Chengdu LianAn Technology reports: On August 22nd, wagering game God.Game was attacked by hacker and all tokens inside the game was taken.
Chengdu LianAn Technology immediately organized technical team to start investigation on this incident.
Suspect attacker address: 0x3abc8325a9ff36d78844ea8281b8c190c66c3d44
Suspect operations:
1. Attacker bought certain amount of tokens using buy() function
2. Then sell these tokens using sell() function
3. This circulation caused variable ‘dividends’ throw exception.
4. Finally, the attacker called reinvest() function using this exception ‘dividends’ to buy huge number of tokens.
Detailed information is list on Etherscan:
https://etherscan.io/tx/0x38c5499e8c8be5af32d6207fdaf088103cabaad05563915a21fb2f8aedce9618
The exception variable ‘dividends’ is shown as below
The exception balance token amount shows as:
The whole operation process is listed on Etherscan:
The real problem happened on the source code needs deeper digging, and the detailed analysis will need more time.
Moreover, there is another problem on one part of the source code which appears to be a backdoor for contract owner.
The code detected by Chengdu LianAn Technology:
This function gives a special access to the owner for ‘changing the balance on any address in the game’. Taking a closer look, _identifier is the address targeted, variable ‘value’ is the value of balance to be set.
These two problems we found in the preliminary investigation may or may not have indirect connection to this attack, or maybe there are direct connections between them.
There is no conclusion yet, but we Chengdu LianAnTech is still working on the source code verification and incident analysis. Detailed analysis will meet you guys soon enough, please stay tuned to our twitter and facebook page.
About LianAn Technology
Chengdu LianAn Technology Co. Ltd. is headquartered in Chengdu and focuses on blockchain security field. Founded by Prof. Xia Yang and Prof. Wensheng Guo of UESTC, LianAn Tech’s core team members consist of more than 30 associate professors, postdoctoral students, doctors and masters with experience of studying at overseas leading universities and laboratories (CSDS, Yale, and UCLA) as well as industry elite from Alibaba Huawei, and other famous enterprises. Using formal verification as its core technology, this team has been providing years of services for security critical systems in aerospace, military and other fields. Chengdu LianAn Technology Co. Ltd. is the one and only company in China that applies this technology to blockchain security field.
Being the only blockchain security company that obtained strategic investment from Fenbushi capital, LianAn Technology has signed strategic cooperation agreements with well-known corporations such as Huobi, OKEX, KuCoin, LBank, CoinMex, Becent, ONT, Scry, CareerOn, IoTeX, DALICHAIN, Bplus, Bytom, Bubi Blockchain, and YUNPHANT. In addition, it has made cooperative agreement with France Inria, the top formal verification team in the world. LianAn Tech was listed on the “2018 China Blockchain Industry White Paper” issued by the Ministry of Industry and Information Technology, and it has also been selected for the smart contract security audit recommendation List.
Let’s connect
E-mail:vaas@lianantech.com
Official website:https://www.lianantech.com
Twitter: https://twitter.com/LianAnTech_com
Facebook: https://www.facebook.com/LianAnTechChengdu/
Telegram Chinese Group:https://t.me/joinchat/IRgNDA4iCF0Rs92sg5qoVg
Telegram English group: https://t.me/joinchat/IRgNDBBpCon-695ATmbA4w
