For example account: "haigame4744"
Submit sm_find_match and get battle_queue_id: sl_9dc7d70313fe57fcbdecb2b59d408df8
Send battle_queue_id: "sl_9dc7d70313fe57fcbdecb2b59d408df8" to the database
https://api2.splinterlands.com/battle/status?id=
From 1 of the 2 links above, get value
opponent: "sl_c95d69e6389a586d8483c2588fc10170"
- Send "opponent" into the database and compare if 2 accounts have "battle_queue_id" = "opponent".
From there, they will identify 2 accounts in the same bot farm or bot app that are matching in the battle. They will calculate which account wins will be more profitable and do trading-win
Example: "anpht" is a bot farm do trading-win
Check hiveblocks these accs from (Picture Screenshot 1) "haigame4744","haigame2520","gamecoin5702","gamecoin2005","haigame4904",...
They send sm_token_transfer to "anpht" (Picture Screenshot 2)
Solution: Delete or hide "opponent" like "opponent_player": "???", it will not be possible to identify the 2 accounts in the battle with the same bot farm or bot app
Will I get a reward for finding this vulnerability?
Thank you
good catch I hope you get this recognized as a problem
Unfortunately, I think that's more of a feature than a bug. The team has said before that it's frowned upon but still allowed.
!BEER
View or trade
BEER
.Hey @anhdaden146, here is a little bit of
BEER
from @torran for you. Enjoy it!Learn how to earn FREE BEER each day by staking your
BEER
.I would suggest asking the DEV team in Discord. You can also maybe post this in the Splinterlands community for more visibility.
Congratulations @anhdaden146! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)
Your next target is to reach 13000 upvotes.
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOP
Check out our last posts:
Support the HiveBuzz project. Vote for our proposal!
Nice catch! The more exploits and vulnerabilities we find for the team to fix, the better SL will be. :)
Thank you so much. I'm so grateful. God bless your work and family too. You will never see this kind of fire disaster or experience it. Amen. @anhdaden146
I hope they adress this issue soon, i gonna try to talk to the team about it.