for the real transparency.

If we still use building construction as an analogy, the contract is like a building which is designed to be leaning, while the residents inside are not aware of the fact that this building could go down anytime.

Incident Review

Name: Power of Bubble

Platform: Ethereum

From April 7th to 8 am of 8th, the project initiator pressed public promotion campaign in a bunch of channels on Discord. The promotion and packaging helped this game obtain much attention and popularity. Shortly after 10 am of 8th, the total amount of ETH in the game had exceeded 200 within 10 minutes. However, players started to find the discuss groups disappearing along with the withdraw and selling function in the game. In the end, the 227 ETH in the prize pool were withdrawn by the owner of the contract in front of the crowd.

Blockchain games usually require ETH as the game funds, which directly relates to the assets of players. Hence, the contracts that are involved with holding and distribution should be opensource for the convenience of auditing by players and security institutions. Meanwhile, players should be alerted that games can be risky and investment should always be rational.

Still A Long Way Ahead

The history of applying blockchain technology to game industry is not much shorter than the history of cryptocurrency. The history of blockchain game can be divided into 3 stages. CryptoKitties in Age 1.0 and CryptoHero in Age 2.0 are both collecting games. Currently, blockchain games have entered Age 3.0, which stresses on the combination of on-chain and off-chain. With the development of various RPG games, Ponzi games are disguised as normal game mechanism, causing games to lose the playability. According to the history of internet games, we can assume that Age 4.0 will be focusing on the playability of games, in other words, closer to the traditional gaming concept. The advantages of blockchain games are:

a. Secured Account: After logon, players account information will be stored in wallets.

b. Stable Sever: Severs will be distributed on blockchain and there is not centralized server. Game will be still running even the operator disappear.

c. Fairness: The public and traceable features of blockchain will make the forging of in-game items and falsification of game data almost impossible.

However, blockchain games based on Ethereum still have limitations comparing to traditional games:

a. The handling capacity of Ethereum limits the number of players

b. The transfer speed of Ethereum is not fast enough to provide low latency and real-time in-game interactions.

c. The mechanism which requires gas to proceed every transaction gives extra expenses.

Currently, more and more public chain and capitals rush into the blockchain game industry to create steadier and more secured foundation. Maybe soon there will be exclusive public chain for games. On top of that, developers also put more attention to create games with less trading attributes and avoid making them merely Ponzi games.

No matter what kind of block chain games we are talking about, the core is still smart contract, whose security relies on the process of coding and auditing. So, our job is still the verification of security attributes. From the analysis above we can see that the problems within ICO smart contracts are repeatedly happening in game contracts. These vulnerabilities are quite obvious since those high-profile incidents already exposed these security issues to alert the whole blockchain industry. It is disappointing to see no counter measures and precautions were taken to prevent those vicious attacks. Diminishing security risks of smart contract is becoming the top-prioritized mission.

References:

[1]: https://mp.weixin.qq.com/s?src=11&timestamp=1534753675&ver=1071&signature=6LpTAWjNZt0eNKBrEn45MVDw4RvrNUu7Qd-Y89noi0NukyTOyuxtocEM478hCZVSmOjq5Qn0te5wx1Gc1CxnS3lW1vkuYkUWy0a1OHnbQQqtmnWEbSh3brCmI28jS2t7&new=1

[2]: https://peckshield.com/2018/05/21/ceoAnyone/

[3]: https://medium.com/coinmonks/the-buy-a-block-attack-c0ce845475d7

[4]: https://mp.weixin.qq.com/s?src=11&timestamp=1534813285&ver=1073&signature=tsXvGYcevTKeYIkkVQkTT0MuvdcNexQTsjK-5BAVyS5mNSMFeFU2hIm4GBXlL5KVBAl-pRMW*Iba1cAci1oicRVD3Quh9mAnb*-I8oRBslNwBu8GPxHtFIhUDjcWOYZX&new=1

[5]: https://www.zhihu.com/question/279195102

About Chengdu LianAn

Chengdu LianAn Technology Co. Ltd. is headquartered in Chengdu and focuses on blockchain security field.Founded by Prof. Xia Yang and Prof. Wensheng Guo of UESTC, Chengdu LianAn’s core team consists of 40 associate professors, doctors, and postdoctoral fellows with experience studying overseas and leading universities as well as laboratories industry elites from Alibaba, Huawei, and other known enterprises. Using formal verification as its core technology, the team has been providing years of services for security-critical systems in aerospace, military and other fields. Chengdu LianAn Technology is the first company in China that applies formal verification technology to blockchain security field.

Chengdu LianAn Technology has received 2 rounds of strategic equity investment from Fenbushi Capital and other known venture capitals while building strategic partnerships with over 40 renowned blockchain companies such as Huobi, OKEx, Kucoin, LBank, CoinBene, CoinMex, CoinTiger, ONT, Scry, Qtum, QuarkChain, Wanchain, IoTeX, Bytom, Bubi Blockchain, YUNPHANT, etc.

Let’s connect

E-mail:vaas@lianantech.com

Official website:https://www.lianantech.com

Twitter: https://twitter.com/LianAnTech_com

Facebook: https://www.facebook.com/LianAnTechChengdu/

Telegram Chinese Group:https://t.me/joinchat/IRgNDA4iCF0Rs92sg5qoVg

Telegram English group: https://t.me/joinchat/IRgNDBBpCon-695ATmbA4w

Blockchian Security · IDE · Beosin-VaaS · Formal Verification · SAS | China leading enterprise in blockchain security field