Topic: Finding a Bug (Read 650 times)

Sorry for the heads up on this one but i cant really just that easily accept that someone who do found a bug would really be just liking to have or get some THANKS.
Of course you would really be expecting something for some bounty based up on what you have found. The sad part when you do find an exploit which even if you do saw that its a major
one, you dont really receive any something in return but well they could really be able just simply tell you that the bug you have found is really just that minimal or something that critical.
Is there something you can do? of course none.

I think if you follow the thread you will read all what OP wanted to elaborate here because he had given everything and even telling the people here what had happened and his only demand is at least a THANK YOU for what have he done for the team , take not the Money because we all need this at appreciation for what have you done good is for me a better giving here.

On gambling site, the customer support service will definitely work 1x24 hours or they will respond to every customer report with excellent responsiveness because customers are the most valuable group.
Talking about BC, it seems that there are several reviews which state that support needs to be improved, but from every problem that occurs it can also be seen that support certainly solves many problems and also responds to every complaint made by customers.
The casino team needs to research and investigate every problem that occurs so I don't think delay in responsiveness is too fatal, but with improvements in support they might be able to ensure customer satisfaction and comfort.
I use several gambling sites but so far I feel really good satisfaction because there are no problems whatsoever and I always get good responsiveness from the support of each site I use.

It is always better to report any problems that occur to the gambling site support because they can be handled more quickly and you can get the right solution.
Not all problems that occur can be sent by PM to their Bitcointalk account because not all customers themselves are members of this forum.

Kind of an ignorant reply in my opinion. I have created no FUD of any kind and even cleared stated I wasn't at all trashing BC Game. I have proof via screen recordings of the bug and how the bug allowed me to control the crash game. I proved to BC Game support staff via BC Game test server and can confirm as of now that the bug and how it was exploited has been fixed by BC Game because it is no longer exploitable. To be honest I've been monitoring the crash game since I reported the bug and I now see the game results showing more yellow crashes mixed in with red and green then prior weeks. Call it what you will but 2 days after I reported the bug seems crash is more stable. 🤔
I will continue to wait for BC support to reply to me if they wish and best case scenario get $ bounty or worst case a half hearted thanx. Can't post 15 minutes of screen recording anyway.

Most Casinos will only accept a report if it has a viable security impact with a PoC and not a general report from a scanner tool.

I'd recommend asking the casino if they have a private bug-bounty program either internally or externally (i.e, operated by BugCrowd, HackerOne, intigriti)

One of the best things that a certain platform or company should have is to have that kind of active support or really that fast when it comes to responding on which it do really sucks when you are really that long time waiting for some reply specially that this one talks about some bugs or exploits on which simply this is really a security concern on which it is really just that normal
that they should really be attentive if someone on their players had discovered it out, or maybe they did really do such thing intentionally just for them to avoid on giving out some
reward or bounty on such find? Just like been said it would really be just that depending on the severity of such bug whether its crucial or really just that minimal.

To sump it up there were many scam accusation that took time to receive replies so as a sign of good faith, BC started a support account on the forum, see: https://bitcointalksearch.org/topic/introducing-bcgame-support-team-building-trust-and-transparency-5475418

From what I can see, there is def a significant improvement on their side but I'm not expecting it to be perfect hence it wouldn't be weird if slow replies happened in a couple of cases. There's also the fact that each cases have different complexities -- my logic to this is that simple queries will be the fastest to get a response as oppose to complex ones.

Mostly players don't have much knowledge regarding those bugs and they aren't bug bounty experts either but sometimes a player with sharp mind can find some easy bugs that aren't related to code but can be accessed via the UI of a website. It requires specialized knowledge of hacking and programming to find the bugs in a casino or a game that a casino offers and I'm really sure that most of the players don't even care about such bugs because they mainly play to test their luck and if their luck is good then they can easily win against the casino's house edge.

Let's assume if a player is expert at finding bugs then surely that player will spend more time to find those bugs rather than playing the game. I have noticed that very few players are interested in finding bugs in casinos and I have never seen casino sites to offer good rewards to those players or those people who can find bugs. But, it's a sure thing that if someone tries to help a casino by finding some bugs of their platform then they will at least get some rewards for doing that.

Really,  is the support that inactive?

Because at some point there is a lot at stake if casino support becomes inactive or not responsive to tickets and issues that are as serious as this being left unattended is a significant bad role of the support.

And if this bug report by ops is actually true and the support behaviour as this is also true it then means that BC games will be under a lot of losses without the knowledge.

You sure it's a case closed already? BC is def one of the reputable casinos but I remember one of their most received criticism was that they need to up their support game so perhaps their reply may just take time. I saw you posted about sending a PM to their bitcointalk account, what about writing on their main website?

The OP has updated the information about the problem at hand. According to him, the online casino does not respond to his request, and he does not even ask for a reward. Anyone else in his place would simply continue to exploit the vulnerability in the operation of the casino: I mean, if this mistake directly affected the ability to withdraw funds that are not on the account, for example. Online casinos should conduct bug bounties on an ongoing basis and increase the level of communication with customers.

Nowadays having a bug hunting program is highly recommended for all casinos online, because otherwise they are facing an unnecessary risk. I hope the OP is eventually rewarded because it is in the best interest of both parties. My two sats.

That is the problem if the site doesn't have bug bounty program. You can't force them to pay or give you some reward for your work.
But if you want clear conscience, you can report it to them without waiting for any incentive.
After all, they are not forcing you to report. It is in your morality whether you report it or exhaust this opportunity for your own gain.
Either way, it is all on you at the end of the day. The management will just according to what the owners wanted them to do.

From the look of things,  the ops are up to a system that is not clearly open to the general public,  because to some extent it looks like ops have nothing to show for it and since the casino team themselves have paid no attention to the claim,  that leads us to more curiosity as of what we can't expect from the ops claims,  and judging from ops recent communication also I have lost trust in him and at some point,  I feel he is just trying to create a fud around.

So that we can't take him seriously on his claims of possible bugs in the BC games system and if he has anything he can come up with evidence as proof of his claim and then the whole community will clap for him for his noble act.

that is true, check the section of the terms regarding bug-related protocols for the site. because if they have, they have certain requirements to comply with. because not all sites have their rules on this bounty. however, for ethical purposes, one can always contact their support and ask for assistance about such concern. it is your conscience that will direct you if you will tell them about your discovered bug or just siphon their vaults for your own pocket.


i believe it is his own disposal if he is true to intentions in helping the site about the bug or not. because let's say the site is not giving some incentives, are you going to submit your discovered bug or are you gonna exploit it? now, that is for you to contemplate about. because if you reach them and not reaching back, and you feel your time is being wasted, then, it is for you to decide what to do with the bug you discovered.

I'm not going to comment on the bug itself  as no PoC has been provided (I don't think it's ethical to post it publicly without the casino's consent, anyways).
However, I wanted to salute you for your honesty and reporting the bug instead of exploiting it and milking the casino's wallets dry!
I also wanted to share my opinion on your second question:
You can't hold them accountable especially if they don't have a bug bounty program. Even those who have it but don't want to pay you can claim it's a duplicate and reject your report.

In summary to that, that thought only exist in your head, since the BC game team have seen that your reports for nnthe bug is not worthy of any attentions and how best you are truthful to yourself, and if their act as if nothing is wrong with the system and there is no bug which their have not stated any ways, but be sure that the only way we can believe you is when you share some screenshots since you said you have some of them at your disposal.
Any ways, I think the best way is to try more to get in the touch with the support and hear their own side of the story, but also note that when a player fine a bug in he system, it is noble enough for them to report the said bug the the team instead of exploting them

Happy us all, the problem has been finally fixed, that's the most exciting news about the whole thing, am also happy that you're able to arrived at something to conclude on, it's something to also write about because you're been attended to and they made a response to you as requested, there's no how you can make use of a gambling platform and never have anything to experience about the, be it bad or good, everything is being sum up to how we feel the fun in gambling.

I understand all that you say. And we can`t do anything with it. The only thing we can do(if we decide to show the bug) is to make several screenshots that can prove that this bug was fixed after our information. If we post it several times - nobody will tell the casino about bugs. Or we can use this bugs. Everybody can choose his own way but the only thing i`m sure in - the casino hurts himself with such ignoring bug hunters.

Really depends on a certain company whether they would really be giving out that kind of amount as shown for appreciation on finding a bug, i do agree on what others been saying that there's no such thing about perfect security or perfect coded website on which there would really be errors that could possibly exist but its true that before they would really be making that main launch then everything is already set and pretty sure that
they had already polished it out when it comes to those bugs and fixes. Now on what op had been able to find out then it is really that indeed neither a serious or a small issue on which they wont really be
tending to give out any rewards not unless if its a major one but its true that they can fix it out silently without telling or giving out some response on the said report.

On which they would really be just simply ignore or deny that it wasnt an issue. For those gamblers who do really be able to report those bugs and exploits and expecting something for some reward
then it would be better that you shouldn't because not everytime they would really be giving out that kind of reward or bounty on the thing that you have found out.
Luck you if they would be reconsidering those things you had reported but we know that not all would really be having that consideration and just simply ignore you.