Tower Defense Presale Data Review - Automated purchasing is scary.
Correction:
Since this post I have discovered that the presale clock is based on your computers clock. What this means is that some users whose time is slightly off got access to the presale sooner than intended and may have resulted in premature buys.
This is also how users are figuring out the sale id details in advance. This is exploitable and needs to be addressed.
Special Data drop regarding the Tower Defense presale.
I have reviewed the data from the chain and there are some disturbing things going on.
The First transaction is in block #68082562
The presale started on block #68082638
This means that the data was leaked ahead of time again and people attempted to purchase before the store opened.
Thankfully all the transactions were rejected. There were 33 in total.
The following accounts tried to pre-buy. Maybe someone can do some digging on this.
@itsmyvault
@tillytots
@gfriend96
@makakka
@gienpeart
@tarabh
@theyachtclub
@losgemanos
@danfro
@elessedil
The website loaded pretty slow for me so it took 8 blocks from the start of the presale before I could buy.
Luckily there was enough supply for everyone.
However I have more to share. In the town hall yesterday I asked about the team making changes to prevent on chain only buys
Matt responded that did not intend on doing this.
I strongly believe that data drives change and so I wrote a 140 line program to snipe the presale.
I used 25 accounts (as there is a 5 tx per block limit for hive) to try to purchase 500 TD packs 5 times.
I manually bought my packs and then loaded hiveblockchain to copy the id and type for the transaction. This could easily be automated but I was somewhat lazy as this is only a tech demo.
I am confident I could have had the auto-buy program in the 2nd or 3rd block had I automated.
The transactions failed due to not having funds or vouchers on the accounts except 1 which was for 1 pack.
the account that I autobought the pack with was @peppabbacon
It was given away on the splinterlands TV stream shortly after the presale start by @bunsbagsandcaps via deathwheel.
I didn't feel right buying advantaged packs but I wanted to make sure it would work.
I was able to get all 126 transactions (1 extra for the single pack purchase) in 7 blocks total.
In one block I was responsible for 46% of the purchase attempts.
I am sure with some tweaking I could make this faster and easier to use.
I only spent an hour or so writing the program.
Also note I only used 25 accounts (out of the 95 I own) yes I used to bot. I dont anymore though.
This cannot be the future.
I know it is too late for the team to push changes to the runie sale, but I hope they will strongly consider changes that force website use in the future.
For now I will not be sharing my code though any reasonably competent programmer could duplicate it.
I will not be using it myself.
That's all for today.
Please discuss below.
Sincerely,
Cdr. Chaos
Thanks for highlighting this! Given the team’s thoughts on avoiding exploits, I hope they take action for those of us that are technically limited.
"The following accounts tried to pre-buy" sounds like everyone in your list was trying to exploit the system.
I can at least tell you that I did try to purchase on the normal site. As soon as the countdown was over I refreshed and tried to buy 10 packs - the first time I got an error message, so I tried again until I got the packs I wanted. I believe that is probably what happened to the others too.
I posted an update. Apparently the clock used for the countdown is the users system clock. This caused some to have access early intended or not. Those accounts did try to pre-buy and the transactions failed. I was not expressing intent as that is not something I can prove. I am sorry if it came off that way.
@chaoscommander Hi I'm number 1 on your list. I found it really frustrating that the livestream of the sale was off for a couple of minutes, because from my POV the page auto-refreshed and I could buy already.
I spammed the buy button because of my FOMO. I got 23 packs in total 😁. I now know my computer clock is wrong (+/- 4 minutes).
@losgemanos There was no intention from me of exploiting the system.
@chaoscommander Thanks for being alert and taking the time to post a topic like this.
Hopefully this will be fixed for future sales so it is fair for everyone. @splinterlands
@chaoscommander Hi I'm number 1 on your list. I found it really frustrating that the livestream of the sale was off for a couple of minutes, because from my POV the page auto-refreshed and I could buy already.
I spammed the buy button because of my FOMO. I got 23 packs in total 😁. I now know my computer clock is wrong (+/- 4 minutes).
@losgemanos There was no intention from me of exploiting the system.
@chaoscommander Thanks for being alert and taking the time to post a topic like this.
Hopefully this will be fixed for future sales so it is fair for everyone. @splinterlands