Blockchain games out of bugs, hard forks to protect user rights?

Guide: On October 14th, Cheeze Wizards was on the Ethereum main online line. In less than 24 hours, the player @samczsun told the official that there is a serious bug in the game contract, and using this bug can be invincible. Cheeze Wizards then decided to use a forked solution to protect the user's rights. Cheeze Wizards has fixed this bug and deployed a new smart contract. The 178ETH lost in the prize pool has also been added, but CW has not closed the problematic game but made it a hacker.

Bug

Let's first take a look at how a normal Chivalo showdown is done:
  1. Player A challenges player B
  2. Player B accepts and submits a move
  3. Player A responds and submits a move
  4. Player A reveals the trick
  5. Player B reveals the trick
  6. Smart contract ruling battle results
  7. Duel animations are generated on cheezewizards.com and players can see the results
Let's take a look at the matchup method if Player B uses the "Bell of Death" bug:
  1. Player A challenges player B
  2. Player B accepts and submits a move
  3. Player A responds and submits a move
  4. Player A reveals the trick
  5. Player B deliberately times out without revealing a move (90 minutes)
  6. Player B maliciously calls the resolveTimedOutDuel(rTOD) function, which turns both entrants into player A, causing player A to be both a winner and a loser.
Malicious call: function resolveTimedOutDuel(WIZARD-A, WIZARD-A) Normal call: function resolveTimedOutDuel(WIZARD-A, WIZARD-B)
It is not difficult to find that the difference between the two is that in the fifth step, the player B, who should have revealed the trick, uses the procrastination tactics to exhaust the time, and then maliciously calls the above function (a function that solves the exhaustion time exhaustion) to achieve a stable win.
The malicious call function will exhaust the energy of Chiba A, player A is judged to be negative, but Chiba B will also be inactive. At this time, player B calls resolveTimedOutDuel (WIZARD-B, WIZARD-B) to fix the error status.
At this time, the fact that the energy of the singer A disappeared cannot be changed, and the singer B is unscathed. (Note that in the process of exploiting this bug, energy was not transferred from A to B). Of course, a malicious third party can also call the rTOD contract to destroy the energy of the Chiba A, which does not have to be triggered by Player B.
Cheeze Wizards' smart contracts are carefully designed so once they are released, they will not be able to withdraw bonuses from the prize pool (or otherwise change any tournament status). Therefore, the only way to resolve this bug is to deploy a new contract.
There are already 150 wallet addresses in the problem contract, with a total value of 175 ETH. Now, $40,000 is locked in the contract, and winning the tournament under the current battle logic is the only way to get the bonus .
The bad news is that some of the Chichi divisions currently numbered below 6133 have been affected. The game officially provides Txhash for players to refer to:
Https://etherscan.io/tx/0x0d497ea959406909edad945d332d0aa1ed2a41273c694ad385910720af2f86f3
The good news is that the bug doesn't break the entire game. As a regular player, you are almost unaffected. And in the case of allowing this kind of dirty fighting style to exist, the Chiba Tournament can still continue. Officially referred to as the Cheeze Wizard: Unpasteurized.
The so-called unsterilized version refers to the version of the Cheeze Wizards smart contract deployed by Dapper Labs on October 14, 2019. The unsterilized version contains the above bugs, which can be exploited by malicious players to attack the average player's energy, especially those who use the web interface to access the game. But Cheeze Wizards officially said that this bug will make the game more interesting for some tech players who like to play tricks.

Where is the bug "fun"?

As mentioned above, it seems that Player A has always been a victim. They regularly showed their game moves submitted before, and then their energy was gone. Of course, Player B can't absorb this energy, but he successfully eliminated the opponent so that Player A can no longer continue to participate in the game.
Unless…the interesting place is coming.
Player B risked not revealing his moves. According to Cheeze Wizards rules, not revealing that a successful submission means automatic waiver.
At this time, if Player A or the system calls the rTOD method in the correct way before Player B maliciously calls rTOD, submit the correct parameters: function resolveTimedOutDuel(WIZARD-A, WIZARD-B), Player A will win and get All the energy of Player B!
So the new gameplay was born. If the player determines that the opponent is ready to use the bug to deal with himself, then he can use the correct call to rTOD to take away the opponent's energy. The key to winning and losing is who is the first to call rTOD (DR partner note: even at the same time, the gas fee high transaction will be faster packaged by the miners).
But honest players have an advantage: they can eliminate dishonest players and absorb their energy when they win. If the honest player wins, they will only eliminate the honest players and not let them get more energy.
And don't forget, the Cheeze Wizards officially runs a background program to monitor whether there are more than 90 minutes of unrecognized moves, and once found, the correct rTODs method is automatically triggered .
It should be noted that: Unsterilized version of Chichi is not suitable for all players. Participants need to be fully aware of the risks. Many players will run automated scripts to ensure they are the first to trigger the rTODs method, either as honest or dishonest. Players need to think about whether they have the guts to play this fun game. So, find a way to suit yourself and join the unsterilized version of Chiba.
Let's dive into the code level.

View bugs at the code level

The cause of the incident was that the two players submitted moves to each other in the battle, one of whom intentionally or unintentionally did not reveal the moves he had released. At this point, Cheeze Wizards allows the player to initiate a "unilateral disclosure" deal in order for another player to end the long battle. This is actually a special case that will not be met in normal games.
The rTOD vulnerability only occurs in one situation, that is, in combat. One player has revealed the move and the other player has not revealed the move until the time limit (90 minutes). When only one side reveals the move and then the other waits until the time limit expires, any malicious user can call the rTOD contract in the wrong way to freeze the energy of the honest player .
Suppose that honest player A is using the #1000 Chichi division to fight player B using the #2000 Chichi, player B intends to use the "Death Bell" bug. Both wizards chose their own moves to enter the duel. Player A shows his trick, and Player B waits for the duel timeout and calls resolveTimedOutDuel(1000, 1000). Let's take a look at some of the code in the smart contract:
Eventually, the smart contract performs an energy transfer, arguing that the contract transfers all of the energy to the winning Chichi, and then drains the energy of the failed Chime. However, since both wiz1 and wiz2 point to an index (#1000), first double the energy of the #1000 Chichi… and then drain him . Fortunately, this error can be easily fixed by adding a simple require statement at the top of the function to ensure that the two sorcerer IDs are different.
Require(wizardId1! = WizardId2, "Same Wizard")
This smart contract has been officially reviewed by Sigma Prime, and Cheeze Wizards believes that there are no other issues that can prevent the game from proceeding as expected.
Seeing this, I think everyone already knows that it takes a certain technical threshold to play the unsterilized Cheeze Wizards. If you are a hacker who wants to eat black, please skip to unp.cheezewizards.com. Ordinary players please still participate in cheezewizards.com.