Pages:
Author

Topic: Finding a Bug (Read 650 times)

hero member
Activity: 2926
Merit: 722
DGbet.fun - Crypto Sportsbook
February 16, 2024, 04:06:10 PM
Most Casinos will only accept a report if it has a viable security impact with a PoC and not a general report from a scanner tool.

I'd recommend asking the casino if they have a private bug-bounty program either internally or externally (i.e, operated by BugCrowd, HackerOne, intigriti)
I think if you follow the thread you will read all what OP wanted to elaborate here because he had given everything and even telling the people here what had happened and his only demand is at least a THANK YOU for what have he done for the team , take not the Money because we all need this at appreciation for what have you done good is for me a better giving here.
Sorry for the heads up on this one but i cant really just that easily accept that someone who do found a bug would really be just liking to have or get some THANKS.
Of course you would really be expecting something for some bounty based up on what you have found. The sad part when you do find an exploit which even if you do saw that its a major
one, you dont really receive any something in return but well they could really be able just simply tell you that the bug you have found is really just that minimal or something that critical.
Is there something you can do? of course none.
full member
Activity: 2590
Merit: 228
January 09, 2024, 08:07:47 AM
Most Casinos will only accept a report if it has a viable security impact with a PoC and not a general report from a scanner tool.

I'd recommend asking the casino if they have a private bug-bounty program either internally or externally (i.e, operated by BugCrowd, HackerOne, intigriti)
I think if you follow the thread you will read all what OP wanted to elaborate here because he had given everything and even telling the people here what had happened and his only demand is at least a THANK YOU for what have he done for the team , take not the Money because we all need this at appreciation for what have you done good is for me a better giving here.
hero member
Activity: 1302
Merit: 503
Leading Crypto Sports Betting & Casino Platform
January 08, 2024, 10:43:29 PM
Just an update on the whole thing. Never requested or demanded a bounty but I did expect a reply which never happened.

You sure it's a case closed already? BC is def one of the reputable casinos but I remember one of their most received criticism was that they need to up their support game so perhaps their reply may just take time. I saw you posted about sending a PM to their bitcointalk account, what about writing on their main website?
On gambling site, the customer support service will definitely work 1x24 hours or they will respond to every customer report with excellent responsiveness because customers are the most valuable group.
Talking about BC, it seems that there are several reviews which state that support needs to be improved, but from every problem that occurs it can also be seen that support certainly solves many problems and also responds to every complaint made by customers.
The casino team needs to research and investigate every problem that occurs so I don't think delay in responsiveness is too fatal, but with improvements in support they might be able to ensure customer satisfaction and comfort.
I use several gambling sites but so far I feel really good satisfaction because there are no problems whatsoever and I always get good responsiveness from the support of each site I use.

It is always better to report any problems that occur to the gambling site support because they can be handled more quickly and you can get the right solution.
Not all problems that occur can be sent by PM to their Bitcointalk account because not all customers themselves are members of this forum.
newbie
Activity: 12
Merit: 0
January 08, 2024, 10:01:25 PM
Wait a little bit OP, are you doing this just to get your reward or you're being passionate about seeing a bug being reported, another thing I would have suggested is for you to go through their own announcement thread to make such a report there or directly to their representative, this is one of the advantage of having their announcement thread here for a discussion on their service, let's see maybe you could get some attention either, but I will employ that you remain less desperate about receiving a reward on it.
From the look of things,  the ops are up to a system that is not clearly open to the general public,  because to some extent it looks like ops have nothing to show for it and since the casino team themselves have paid no attention to the claim,  that leads us to more curiosity as of what we can't expect from the ops claims,  and judging from ops recent communication also I have lost trust in him and at some point,  I feel he is just trying to create a fud around.

So that we can't take him seriously on his claims of possible bugs in the BC games system and if he has anything he can come up with evidence as proof of his claim and then the whole community will clap for him for his noble act.

Kind of an ignorant reply in my opinion. I have created no FUD of any kind and even cleared stated I wasn't at all trashing BC Game. I have proof via screen recordings of the bug and how the bug allowed me to control the crash game. I proved to BC Game support staff via BC Game test server and can confirm as of now that the bug and how it was exploited has been fixed by BC Game because it is no longer exploitable. To be honest I've been monitoring the crash game since I reported the bug and I now see the game results showing more yellow crashes mixed in with red and green then prior weeks. Call it what you will but 2 days after I reported the bug seems crash is more stable. 🤔
I will continue to wait for BC support to reply to me if they wish and best case scenario get $ bounty or worst case a half hearted thanx. Can't post 15 minutes of screen recording anyway.
jr. member
Activity: 40
Merit: 3
January 07, 2024, 06:02:52 PM
Most Casinos will only accept a report if it has a viable security impact with a PoC and not a general report from a scanner tool.

I'd recommend asking the casino if they have a private bug-bounty program either internally or externally (i.e, operated by BugCrowd, HackerOne, intigriti)
hero member
Activity: 2996
Merit: 609
January 07, 2024, 04:57:12 PM
If you are some sort of a programmer or having that coding experience and bug expert for you to find out those exploits and holes then it would be that easy but there were people who do able to find out bugs naturally specially to those who are really that making some gambling on the site itself on which they would really be expecting for some bug bounty or rewards on which it would really be that depending on a certain site whether they would really be considering those finds or wouldnt really be giving at all. It would really just vary on a certain individual on which not all people would really expecting somehow into those finds not unless if its really that a crucial find or exploit or bug then they might be expecting something.
The OP has updated the information about the problem at hand. According to him, the online casino does not respond to his request, and he does not even ask for a reward. Anyone else in his place would simply continue to exploit the vulnerability in the operation of the casino: I mean, if this mistake directly affected the ability to withdraw funds that are not on the account, for example. Online casinos should conduct bug bounties on an ongoing basis and increase the level of communication with customers.
One of the best things that a certain platform or company should have is to have that kind of active support or really that fast when it comes to responding on which it do really sucks when you are really that long time waiting for some reply specially that this one talks about some bugs or exploits on which simply this is really a security concern on which it is really just that normal
that they should really be attentive if someone on their players had discovered it out, or maybe they did really do such thing intentionally just for them to avoid on giving out some
reward or bounty on such find? Just like been said it would really be just that depending on the severity of such bug whether its crucial or really just that minimal.
hero member
Activity: 2786
Merit: 902
yesssir! 🫡
January 07, 2024, 04:46:41 PM
Really,  is the support that inactive?

Because at some point there is a lot at stake if casino support becomes inactive or not responsive to tickets and issues that are as serious as this being left unattended is a significant bad role of the support.

And if this bug report by ops is actually true and the support behaviour as this is also true it then means that BC games will be under a lot of losses without the knowledge.

To sump it up there were many scam accusation that took time to receive replies so as a sign of good faith, BC started a support account on the forum, see: https://bitcointalksearch.org/topic/introducing-bcgame-support-team-building-trust-and-transparency-5475418

From what I can see, there is def a significant improvement on their side but I'm not expecting it to be perfect hence it wouldn't be weird if slow replies happened in a couple of cases. There's also the fact that each cases have different complexities -- my logic to this is that simple queries will be the fastest to get a response as oppose to complex ones.
hero member
Activity: 784
Merit: 672
Top Crypto Casino
January 07, 2024, 03:08:29 PM
It's always something good to find a bug a d report such as appropriately needed, if we are to consider the gambling sector for now, we are not having more of the people interested in this and it's all because they have experience low rate from how this is actually happening, you may hardly get to find one, gamblers will be so focused on having their fun in using the casino than looking for bugs around when majority are even after winning their bets, we can therefore see this that it's not common and that rampart as before that they were being discovered, however, we shouldn't still relent from finding more because they still exist.
Mostly players don't have much knowledge regarding those bugs and they aren't bug bounty experts either but sometimes a player with sharp mind can find some easy bugs that aren't related to code but can be accessed via the UI of a website. It requires specialized knowledge of hacking and programming to find the bugs in a casino or a game that a casino offers and I'm really sure that most of the players don't even care about such bugs because they mainly play to test their luck and if their luck is good then they can easily win against the casino's house edge.

Let's assume if a player is expert at finding bugs then surely that player will spend more time to find those bugs rather than playing the game. I have noticed that very few players are interested in finding bugs in casinos and I have never seen casino sites to offer good rewards to those players or those people who can find bugs. But, it's a sure thing that if someone tries to help a casino by finding some bugs of their platform then they will at least get some rewards for doing that.
hero member
Activity: 1260
Merit: 765
Top Crypto Casino
January 07, 2024, 02:58:07 PM
Just an update on the whole thing. Never requested or demanded a bounty but I did expect a reply which never happened.

Are you sure it's a case closed already? BC is def one of the reputable casinos but I remember one of their most received criticism was that they need to up their support game so perhaps their reply may just take time. I saw you posted about sending a PM to their bitcointalk account, what about writing on their main website?
Really,  is the support that inactive?

Because at some point there is a lot at stake if casino support becomes inactive or not responsive to tickets and issues that are as serious as this being left unattended is a significant bad role of the support.

And if this bug report by ops is actually true and the support behaviour as this is also true it then means that BC games will be under a lot of losses without the knowledge.
hero member
Activity: 2786
Merit: 902
yesssir! 🫡
January 07, 2024, 02:52:00 PM
Just an update on the whole thing. Never requested or demanded a bounty but I did expect a reply which never happened.

You sure it's a case closed already? BC is def one of the reputable casinos but I remember one of their most received criticism was that they need to up their support game so perhaps their reply may just take time. I saw you posted about sending a PM to their bitcointalk account, what about writing on their main website?
sr. member
Activity: 1414
Merit: 270
Undeads.com - P2E Runner Game
January 07, 2024, 10:36:31 AM
If you are some sort of a programmer or having that coding experience and bug expert for you to find out those exploits and holes then it would be that easy but there were people who do able to find out bugs naturally specially to those who are really that making some gambling on the site itself on which they would really be expecting for some bug bounty or rewards on which it would really be that depending on a certain site whether they would really be considering those finds or wouldnt really be giving at all. It would really just vary on a certain individual on which not all people would really expecting somehow into those finds not unless if its really that a crucial find or exploit or bug then they might be expecting something.
The OP has updated the information about the problem at hand. According to him, the online casino does not respond to his request, and he does not even ask for a reward. Anyone else in his place would simply continue to exploit the vulnerability in the operation of the casino: I mean, if this mistake directly affected the ability to withdraw funds that are not on the account, for example. Online casinos should conduct bug bounties on an ongoing basis and increase the level of communication with customers.
legendary
Activity: 2002
Merit: 2534
The Alliance Of Bitcointalk Translators - ENG>SPA
January 07, 2024, 06:04:08 AM
-snip-
I also wanted to share my opinion on your second question:
How does someone go about reporting a bug to a casino a still hold casino accountable to pay a bounty?
You can't hold them accountable especially if they don't have a bug bounty program. Even those who have it but don't want to pay you can claim it's a duplicate and reject your report.

That is the problem if the site doesn't have bug bounty program. You can't force them to pay or give you some reward for your work.
But if you want clear conscience, you can report it to them without waiting for any incentive.
After all, they are not forcing you to report. It is in your morality whether you report it or not.

Nowadays having a bug hunting program is highly recommended for all casinos online, because otherwise they are facing an unnecessary risk. I hope the OP is eventually rewarded because it is in the best interest of both parties. My two sats.
hero member
Activity: 2744
Merit: 588
January 07, 2024, 05:57:42 AM
I'm not going to comment on the bug itself  as no PoC has been provided (I don't think it's ethical to post it publicly without the casino's consent, anyways).
However, I wanted to salute you for your honesty and reporting the bug instead of exploiting it and milking the casino's wallets dry!
I also wanted to share my opinion on your second question:
How does someone go about reporting a bug to a casino a still hold casino accountable to pay a bounty?
You can't hold them accountable especially if they don't have a bug bounty program. Even those who have it but don't want to pay you can claim it's a duplicate and reject your report.

That is the problem if the site doesn't have bug bounty program. You can't force them to pay or give you some reward for your work.
But if you want clear conscience, you can report it to them without waiting for any incentive.
After all, they are not forcing you to report. It is in your morality whether you report it or exhaust this opportunity for your own gain.
Either way, it is all on you at the end of the day. The management will just according to what the owners wanted them to do.
hero member
Activity: 1260
Merit: 765
Top Crypto Casino
January 06, 2024, 05:53:34 PM
Wait a little bit OP, are you doing this just to get your reward or you're being passionate about seeing a bug being reported, another thing I would have suggested is for you to go through their own announcement thread to make such a report there or directly to their representative, this is one of the advantage of having their announcement thread here for a discussion on their service, let's see maybe you could get some attention either, but I will employ that you remain less desperate about receiving a reward on it.
From the look of things,  the ops are up to a system that is not clearly open to the general public,  because to some extent it looks like ops have nothing to show for it and since the casino team themselves have paid no attention to the claim,  that leads us to more curiosity as of what we can't expect from the ops claims,  and judging from ops recent communication also I have lost trust in him and at some point,  I feel he is just trying to create a fud around.

So that we can't take him seriously on his claims of possible bugs in the BC games system and if he has anything he can come up with evidence as proof of his claim and then the whole community will clap for him for his noble act.
legendary
Activity: 3122
Merit: 1102
Leading Crypto Sports Betting & Casino Platform
January 06, 2024, 05:44:39 PM
I'm not going to comment on the bug itself  as no PoC has been provided (I don't think it's ethical to post it publicly without the casino's consent, anyways).
However, I wanted to salute you for your honesty and reporting the bug instead of exploiting it and milking the casino's wallets dry!
I also wanted to share my opinion on your second question:
How does someone go about reporting a bug to a casino a still hold casino accountable to pay a bounty?
You can't hold them accountable especially if they don't have a bug bounty program. Even those who have it but don't want to pay you can claim it's a duplicate and reject your report.

that is true, check the section of the terms regarding bug-related protocols for the site. because if they have, they have certain requirements to comply with. because not all sites have their rules on this bounty. however, for ethical purposes, one can always contact their support and ask for assistance about such concern. it is your conscience that will direct you if you will tell them about your discovered bug or just siphon their vaults for your own pocket.

In summary to that, that thought only exist in your head, since the BC game team have seen that your reports for nnthe bug is not worthy of any attentions and how best you are truthful to yourself, and if their act as if nothing is wrong with the system and there is no bug which their have not stated any ways, but be sure that the only way we can believe you is when you share some screenshots since you said you have some of them at your disposal.
Any ways, I think the best way is to try more to get in the touch with the support and hear their own side of the story, but also note that when a player fine a bug in he system, it is noble enough for them to report the said bug the the team instead of exploting them

i believe it is his own disposal if he is true to intentions in helping the site about the bug or not. because let's say the site is not giving some incentives, are you going to submit your discovered bug or are you gonna exploit it? now, that is for you to contemplate about. because if you reach them and not reaching back, and you feel your time is being wasted, then, it is for you to decide what to do with the bug you discovered.
legendary
Activity: 2744
Merit: 3097
Top Crypto Casino
January 06, 2024, 03:40:23 PM
I'm not going to comment on the bug itself  as no PoC has been provided (I don't think it's ethical to post it publicly without the casino's consent, anyways).
However, I wanted to salute you for your honesty and reporting the bug instead of exploiting it and milking the casino's wallets dry!
I also wanted to share my opinion on your second question:
How does someone go about reporting a bug to a casino a still hold casino accountable to pay a bounty?
You can't hold them accountable especially if they don't have a bug bounty program. Even those who have it but don't want to pay you can claim it's a duplicate and reject your report.
hero member
Activity: 1106
Merit: 526
Leading Crypto Sports Betting & Casino Platform
January 06, 2024, 03:09:03 PM
UPDATE.

So to date no reply from any staff at BC Game on the reported bug and support has no information on my reporting it or the help on showing them the bug on their test server. So if a bounty isn't listed on the site I would recommend not reporting it if you would expect a  thank you. NOW FOR THE BUG:
I don't ever play crash because I always lose and imo it's a high roller game but for the hell of it played anyway. Some how and still don't know how I was able to get crash to attach to me device allowing me to crash the game whenever I hit the cashout button. This also allowed me to send the game to the moon believe it or not. (I have screen recording so please not interested in arguing). At 1st I thought it was a fluke and the game was crashing at the very same time I would hit the button and it wasn't a fluke. The errors would come across my screen script fail, etc, etc won't list them all. Had I been a hacker or less of a human being I would have exploited this for major profit but instead I immediately reported it. The next question I would have now is how provable fair are these games if I was able to control the outcome from my device? Thoughts?
In summary to that, that thought only exist in your head, since the BC game team have seen that your reports for nnthe bug is not worthy of any attentions and how best you are truthful to yourself, and if their act as if nothing is wrong with the system and there is no bug which their have not stated any ways, but be sure that the only way we can believe you is when you share some screenshots since you said you have some of them at your disposal.
Any ways, I think the best way is to try more to get in the touch with the support and hear their own side of the story, but also note that when a player fine a bug in he system, it is noble enough for them to report the said bug the the team instead of exploting them
hero member
Activity: 952
Merit: 555
20BET - Premium Casino & Sportsbook
January 06, 2024, 02:52:57 PM
#99
Wait a little bit OP, are you doing this just to get your reward or you're being passionate about seeing a bug being reported, another thing I would have suggested is for you to go through their own announcement thread to make such report there or directly to their representative, this is one of the advantage of having their announcement thread here for discussion on their service, let's see maybe you could get some attention either, but I will employ that you remain less desperate about receiving a reward on it.
Just an update on the whole thing. Never requested or demanded a bounty but I did expect a reply which never happened. So just updating my original post so nobody needs to guess anymore on it. But truly I do wonder the provable fair aspect of any of the crash games because of the script being controlled by a basic users device. Whats the odds of crash crashing three times in a row at 0.00? What are the odds of it crashing at the very same time a user hits "cashout" ten times in a row? How many times have you logged the game showing 0 of 2200 people when crash reaches 100? I'm not blasting BC Game at all even though I am disappointed that a simple thanks never happened after they fixed the problem.

Happy us all, the problem has been finally fixed, that's the most exciting news about the whole thing, am also happy that you're able to arrived at something to conclude on, it's something to also write about because you're been attended to and they made a response to you as requested, there's no how you can make use of a gambling platform and never have anything to experience about the, be it bad or good, everything is being sum up to how we feel the fun in gambling.
hero member
Activity: 2548
Merit: 769
January 06, 2024, 02:33:33 PM
#98
Only one thing i can say about this situation. Of course, they can fix the bug without any bounty rewards. Even if they have bounty program and you have no proves. But i don`t think, that $100-$500 is a big sum for the casino. It would be nice to pay for bug and make some post about it. So, the next time it would be better to fix everything with screenshots. I don`t think that it will help to get some bonus for bug, but it will show that there is no gratitude for help.
Really depends on a certain company whether they would really be giving out that kind of amount as shown for appreciation on finding a bug, i do agree on what others been saying that there's no such thing about perfect security or perfect coded website on which there would really be errors that could possibly exist but its true that before they would really be making that main launch then everything is already set and pretty sure that
they had already polished it out when it comes to those bugs and fixes. Now on what op had been able to find out then it is really that indeed neither a serious or a small issue on which they wont really be
tending to give out any rewards not unless if its a major one but its true that they can fix it out silently without telling or giving out some response on the said report.

On which they would really be just simply ignore or deny that it wasnt an issue. For those gamblers who do really be able to report those bugs and exploits and expecting something for some reward
then it would be better that you shouldn't because not everytime they would really be giving out that kind of reward or bounty on the thing that you have found out.
Luck you if they would be reconsidering those things you had reported but we know that not all would really be having that consideration and just simply ignore you.
I understand all that you say. And we can`t do anything with it. The only thing we can do(if we decide to show the bug) is to make several screenshots that can prove that this bug was fixed after our information. If we post it several times - nobody will tell the casino about bugs. Or we can use this bugs. Everybody can choose his own way but the only thing i`m sure in - the casino hurts himself with such ignoring bug hunters.
hero member
Activity: 2730
Merit: 632
January 06, 2024, 07:43:55 AM
#97
UPDATE.

So to date no reply from any staff at BC Game on the reported bug and support has no information on my reporting it or the help on showing them the bug on their test server. So if a bounty isn't listed on the site I would recommend not reporting it if you would expect a  thank you. NOW FOR THE BUG:
I don't ever play crash because I always lose and imo it's a high roller game but for the hell of it played anyway. Some how and still don't know how I was able to get crash to attach to me device allowing me to crash the game whenever I hit the cashout button. This also allowed me to send the game to the moon believe it or not. (I have screen recording so please not interested in arguing). At 1st I thought it was a fluke and the game was crashing at the very same time I would hit the button and it wasn't a fluke. The errors would come across my screen script fail, etc, etc won't list them all. Had I been a hacker or less of a human being I would have exploited this for major profit but instead I immediately reported it. The next question I would have now is how provable fair are these games if I was able to control the outcome from my device? Thoughts?
Only one thing i can say about this situation. Of course, they can fix the bug without any bounty rewards. Even if they have bounty program and you have no proves. But i don`t think, that $100-$500 is a big sum for the casino. It would be nice to pay for bug and make some post about it. So, the next time it would be better to fix everything with screenshots. I don`t think that it will help to get some bonus for bug, but it will show that there is no gratitude for help.
Really depends on a certain company whether they would really be giving out that kind of amount as shown for appreciation on finding a bug, i do agree on what others been saying that there's no such thing about perfect security or perfect coded website on which there would really be errors that could possibly exist but its true that before they would really be making that main launch then everything is already set and pretty sure that
they had already polished it out when it comes to those bugs and fixes. Now on what op had been able to find out then it is really that indeed neither a serious or a small issue on which they wont really be
tending to give out any rewards not unless if its a major one but its true that they can fix it out silently without telling or giving out some response on the said report.

On which they would really be just simply ignore or deny that it wasnt an issue. For those gamblers who do really be able to report those bugs and exploits and expecting something for some reward
then it would be better that you shouldn't because not everytime they would really be giving out that kind of reward or bounty on the thing that you have found out.
Luck you if they would be reconsidering those things you had reported but we know that not all would really be having that consideration and just simply ignore you.
Pages:
Jump to: