Ethereum FairWin class fund project has a contract balance that is “short” risk

According to blockchain security company PeckShield data, recently, a fund disk project called FairWin is particularly eye-catching, and its daily utilization of Gas accounts for nearly half of the total amount of Gas that can be carried by the Ethereum network. An in-depth analysis by PeckShield security personnel found that FairWin smart contracts have a fatal flaw, allowing users to create fake bets to capture the remaining funds in the prize pool. Specifically: FairWin Smart Contract has a remedy() interface. If the contract Owner does not close actStu via closeAct(), any user can modify the bet data through the remedy() interface, thus achieving a large amount of forgery in the case of 0 input. Funding is invested and the contract balance bonus is withdrawn via userWithDraw(). As of now, there are no known attacks, and the FairWin contract Owner has closed actStu, and the potential threats have been temporarily removed. However, there are still FairWin-like disks on the Ethereum network, and such threats may exist. PeckShield recommends that players be wary of such threats when participating in such funds games, and promptly withdraw funds from bets to ensure that digital assets are protected from attack losses.