How to trading-win in Splinterlands

For example account: "haigame4744"

  1. Submit sm_find_match and get battle_queue_id: sl_9dc7d70313fe57fcbdecb2b59d408df8

  2. Send battle_queue_id: "sl_9dc7d70313fe57fcbdecb2b59d408df8" to the database

  3. https://api2.splinterlands.com/players/outstanding_match

https://api2.splinterlands.com/battle/status?id=

From 1 of the 2 links above, get value

opponent: "sl_c95d69e6389a586d8483c2588fc10170"

  1. Send "opponent" into the database and compare if 2 accounts have "battle_queue_id" = "opponent".

From there, they will identify 2 accounts in the same bot farm or bot app that are matching in the battle. They will calculate which account wins will be more profitable and do trading-win


Example: "anpht" is a bot farm do trading-win

Check hiveblocks these accs from (Picture Screenshot 1) "haigame4744","haigame2520","gamecoin5702","gamecoin2005","haigame4904",...
Screenshot.png

They send sm_token_transfer to "anpht" (Picture Screenshot 2)

Screenshot 2.png


Solution: Delete or hide "opponent" like "opponent_player": "???", it will not be possible to identify the 2 accounts in the battle with the same bot farm or bot app

Will I get a reward for finding this vulnerability?


Thank you



0
0
0.000
8 comments
avatar

good catch I hope you get this recognized as a problem

0
0
0.000
avatar

Unfortunately, I think that's more of a feature than a bug. The team has said before that it's frowned upon but still allowed.

!BEER

0
0
0.000
avatar

I would suggest asking the DEV team in Discord. You can also maybe post this in the Splinterlands community for more visibility.

0
0
0.000
avatar

Congratulations @anhdaden146! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)

You distributed more than 12000 upvotes.
Your next target is to reach 13000 upvotes.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Check out our last posts:

The Hive Gamification Proposal
Support the HiveBuzz project. Vote for our proposal!
0
0
0.000
avatar

Nice catch! The more exploits and vulnerabilities we find for the team to fix, the better SL will be. :)

0
0
0.000
avatar

Thank you so much. I'm so grateful. God bless your work and family too. You will never see this kind of fire disaster or experience it. Amen. @anhdaden146

0
0
0.000
avatar

I hope they adress this issue soon, i gonna try to talk to the team about it.

0
0
0.000