UTC-05:00,Sunday , January 20th 2019
|
English
|

SlowMist: FarmEOS Fell Victim to Transaction Crowding Attack Following EOS.WIN

20:07 Saturday , January 12th 2019
Previously reported by CoinNess.com, another high-profile EOS DApp game FarmEOS becomes the most recent casualty of hackers who start to wreak havoc in the budding industry.
SlowMist, the China-based security firm who snatched headlines for firstly exposing ETC 51% attacks, detected the security breach and sent out alerts expeditiously. After the preliminary analysis, the scout determines that the method, dubbed "transaction crowding attack", leveraged by the hacker was similar to the EOS.WIN malicious attack, which was uncovered by SlowMist on Jan 11. The attack smart contract "sil******day" made a bet on FarmEOS, and then pulled off a great many defer transactions after the contract received a call of "transfer", which had forced the call of "draw" to postpone. It is different from another commonly seen attack method called "rollback transactions".
SlowMist again recommends that all DApp developers do not add time seed in the random number algorithm to prevent malicious attacks.