Bitcoin

Spin to Win Exploit






avatar

Viking1984

bp Newbie


Posts: 36
Likes: 1
Not sure if I should be posting this in the forum or emailing Admin direct.
Hopefully Admin sees this ASAP.

Spin to Win is exploitable:
Click "play again" or refresh page after wheel stops, before coins are awarded (scroll across screen).
No Tokens used, no Coins awarded. But, I've been able to get 400 Coins x 5 using this method.

I like the Spin to Win game because it's guaranteed minimum is 1250 coins per 5 attempts.
I have some internet trouble. Not sure if it's only in Australia (many of my neighbours have started complaining about buffering pages and general slowdown since Jan 1, 2017).

It is also possible, that it is due to my slow/choppy internet that I am able to use this exploit.

The wheel spins fast, gets stuck, spins fast, gets stuck...until I can visibly see it is slowing down. At the point when the wheel stops and I know what my payout will be, I have up to 3 seconds before the "pop-up" appears showing the reward.

Like I said, I can reproduce this every time.
Perhaps someone else can verify this as well, so we know it's not just me.

Thanks for a great site, Admin. It's looking great so far.

Regards,

Viking1984

Just ran a few more "tests" as my pages load better than normal (feels like a bottle-neck when it slows down).

It's definitely a lot easier when my connection is crappy.
I suspect it has something to do with the way the user pc and server communicate. It's almost like the server is waiting for a verification response from the user pc before awarding the reward (split second between wheel stop and award appears on screen).

The more my lag, the more time I have to successfully exploit.

This should not be a problem in general, as internet speeds should not be crappy like mine (Get this...National Broadband Network they call it. Fibre optic cable from inside my house to the exchange. Took them about 6 years to connect about 5 million users, out of a population, mostly urban, of just over 20 million. Touted as the best thing since sliced bread. Only, we're not getting the promised 250MB/s. In fact, my old ADSL2 upgraded on steroids for an extra $20/month was faster and more reliable)
Anyway, sorry, I'm ranting.

Yeah, might only be Australians and other third world countries that can use this exploit ;)
But I figured it best to bring it to your attention.

I did notice after too many clicks in a short amount of time, the message box upper right does give me an error.
The only way I can think of to stop this exploit is maybe writing some code (though, I'm not a coder) that analyzes user response times, ie.:

Because the server and user pc takes time to communicate, and this time is not constant as it depends on all kinds of factors, the only way to prevent this is by implementing a cool-down period. Say, the screen locks (no input accepted) until the wheel has finished spinning and reward verified.

Sorry....long post for such a small thing. But I hope I've explained everything.


Last edited on 22 Jan 11:00 AM


22 Jan 10:27 AM

avatar

Admin

bp Jr. Member
bp Admin
bp Moderator


Posts: 110
Likes: 14
Hello Viking1984,
The Spin To Win game, like the others, is javascript based. Yes, javascript could be a bit snappy if run while the page is still loading.
Although we have made it a bit tougher, still, anyone with very good knowledge of javascript and html can manually try to win 400 coins each time.:pinch:
(that is because javascript is accessible on client side)

You said an error occurs after 4-5 times, you actually run out of tokens...;)
So to make that effort not worth it, we've increased all rewards closer to the highest one. We have some upgrades pending which will stop this javascript exploit in other games like Bunny hunt and also make it much more interesting.
These upgrades will be implemented in 1-2 days as soon as the forum is upgraded completely.

No, the reward calculated is totally random and takes place at the user end. Once calculated, it is sent back to server for processing which then sends the output back to client.
Glad you like Bitplay.:)
Thanks.

Last edited on 22 Jan 11:46 AM


22 Jan 11:03 AM

avatar

Viking1984

bp Newbie


Posts: 36
Likes: 1
Ahh, good old Javscript :p

Thanks for the explanation. Makes sense now.

I hope all these things get fixed. I would hate to see someone try to clean you out with such bad "sportsmanship".

I haven't tried Bunny Hunt yet, as I use FF and try to stay clear of Chrome. But with all the issues (well, nothing new, haha) I have with FF, I might put aside my pride and go Google, lol.

That's great to hear, that the site is under active development. I can see you have big plans.
Let us know in the forum about any new changes and we can have a look at those pesky bugs that always seem to creep in.

Keep up the good work,
Regards,
Viking1984

Last edited on 22 Jan 6:33 PM


22 Jan 6:21 PM

avatar

RetroSun

bp Newbie


Posts: 1
Likes: 0
^Thanks for this Infomation,
appreciate it 


27 Jan 1:13 AM

avatar

Edidzis

bp Newbie
bp Moderator


Posts: 24
Likes: 3
Thanks for update. There Could be even more sections of different rewards :) You could make very small gap with 10 000 coins why not :)


28 Jan 1:25 AM

avatar

Edidzis

bp Newbie
bp Moderator


Posts: 24
Likes: 3
After last update the wheel is stopping on the line between 450/350 and notification comes out - You have earned coins!
How many coins did I just earned? 0 3 times in raw :):) is it normal?

Update:
10 times in raw.. even changed the power of rotation, it takes tokens but gives 0. wont even try more of this... :)

Last edited on 28 Jan 2:01 AM


28 Jan 1:32 AM

avatar

Viking1984

bp Newbie


Posts: 36
Likes: 1
I was just about to report this myself ^points up^


In other news, the updated Spin and Win loads much better for me now. Runs a lot smoother too.
And the new payout amounts are greatly appreciated and makes much more sense now. Missing a high amount going into a low amount is cringe-worthy indeed :P Noooo, stop....stop!! Nooo, don't stop, just a little bit more....aaaarrgghh!! LOL!!

Last edited on 28 Jan 1:32 PM


28 Jan 1:29 PM

avatar

Admin

bp Jr. Member
bp Admin
bp Moderator


Posts: 110
Likes: 14
Hello @Edidzis,
Thanks a lot, it was a small exception possible case, a bug in the last update. It has been fixed, thanks for reporting.:sm29:

Yes, Viking1984, I do understand that feeling :sm17:, however the rewards are server side calculated now and are completely random, no biasing, the win amount % is exactly as shown in the wheel ( to the degree precision:D).

Last edited on 28 Jan 11:42 PM


28 Jan 11:38 PM

avatar

duman3338

bp Newbie


Posts: 1
Likes: 0
Great Game :D


31 Jan 3:00 PM