EOS betting platform admits flaws in code, upgrades security to foil future hacks
EOSBet, an EOS betting platform, on Saturday addressed a recent hack on its dApp which saw 44,427.43 EOS (valued at around $234,576.83 at press time) stolen from its operating wallet before its development team took the app offline.
The platform stated that the security vulnerability had been fixed and the app was back online. The dApp added that the remaining 463,745 EOS in its EOSBETDICE11 and EOSBETCASINO contracts were safe.
In order to be more transparent to its users, EOSBet provided a detailed statement in a blog post on Medium, explaining the hack and what was done to improve the app’s security.
“…being the largest and most trafficked dapp on any blockchain comes with risks and a great degree of responsibility. At 3 months old, this blockchain is still in its infancy, and there will inevitably be hiccups along the way,” the betting platform said in the post.
EOSBet explains flaws in code
According to the statement, the platform fixed certain faults in its code and has added a crucial check to ensure that incoming transfer actions are filtered.
A major issue in its code was the ABI forwarder, which is involved in the normal interactions with the app’s smart contract.
EOSBet said that many other gaming platforms have suffered from the exact same flaw, which would allow hackers to bypass the eosio.token check, and directly call transfer on the contract.
Steps taken to prevent further hacks
EOSBet admitted that even though its code had been comprehensively audited by its developers and independent third parties, the vulnerability still remained in its contract.
The platform has since adopted various security measures to shield itself from similar attacks. Firstly, the betting dApp will implement better internal code testing and review processes.
The platform will now employ a minimum of two extensive security audits from third parties for its code. The firm said it was working on hiring the top developers and auditors in this space for this task.
Moreover, EOSBet will keep a closer eye on its bankroll and smart contracts, so that the developers can spot a sharp drop in its bankroll early. This will allow them to freeze the funds in the contract until they can manually intervene.
The platform will also be open sourcing its dice smart contract code in a few weeks, following another audit. This is to ensure that the fairness of all dice rolls on its app reflects in its smart contract code.
As a consolation for its customers, EOSBet has raised its BET token bonus from 1:30 to 1:10, which means that all players will receive 1 BET token for every 10 EOS staked. This will end at 0100 UTC on Sunday.
Image via Shutterstock
Join our Telegram group