# EOSPlay Hack ## Contract [Deployed on mumachayinmm: See ABI/Tables](https://bloks.io/account/mumachayinmm?loadContract=true&tab=Tables&account=mumachayinmm&scope=mumachayinmm&limit=100) [Decompiled C version of the contract](https://gist.github.com/MrToph/197a38ce5ad3782183d52a796dd673d9) * `start`: Schedules one new `start` transaction and 10 delayed `run` transactions with a delay of 0 seconds. Takes `id`=`12` which starts new `start` with `id+1`, and all `run` ids are `(id+1) * 1000 + index`. Takes`num`=100,000` * `run`: Does nothing and runs usually for 10 ms. Sometimes only for 100 us. 🤔 When run for 10ms, it prints `a inf`. https://eosq.app/tx/e48ddfe45259b4e6fa6a608c2de10706b2e987fa7fbce7436540609c3d33e303 When run for 100us, it does not print anything. https://eosq.app/tx/8d35f922ad61c993b53796f44e4e8d7494f135c4a83f589f290fcd4c21171bfe * `dd`: When invoked with `ok=1` it schedules a deferred `start` transaction which starts the spam. #### Interesting strings ```wast (data $d19 (i32.const 816) "active\00") (data $d20 (i32.const 832) "eosio.token\00") (data $d21 (i32.const 848) "transfer\00") (data $d22 (i32.const 864) "eosplaybrand\00") (data $d23 (i32.const 880) "dice:u50@mumachayinmm \00") (data $d24 (i32.const 912) "dd == 0, wait.......\00") (data $d25 (i32.const 944) " current:\00") // used for printing timestamp in start (data $d26 (i32.const 960) "start\00") (data $d27 (i32.const 976) "run\00") (data $d28 (i32.const 992) "\0a a: \00") // used for printing `inf`? in run ``` ## Example run Includes all relevant actions from `mumachayinmm` account from the `send` action which inlines the transfers to `eosplaybrand` until payouts. > Indented actions are `start` / `run` spam actions which can be skipped over. ```javascript= 79205991 (..0180): transfer {"from":"eosplaybrand","to":"mumachayinmm","quantity":"1176.0000 EOS","memo":"dice:win|79205964,42,under,50"} [] (61233bc72c965c9982273cbcaf88b52b29821d60ad74af4327cb2fda1d4a7703) 79205991 (..0180): transfer {"from":"eosplaybrand","to":"mumachayinmm","quantity":"1176.0000 EOS","memo":"dice:win|79205964,42,under,50"} [] (fdb0505cb88df045e6b5a9d58220bd1e1a35d7b5c7a90694a9615b666f0bfb66) 79205991 (..0180): transfer {"from":"eosplaybrand","to":"mumachayinmm","quantity":"1176.0000 EOS","memo":"dice:win|79205964,42,under,50"} [] (0af49c62a19db4d05c0cbf1364303b8fef9cc13bdeca2941dcf6d8ed408e5342) 79205991 (..0180): transfer {"from":"eosplaybrand","to":"mumachayinmm","quantity":"1176.0000 EOS","memo":"dice:win|79205964,42,under,50"} [] (2dd114069a1cdfe5ff0587f74d456a5ac06cfb0efa1402cf90099fbdaad8c600) 79205991 (..0180): run {"num":100000,"id":14009} [] 79205991 (..0180): run {"num":100000,"id":14008} [] 79205991 (..0180): run {"num":100000,"id":14007} [] 79205991 (..0180): run {"num":100000,"id":14006} [] 79205991 (..0180): run {"num":100000,"id":14005} [] 79205991 (..0180): run {"num":100000,"id":14004} [] 79205991 (..0180): run {"num":100000,"id":14003} [] 79205991 (..0180): run {"num":100000,"id":14002} [] 79205991 (..0180): run {"num":100000,"id":14001} [] 79205991 (..0180): run {"num":100000,"id":14000} [] 79205991 (..0180): start {"num":100000,"id":14} [ current:1568403721500] 79205991 (..0180): run {"num":100000,"id":13009} [] 79205991 (..0180): run {"num":100000,"id":13008} [] 79205991 (..0180): run {"num":100000,"id":13007} [] 79205991 (..0180): run {"num":100000,"id":13006} [] 79205991 (..0180): run {"num":100000,"id":13005} [] 79205991 (..0180): run {"num":100000,"id":13004} [] // this `setc` turns the deferred transaction spam off, `run` terminates immediately instead of spending time // see the changed console output of `run` from `a: inf` to empty string 79205990 (..6e35): setc {"currentvc":0,"usedc":0,"taskc":0,"currentb":0} [] (35e4820ea0b26bf56ded208f524579991c7919166dbef611d1443cd8eeb15ff1) 79205990 (..6e35): setc {"currentvc":0,"usedc":0,"taskc":0,"currentb":0} [] (94c626852989311300603a41b19093e33673fab18c9093d9122e0abe84d4de62) 79205990 (..6e35): run {"num":100000,"id":13003} [ a: inf] 79205990 (..6e35): run {"num":100000,"id":13002} [ a: inf] 79205990 (..6e35): run {"num":100000,"id":13001} [ a: inf] 79205990 (..6e35): run {"num":100000,"id":13000} [ a: inf] 79205990 (..6e35): start {"num":100000,"id":13} [ current:1568403721000] 79205990 (..6e35): run {"num":100000,"id":12009} [ a: inf] 79205990 (..6e35): run {"num":100000,"id":12008} [ a: inf] 79205990 (..6e35): run {"num":100000,"id":12007} [ a: inf] 79205990 (..6e35): run {"num":100000,"id":12006} [ a: inf] 79205990 (..6e35): run {"num":100000,"id":12005} [ a: inf] 79205989 (..2250): run {"num":100000,"id":12004} [ a: inf] 79205989 (..2250): run {"num":100000,"id":12003} [ a: inf] 79205989 (..2250): run {"num":100000,"id":12002} [ a: inf] 79205989 (..2250): run {"num":100000,"id":12001} [ a: inf] 79205989 (..2250): run {"num":100000,"id":12000} [ a: inf] 79205989 (..2250): start {"num":100000,"id":12} [ current:1568403720500] 79205989 (..2250): dicereceipt {"player":"mumachayinmm","timestamp":"1568403708000","blocknum":79205964,"amount":"600.0000 EOS","profit":"1176.0000 EOS","roll_type":"under","roll_border":50,"roll_value":42} [] (628f6be9dfbea79371690dea28dab55b6902a5dd46992f21fbe899104583c2b6) 79205989 (..2250): run {"num":100000,"id":11009} [ a: inf] 79205989 (..2250): run {"num":100000,"id":11008} [ a: inf] 79205989 (..2250): run {"num":100000,"id":11007} [ a: inf] 79205988 (..c8c1): run {"num":100000,"id":11006} [ a: inf] 79205988 (..c8c1): run {"num":100000,"id":11005} [ a: inf] 79205988 (..c8c1): run {"num":100000,"id":11004} [ a: inf] 79205988 (..c8c1): run {"num":100000,"id":11003} [ a: inf] 79205988 (..c8c1): run {"num":100000,"id":11002} [ a: inf] 79205988 (..c8c1): run {"num":100000,"id":11001} [ a: inf] 79205988 (..c8c1): run {"num":100000,"id":11000} [ a: inf] 79205988 (..c8c1): start {"num":100000,"id":11} [ current:1568403720000] 79205988 (..c8c1): run {"num":100000,"id":10009} [ a: inf] 79205988 (..c8c1): run {"num":100000,"id":10008} [ a: inf] // comes in at result-block + 13, but has correct block id from block ..974 (result-block) 79205987 (..aedd): dicereveal {"timestamp":"1568403708000","result":42,"blocknum":79205964} [] (092700d4f21c7880562d27188f48885a4145a57df9d7f44f5b31f588f43d9aea) 79205987 (..aedd): run {"num":100000,"id":10007} [ a: inf] 79205987 (..aedd): run {"num":100000,"id":10006} [ a: inf] 79205987 (..aedd): run {"num":100000,"id":10005} [ a: inf] 79205987 (..aedd): run {"num":100000,"id":10004} [ a: inf] 79205987 (..aedd): run {"num":100000,"id":10003} [ a: inf] 79205987 (..aedd): run {"num":100000,"id":10002} [ a: inf] 79205987 (..aedd): run {"num":100000,"id":10001} [ a: inf] 79205987 (..aedd): run {"num":100000,"id":10000} [ a: inf] 79205986 (..16ab): start {"num":100000,"id":10} [ current:1568403719000] 79205986 (..16ab): run {"num":100000,"id":9009} [ a: inf] 79205986 (..16ab): run {"num":100000,"id":9008} [ a: inf] 79205986 (..16ab): run {"num":100000,"id":9007} [ a: inf] 79205986 (..16ab): run {"num":100000,"id":9006} [ a: inf] 79205986 (..16ab): run {"num":100000,"id":9005} [ a: inf] 79205986 (..16ab): run {"num":100000,"id":9004} [ a: inf] 79205986 (..16ab): run {"num":100000,"id":9003} [ a: inf] 79205986 (..16ab): run {"num":100000,"id":9002} [ a: inf] 79205985 (..6e4e): run {"num":100000,"id":9001} [ a: inf] 79205985 (..6e4e): run {"num":100000,"id":9000} [ a: inf] 79205985 (..6e4e): start {"num":100000,"id":9} [ current:1568403718500] 79205985 (..6e4e): run {"num":100000,"id":8009} [ a: inf] 79205985 (..6e4e): run {"num":100000,"id":8008} [ a: inf] 79205985 (..6e4e): run {"num":100000,"id":8007} [ a: inf] 79205985 (..6e4e): run {"num":100000,"id":8006} [ a: inf] 79205985 (..6e4e): run {"num":100000,"id":8005} [ a: inf] 79205985 (..6e4e): run {"num":100000,"id":8004} [ a: inf] 79205984 (..5838): run {"num":100000,"id":8003} [ a: inf] 79205984 (..5838): run {"num":100000,"id":8002} [ a: inf] 79205984 (..5838): run {"num":100000,"id":8001} [ a: inf] 79205984 (..5838): run {"num":100000,"id":8000} [ a: inf] 79205984 (..5838): start {"num":100000,"id":8} [ current:1568403718000] 79205984 (..5838): run {"num":100000,"id":7009} [ a: inf] 79205984 (..5838): run {"num":100000,"id":7008} [ a: inf] 79205984 (..5838): run {"num":100000,"id":7007} [ a: inf] 79205984 (..5838): run {"num":100000,"id":7006} [ a: inf] 79205983 (..9c4d): run {"num":100000,"id":7005} [ a: inf] 79205983 (..9c4d): run {"num":100000,"id":7004} [ a: inf] 79205983 (..9c4d): run {"num":100000,"id":7003} [ a: inf] 79205983 (..9c4d): run {"num":100000,"id":7002} [ a: inf] 79205983 (..9c4d): run {"num":100000,"id":7001} [ a: inf] 79205983 (..9c4d): run {"num":100000,"id":7000} [ a: inf] 79205983 (..9c4d): start {"num":100000,"id":7} [ current:1568403717500] 79205983 (..9c4d): run {"num":100000,"id":6009} [ a: inf] 79205983 (..9c4d): run {"num":100000,"id":6008} [ a: inf] 79205982 (..ad77): run {"num":100000,"id":6007} [ a: inf] 79205982 (..ad77): run {"num":100000,"id":6006} [ a: inf] 79205982 (..ad77): run {"num":100000,"id":6005} [ a: inf] 79205982 (..ad77): run {"num":100000,"id":6004} [ a: inf] 79205982 (..ad77): run {"num":100000,"id":6003} [ a: inf] 79205982 (..ad77): run {"num":100000,"id":6002} [ a: inf] 79205982 (..ad77): run {"num":100000,"id":6001} [ a: inf] 79205982 (..ad77): run {"num":100000,"id":6000} [ a: inf] 79205981 (..cac1): start {"num":100000,"id":6} [ current:1568403716500] 79205981 (..cac1): run {"num":100000,"id":5009} [ a: inf] 79205981 (..cac1): run {"num":100000,"id":5008} [ a: inf] 79205981 (..cac1): run {"num":100000,"id":5007} [ a: inf] 79205981 (..cac1): run {"num":100000,"id":5006} [ a: inf] 79205981 (..cac1): run {"num":100000,"id":5005} [ a: inf] 79205981 (..cac1): run {"num":100000,"id":5004} [ a: inf] 79205981 (..cac1): run {"num":100000,"id":5003} [ a: inf] 79205981 (..cac1): run {"num":100000,"id":5002} [ a: inf] 79205980 (..5042): run {"num":100000,"id":5001} [ a: inf] 79205980 (..5042): run {"num":100000,"id":5000} [ a: inf] 79205980 (..5042): start {"num":100000,"id":5} [ current:1568403716000] 79205980 (..5042): run {"num":100000,"id":4009} [ a: inf] 79205980 (..5042): run {"num":100000,"id":4008} [ a: inf] 79205980 (..5042): run {"num":100000,"id":4007} [ a: inf] 79205980 (..5042): run {"num":100000,"id":4006} [ a: inf] 79205980 (..5042): run {"num":100000,"id":4005} [ a: inf] 79205980 (..5042): run {"num":100000,"id":4004} [ a: inf] 79205979 (..d333): run {"num":100000,"id":4003} [ a: inf] 79205979 (..d333): run {"num":100000,"id":4002} [ a: inf] 79205979 (..d333): run {"num":100000,"id":4001} [ a: inf] 79205979 (..d333): run {"num":100000,"id":4000} [ a: inf] 79205979 (..d333): start {"num":100000,"id":4} [ current:1568403715500] 79205979 (..d333): run {"num":100000,"id":3009} [ a: inf] 79205979 (..d333): run {"num":100000,"id":3008} [ a: inf] 79205979 (..d333): run {"num":100000,"id":3007} [ a: inf] 79205979 (..d333): run {"num":100000,"id":3006} [ a: inf] 79205978 (..be91): run {"num":100000,"id":3005} [ a: inf] 79205978 (..be91): run {"num":100000,"id":3004} [ a: inf] 79205978 (..be91): run {"num":100000,"id":3003} [ a: inf] 79205978 (..be91): run {"num":100000,"id":3002} [ a: inf] 79205978 (..be91): run {"num":100000,"id":3001} [ a: inf] 79205978 (..be91): run {"num":100000,"id":3000} [ a: inf] 79205978 (..be91): start {"num":100000,"id":3} [ current:1568403715000] 79205978 (..be91): run {"num":100000,"id":2009} [ a: inf] 79205978 (..be91): run {"num":100000,"id":2008} [ a: inf] 79205977 (..d038): run {"num":100000,"id":2007} [ a: inf] 79205977 (..d038): run {"num":100000,"id":2006} [ a: inf] 79205977 (..d038): run {"num":100000,"id":2005} [ a: inf] 79205977 (..d038): run {"num":100000,"id":2004} [ a: inf] 79205977 (..d038): run {"num":100000,"id":2003} [ a: inf] 79205977 (..d038): run {"num":100000,"id":2002} [ a: inf] 79205977 (..d038): run {"num":100000,"id":2001} [ a: inf] 79205977 (..d038): run {"num":100000,"id":2000} [ a: inf] 79205977 (..d038): start {"num":100000,"id":2} [ current:1568403714500] 79205976 (..7686): start {"num":100000,"id":1} [ current:1568403714000] // UPDATE ROW table:kkks scope:mumachayinmm primary-key: sets flag to 1 // starts DDOS, schedules defered transaction of `start` // DDOS starts at result-block `targettime` + 1, where the resolve action should come // https://eosq.app/tx/9a027451fd1af9fa0aeea7d0632a5b62db8ff5eff2185d363c5ef86946ad7821 79205975 (..99be): dd {"ok":1} [] (9a027451fd1af9fa0aeea7d0632a5b62db8ff5eff2185d363c5ef86946ad7821) 79205969 (..d26e): run {"num":100000,"id":24009} [] 79205969 (..d26e): run {"num":100000,"id":24008} [] 79205969 (..d26e): run {"num":100000,"id":24007} [] 79205969 (..d26e): run {"num":100000,"id":24006} [] 79205969 (..d26e): run {"num":100000,"id":24005} [] 79205969 (..d26e): run {"num":100000,"id":24004} [] 79205969 (..d26e): run {"num":100000,"id":24003} [] 79205969 (..d26e): run {"num":100000,"id":24002} [] 79205969 (..d26e): run {"num":100000,"id":24001} [] 79205969 (..d26e): run {"num":100000,"id":24000} [] 79205969 (..d26e): start {"num":100000,"id":24} [ current:1568403710500] // UPDATE ROW table:kkks scope:mumachayinmm primary-key: sets flag to 0 // https://eosq.app/tx/12b62c8fe967e827a6b5a8b381c26a87debf82156547d1cab368541b1d22dcc7 79205968 (..20cb): dd {"ok":0} [] (12b62c8fe967e827a6b5a8b381c26a87debf82156547d1cab368541b1d22dcc7) // UPDATE ROW table:configs scope:mumachayinmm primary-key: sets `targettime` to result block time // 1568403713000 = "2019-09-13T19:41:53.000Z" which is +5 secs = 10 blocks from beginning of play 79205968 (..20cb): settime {"time":"1568403713000"} [] (ddf72b48b1f1776783f8f3fc1aaf093381dff03178a4b75bf6adc722aaa994e4) 79205968 (..20cb): run {"num":100000,"id":23009} [ a: inf] 79205968 (..20cb): run {"num":100000,"id":23008} [ a: inf] 79205968 (..20cb): run {"num":100000,"id":23007} [ a: inf] 79205968 (..20cb): run {"num":100000,"id":23006} [ a: inf] 79205968 (..20cb): run {"num":100000,"id":23005} [ a: inf] 79205968 (..20cb): run {"num":100000,"id":23004} [ a: inf] 79205968 (..20cb): run {"num":100000,"id":23003} [ a: inf] 79205968 (..20cb): run {"num":100000,"id":23002} [ a: inf] 79205968 (..20cb): run {"num":100000,"id":23001} [ a: inf] 79205968 (..20cb): run {"num":100000,"id":23000} [ a: inf] 79205968 (..20cb): start {"num":100000,"id":23} [ current:1568403710000] 79205967 (..9773): run {"num":100000,"id":22009} [ a: inf] 79205967 (..9773): run {"num":100000,"id":22008} [ a: inf] 79205967 (..9773): run {"num":100000,"id":22007} [ a: inf] 79205967 (..9773): run {"num":100000,"id":22006} [ a: inf] 79205967 (..9773): run {"num":100000,"id":22005} [ a: inf] 79205967 (..9773): run {"num":100000,"id":22004} [ a: inf] 79205967 (..9773): run {"num":100000,"id":22003} [ a: inf] 79205967 (..9773): run {"num":100000,"id":22002} [ a: inf] 79205967 (..9773): run {"num":100000,"id":22001} [ a: inf] 79205967 (..9773): run {"num":100000,"id":22000} [ a: inf] 79205967 (..9773): start {"num":100000,"id":22} [ current:1568403709500] 79205966 (..0d3a): run {"num":100000,"id":21009} [ a: inf] 79205966 (..0d3a): run {"num":100000,"id":21008} [ a: inf] 79205966 (..0d3a): run {"num":100000,"id":21007} [ a: inf] 79205966 (..0d3a): run {"num":100000,"id":21006} [ a: inf] 79205966 (..0d3a): run {"num":100000,"id":21005} [ a: inf] 79205966 (..0d3a): run {"num":100000,"id":21004} [ a: inf] 79205966 (..0d3a): run {"num":100000,"id":21003} [ a: inf] 79205966 (..0d3a): run {"num":100000,"id":21002} [ a: inf] 79205966 (..0d3a): run {"num":100000,"id":21001} [ a: inf] 79205966 (..0d3a): run {"num":100000,"id":21000} [ a: inf] 79205966 (..0d3a): start {"num":100000,"id":21} [ current:1568403709000] 79205965 (..eacf): run {"num":100000,"id":20009} [ a: inf] 79205965 (..eacf): run {"num":100000,"id":20008} [ a: inf] 79205965 (..eacf): run {"num":100000,"id":20007} [ a: inf] 79205965 (..eacf): run {"num":100000,"id":20006} [ a: inf] 79205965 (..eacf): run {"num":100000,"id":20005} [ a: inf] 79205965 (..eacf): run {"num":100000,"id":20004} [ a: inf] 79205965 (..eacf): run {"num":100000,"id":20003} [ a: inf] 79205965 (..eacf): run {"num":100000,"id":20002} [ a: inf] 79205965 (..eacf): run {"num":100000,"id":20001} [ a: inf] 79205965 (..eacf): run {"num":100000,"id":20000} [ a: inf] 79205965 (..eacf): start {"num":100000,"id":20} [ current:1568403708500] 79205964 (..f9bc): run {"num":100000,"id":19009} [ a: inf] 79205964 (..f9bc): run {"num":100000,"id":19008} [ a: inf] 79205964 (..f9bc): run {"num":100000,"id":19007} [ a: inf] 79205964 (..f9bc): run {"num":100000,"id":19006} [ a: inf] 79205964 (..f9bc): run {"num":100000,"id":19005} [ a: inf] 79205964 (..f9bc): run {"num":100000,"id":19004} [ a: inf] 79205964 (..f9bc): run {"num":100000,"id":19003} [ a: inf] 79205964 (..f9bc): run {"num":100000,"id":19002} [ a: inf] 79205964 (..f9bc): run {"num":100000,"id":19001} [ a: inf] 79205964 (..f9bc): run {"num":100000,"id":19000} [ a: inf] 79205964 (..f9bc): start {"num":100000,"id":19} [ current:1568403708000] // here is where a new attack seems to start, spam above is still from old attack and might be irrelevant // does the 5 * 600 EOS transfers to eosplaybrand at time = "2019-09-13T19:41:48.000Z" 79205964 (..f9bc): send null [] (eeff29dc49df7a2653ff08d58ad62e892311601b5b64c3689757ad8eb50f8290) 79205963 (..cec1): run {"num":100000,"id":18009} [ a: inf] 79205963 (..cec1): run {"num":100000,"id":18008} [ a: inf] 79205963 (..cec1): run {"num":100000,"id":18007} [ a: inf] 79205963 (..cec1): run {"num":100000,"id":18006} [ a: inf] 79205963 (..cec1): run {"num":100000,"id":18005} [ a: inf] 79205963 (..cec1): run {"num":100000,"id":18004} [ a: inf] 79205963 (..cec1): run {"num":100000,"id":18003} [ a: inf] 79205963 (..cec1): run {"num":100000,"id":18002} [ a: inf] 79205963 (..cec1): run {"num":100000,"id":18001} [ a: inf] 79205963 (..cec1): run {"num":100000,"id":18000} [ a: inf] 79205963 (..cec1): start {"num":100000,"id":18} [ current:1568403707500] 79205962 (..ab5a): run {"num":100000,"id":17009} [ a: inf] 79205962 (..ab5a): run {"num":100000,"id":17008} [ a: inf] 79205962 (..ab5a): run {"num":100000,"id":17007} [ a: inf] 79205962 (..ab5a): run {"num":100000,"id":17006} [ a: inf] 79205962 (..ab5a): run {"num":100000,"id":17005} [ a: inf] 79205962 (..ab5a): run {"num":100000,"id":17004} [ a: inf] 79205962 (..ab5a): run {"num":100000,"id":17003} [ a: inf] 79205962 (..ab5a): run {"num":100000,"id":17002} [ a: inf] 79205962 (..ab5a): run {"num":100000,"id":17001} [ a: inf] 79205962 (..ab5a): run {"num":100000,"id":17000} [ a: inf] 79205962 (..ab5a): start {"num":100000,"id":17} [ current:1568403707000] 79205961 (..b505): transfer {"from":"eosplaybrand","to":"mumachayinmm","quantity":"1176.0000 EOS","memo":"dice:win|79205934,21,under,50"} [] (8ca1bbdf384ce62637bf1625285a9d28e1fe8352d5912ae98517098722c9b42b) 79205961 (..b505): run {"num":100000,"id":16009} [ a: inf] 79205961 (..b505): run {"num":100000,"id":16008} [ a: inf] 79205961 (..b505): run {"num":100000,"id":16007} [ a: inf] 79205961 (..b505): run {"num":100000,"id":16006} [ a: inf] 79205961 (..b505): run {"num":100000,"id":16005} [ a: inf] 79205961 (..b505): run {"num":100000,"id":16004} [ a: inf] 79205961 (..b505): run {"num":100000,"id":16003} [ a: inf] 79205961 (..b505): run {"num":100000,"id":16002} [ a: inf] 79205961 (..b505): run {"num":100000,"id":16001} [ a: inf] 79205961 (..b505): run {"num":100000,"id":16000} [ a: inf] 79205961 (..b505): start {"num":100000,"id":16} [ current:1568403706500] 79205960 (..822f): transfer {"from":"eosplaybrand","to":"mumachayinmm","quantity":"1176.0000 EOS","memo":"dice:win|79205934,21,under,50"} [] (9c35a9736b786ac06cbb0fa43d194bb769ac4f2aef1b531a69a15a1babc0ee45) 79205960 (..822f): transfer {"from":"eosplaybrand","to":"mumachayinmm","quantity":"1176.0000 EOS","memo":"dice:win|79205934,21,under,50"} [] (7da2c30d11b85ec7846a555ce13538af38b9916f312a22d0fa691907b9ef8f3e) 79205960 (..822f): transfer {"from":"eosplaybrand","to":"mumachayinmm","quantity":"1176.0000 EOS","memo":"dice:win|79205934,21,under,50"} [] (b18271c589e514b29904a17d66d1a15cc4a3f555bcd158f40070f5b7653b098a) 79205960 (..822f): transfer {"from":"eosplaybrand","to":"mumachayinmm","quantity":"1176.0000 EOS","memo":"dice:win|79205934,21,under,50"} [] (5481443bdfd0078d14843f7b8bd03d6cfb735de6e27eaab83a44c1df7d1f45d3) 79205960 (..822f): run {"num":100000,"id":15009} [ a: inf] 79205960 (..822f): run {"num":100000,"id":15008} [ a: inf] 79205960 (..822f): run {"num":100000,"id":15007} [ a: inf] 79205960 (..822f): run {"num":100000,"id":15006} [ a: inf] 79205960 (..822f): run {"num":100000,"id":15005} [ a: inf] 79205960 (..822f): run {"num":100000,"id":15004} [ a: inf] 79205960 (..822f): run {"num":100000,"id":15003} [ a: inf] 79205960 (..822f): run {"num":100000,"id":15002} [ a: inf] 79205960 (..822f): run {"num":100000,"id":15001} [ a: inf] 79205960 (..822f): run {"num":100000,"id":15000} [ a: inf] 79205960 (..822f): start {"num":100000,"id":15} [ current:1568403706000] ``` ### Attack ❓The exact exploit is still unknown to me. One would need to game the `dicereveal` action. It decides over win / loss by taking the block id of the _result block_ which is the _bet block_ + 10 blocks. (Bet block is the block where the initial bet was made using the `eosio.token::transfer` action.) > The EOSPlay off-chain script that sends the `dicereveal` action always sent the block-id of the **result block**. Delaying the `dicereveal` action does not have any impact on the block-id used. > In fact, delaying or completely blocking the `dicereveal` action would just make the user lose, because he does not get his payout then. It seems to be partly a statisical attack. The attacker bets on _dice under 50_ and loses games from time to time. It's interesting to see that the spam stops around 5 blocks before the `dicereveal` action which decides win or loss and spam is scheduled by `settime`/`dd` actions for when the `dicereveal` action would be included in the block, result block + 1.