Ethereum-based Gambling App FairWin Filled With Multiple “Critical Vulnerabilities”
An Ethereum developer has recently discovered that a critical vulnerability in FairWin used most of the network’s capacity. The R&D researcher of Horizon Games, Philippe Castonguay said that FairWin has even more vulnerabilities than the one previously mentioned:
“The [FairWin] Ponzi Scheme contains critical vulnerabilities that put all funds at risk. Spread knowledge (especially in Asia) Users need to withdraw their funds and stop interacting with the contract ASAP.”
In an interview with The Block, Castonguay added that is a FairWin a “ponzi scheme,” and also described the vulnerabilities:
“One allowing the owner/admin of the contracts to totally drain [the smart contract has $8 million ETH], one where the admin can prevent users from withdrawing forever and one where anyone, not just the owner, can steal new deposits.”
Stopping the Attacks By Draining Their Contracts
Nonetheless, this is a “fair” Pozi scheme, and even Castonguay agreed that the game’s description is that of a pyramid scheme, as it pays participants by using network effects.
Even though it has been accused a scheme, the game is highly popular on the Ethereum platform, especially among the Chinese audience. According to ETH Gas Station, the game has smart contracts worth over $8 million in ether – which is over 60% of the gas usage on the Ethereum network.
The chief executive of Ethereum project SpankChain, Ameen Soleimani, also echoed the same concerns regarding FairWin’s vulnerabilities, saying that the contract can be drained by owners and that “there is a separate attack black hats can do if the owners don’t stop it (by draining it themselves).”
As a response, the FairWin website says their app does not risk having stolen funds and they have been “securely authenticated” the smart contract code.
Users are responding to these issues, and we have seen it in the huge exodus of ETH in the past days, probably fearing someone would take advantage of the security flaw.
Andreas Townsend Author
I am a technical writer, author and blogger since 2005. An industry watcher that stays on top of the latest features, extremely passionate about finance news and everything related to crypto.