search

picone / picone.github.io

0 stars 0 forks source link

CryptoUnicorn RPG Game Exploit | ChienHo's Blog #2

Open utterances-bot opened 1 year ago

utterances-bot commented 1 year ago

CryptoUnicorn RPG Game Exploit | ChienHo's Blog

The cracking process of the blockchain game CryptoUnicorn RPG.

https://picone.github.io/2023/04/19/exploit-crypto-unicorn-rpg-game-en.html

Rob-lg commented 1 year ago

:wave: lgRob from the CryptoUnicorns core engineering team here.

This is excellent analysis, and I appreciate that you’re posting your research openly for everyone in the CU community, and the web3 gamedev community to learn from.

The project described in this case is our Team RPG Prototype, which is a demo game developed with one of our Second Party dev partners. The point of this early prototype is to “find the fun” and to give our DAO a an early look at how the game is evolving so we can hear their feedback and adjust the final experience.

To be clear: this prototype is client-authoritative and has no way of affecting funds on-chain or impacting the NFTs.

We take the security of every project in the CU universe seriously. As we add 2nd and 3rd party projects, we are creating more layers of security to slow down attackers and insulate the overall economy if one project is exploited. We can never out-smart all of the attackers on the internet, so our goal is to bend, not break.

Thanks for posting, please keep up the good work!

picone commented 1 year ago

👋 lgRob from the CryptoUnicorns core engineering team here.

This is excellent analysis, and I appreciate that you’re posting your research openly for everyone in the CU community, and the web3 gamedev community to learn from.

The project described in this case is our Team RPG Prototype, which is a demo game developed with one of our Second Party dev partners. The point of this early prototype is to “find the fun” and to give our DAO a an early look at how the game is evolving so we can hear their feedback and adjust the final experience.

To be clear: this prototype is client-authoritative and has no way of affecting funds on-chain or impacting the NFTs.

We take the security of every project in the CU universe seriously. As we add 2nd and 3rd party projects, we are creating more layers of security to slow down attackers and insulate the overall economy if one project is exploited. We can never out-smart all of the attackers on the internet, so our goal is to bend, not break.

Thanks for posting, please keep up the good work!

@Rob-lg I know this is a prototype. The key problem is that the leaderboard involves with money. I have also tried and successfully used these bugs to play in the browser. If I just play normally, I cannot win. If there is no money reward for this leaderboard, I don't think it's a problem at all.