Finding a Bug - page 2. | Bitcointalksearch.org

mak013

hero member

Activity: 2548

Merit: 769

Quote from: Sling0 on January 05, 2024, 09:22:56 AM

UPDATE.

So to date no reply from any staff at BC Game on the reported bug and support has no information on my reporting it or the help on showing them the bug on their test server. So if a bounty isn't listed on the site I would recommend not reporting it if you would expect a thank you. NOW FOR THE BUG:
I don't ever play crash because I always lose and imo it's a high roller game but for the hell of it played anyway. Some how and still don't know how I was able to get crash to attach to me device allowing me to crash the game whenever I hit the cashout button. This also allowed me to send the game to the moon believe it or not. (I have screen recording so please not interested in arguing). At 1st I thought it was a fluke and the game was crashing at the very same time I would hit the button and it wasn't a fluke. The errors would come across my screen script fail, etc, etc won't list them all. Had I been a hacker or less of a human being I would have exploited this for major profit but instead I immediately reported it. The next question I would have now is how provable fair are these games if I was able to control the outcome from my device? Thoughts?

Only one thing i can say about this situation. Of course, they can fix the bug without any bounty rewards. Even if they have bounty program and you have no proves. But i don`t think, that $100-$500 is a big sum for the casino. It would be nice to pay for bug and make some post about it. So, the next time it would be better to fix everything with screenshots. I don`t think that it will help to get some bonus for bug, but it will show that there is no gratitude for help.

bitterguy28

full member

Activity: 2170

Merit: 182

“FRX: Ferocious Alpha”

Quote from: Sling0 on January 05, 2024, 10:19:19 AM

Quote from: Dunamisx on January 05, 2024, 09:48:33 AM

Wait a little bit OP, are you doing this just to get your reward or you're being passionate about seeing a bug being reported, another thing I would have suggested is for you to go through their own announcement thread to make such report there or directly to their representative, this is one of the advantage of having their announcement thread here for discussion on their service, let's see maybe you could get some attention either, but I will employ that you remain less desperate about receiving a reward on it.

Just an update on the whole thing. Never requested or demanded a bounty but I did expect a reply which never happened. So just updating my original post so nobody needs to guess anymore on it. But truly I do wonder the provable fair aspect of any of the crash games because of the script being controlled by a basic users device. Whats the odds of crash crashing three times in a row at 0.00? What are the odds of it crashing at the very same time a user hits "cashout" ten times in a row? How many times have you logged the game showing 0 of 2200 people when crash reaches 100? I'm not blasting BC Game at all even though I am disappointed that a simple thanks never happened after they fixed the problem.

It is normal that you feel that way because you have given them service thought hey did not asks , and that service will save their business for abusing in the future and for sure it will save them some good amount for fixing that bug so yeah you should at least be given even a simple dedications.

maybe the team is facing so much difficulties nowadays that is why they did not pay attention to your case here but maybe sooner it will be answered and at least be rewarded?

Reatim

sr. member

Activity: 2828

Merit: 357

Eloncoin.org - Mars, here we come!

Quote from: Sling0 on January 04, 2024, 09:49:15 AM

Quote from: Reatim on January 04, 2024, 03:39:40 AM

Quote from: paxmao on January 03, 2024, 07:30:58 PM

usually you may report a bug and hope to get some short of reward for your white hat action on the matter. However that is strictly voluntary for the site, so no guarantee. Another way to go about it is try to reach a deal with the site, still risky unless you get a third party escrow into the matter. Ideally casinos should have a permanent bug-hunting programme altogether, but... no easy way for this despite looking quite obvious they should.

That is exactly what have been said by many mate that he should not expect payment instead it will be awarded voluntarily and since OP have not been online for 2 days now does it means he already accepted His faith here and forget about reporting ? or he had already have a deal and now keep the silence as he already received the payment.
but better for him to return and share his thoughts and experience and then lock this thread to prevent from being spammed in long time as this will never end until he locked Him up.

I believe the bug is now fixed since I can no longer repeat the issue. I haven't heard anything back from the casino since first reporting it and re-creating on their test server. I did hope that they would throw something my way given the severity of said bug because it was SEVERE and probably did cause major loss for them imo. I'll give it a few days and make sure they have it corrected and at that time if no reply I'll open it up to the community for evaluation and discussion. The bug already has me questioning other things that don't make any sense.

Oh , sorry to hear that mate , I thought that you have posted this thread without action first about the bug or reporting it , I thought that you are first waiting for their reply if you need to continue the report or keep it yourself , anyway just have it thinking that you did a good deeds for others though it is a big gambling site that truly earns a lot and throwing a small gesture will not hurt them in anyway, but like what you said its all been said and done so its up to the team if by any chance they will get back to you and even just to say "THANK YOU" .
you are a good man in this situation mate and you have also did a good job so Heads Up , be that all your life and your kids will be proud of you.

Hirose UK

hero member

Activity: 1302

Merit: 503

Leading Crypto Sports Betting & Casino Platform

Quote from: Bushdark on January 05, 2024, 11:09:57 AM

Quote from: Sling0 on December 31, 2023, 12:55:34 PM

How does someone go about reporting a bug to a casino a still hold casino accountable to pay a bounty?

You should be ready to write to the team about something you have to tell them. First of all, you don't have to disclose the bug to the team immediately but just have to inform them that you have something that could lead to them losing big money as a result of the bug.
They will be the one to ask you if what the big could be explaining in details. They might want to add bounty for you if your claim is genuine and could pose a big threat to them.

Gambling sites are used by many gamblers and of course when problems such as bugs occur, not only one or two people know about them, so if you just want to get reward for reporting bug, it not an easy thing.
Unless we are the first users to know about the bug problem, maybe there will be little appreciation given by them, such as some bonuses that we can get, but I sure there will be other gamblers who know better from the start and report it to the team.

But some people take advantage of bugs to win more easily, it shame that this happens because when the team finds out about it, there will be difficulties that the gamblers have to face.

Being good gambler is wise attitude that we rarely find, the average gambler doesn't want to do something like that because they prefer to use it for personal gain.

rat03gopoh

hero member

Activity: 2212

Merit: 670

Signature designer - start @$10 - PM me!

Quote from: Sling0 on January 05, 2024, 09:22:56 AM

NOW FOR THE BUG:

Asked @icopress (as their current marketing manager) for help, I think he has connections to important BCgame people. But you hope it's a bug, why would you let someone else try to exploit it? It seems like the chances of you getting a bounty from this discovery are getting smaller.

Oilacris

hero member

Activity: 2996

Merit: 609

Quote from: fapar on January 05, 2024, 02:37:21 PM

Quote from: Odusko on January 04, 2024, 02:01:04 PM

Quote from: fapar on January 03, 2024, 02:30:03 PM

It should be beneficial for the casino to try to identify errors/problems in the operation of the website or casino software. Because the financial security and profit of the casino directly depend on this. Any sane casino will offer rewards for finding bugs for white-hat hackers and ordinary users, or even organize hackathons.

For sure before a casino is launched, there is what operators always do and that is make sure to test all the system of the casino systems to make sure they are bug-free because any casino that has a bug problem will likely not succeed in terms of revenue generations which is an integral part of the casino operation.
Some casinos even give incentives to expect bug hunters to run several private hunts on their systems before the site goes live, The majority of the casinos that crashed along the way are all doing so because of a lack of proper bug tests and exploitation of the system via the bug or other system failures.

In my opinion, it is impossible to identify 100% of mistakes/bugs in the operation of such a complex site as an online casino. On the testnet, of course, you can simulate certain situations that are close to real ones. But the tester primarily bases his work on previously gained experience (he knows what to look for first, what situations to simulate), but a large number of ordinary casino users can unintentionally create a situation that will lead to a new unidentified mistake. Therefore, bug-bounty campaigns are necessary and important after the launch of an online casino.

If you are some sort of a programmer or having that coding experience and bug expert for you to find out those exploits and holes then it would be that easy but there were people who do able to find out bugs naturally specially to those who are really that making some gambling on the site itself on which they would really be expecting for some bug bounty or rewards on which it would really be that depending on a certain site whether they would really be considering those finds or wouldnt really be giving at all. It would really just vary on a certain individual on which
not all people would really expecting somehow into those finds not unless if its really that a crucial find or exploit or bug then they might be expecting something.

fapar

sr. member

Activity: 1414

Merit: 270

Undeads.com - P2E Runner Game

Quote from: Odusko on January 04, 2024, 02:01:04 PM

Quote from: fapar on January 03, 2024, 02:30:03 PM

It should be beneficial for the casino to try to identify errors/problems in the operation of the website or casino software. Because the financial security and profit of the casino directly depend on this. Any sane casino will offer rewards for finding bugs for white-hat hackers and ordinary users, or even organize hackathons.

For sure before a casino is launched, there is what operators always do and that is make sure to test all the system of the casino systems to make sure they are bug-free because any casino that has a bug problem will likely not succeed in terms of revenue generations which is an integral part of the casino operation.
Some casinos even give incentives to expect bug hunters to run several private hunts on their systems before the site goes live, The majority of the casinos that crashed along the way are all doing so because of a lack of proper bug tests and exploitation of the system via the bug or other system failures.

In my opinion, it is impossible to identify 100% of mistakes/bugs in the operation of such a complex site as an online casino. On the testnet, of course, you can simulate certain situations that are close to real ones. But the tester primarily bases his work on previously gained experience (he knows what to look for first, what situations to simulate), but a large number of ordinary casino users can unintentionally create a situation that will lead to a new unidentified mistake. Therefore, bug-bounty campaigns are necessary and important after the launch of an online casino.

sunsilk

hero member

Activity: 3038

Merit: 634

Quote from: Sling0 on January 05, 2024, 09:22:56 AM

UPDATE.

So to date no reply from any staff at BC Game on the reported bug and support has no information on my reporting it or the help on showing them the bug on their test server. So if a bounty isn't listed on the site I would recommend not reporting it if you would expect a thank you. NOW FOR THE BUG:
I don't ever play crash because I always lose and imo it's a high roller game but for the hell of it played anyway. Some how and still don't know how I was able to get crash to attach to me device allowing me to crash the game whenever I hit the cashout button. This also allowed me to send the game to the moon believe it or not. (I have screen recording so please not interested in arguing). At 1st I thought it was a fluke and the game was crashing at the very same time I would hit the button and it wasn't a fluke. The errors would come across my screen script fail, etc, etc won't list them all. Had I been a hacker or less of a human being I would have exploited this for major profit but instead I immediately reported it. The next question I would have now is how provable fair are these games if I was able to control the outcome from my device? Thoughts?

That's actually sad if they don't ever give you a reply with what you've reported. Maybe they're still analyzing it and verifying your report but I understand you to have at least that reply to you on what's their take on this.

IMO, it's a serious bug that someone can exploit if ever it is for real. But then, I think that they'll be able to detect it as well if ever someone abuses it and can see that back logs from those accounts that will exploit.

Try posting it on their official thread, maybe you'll get some attention there and they'll be able to reply to you from there.

tbterryboy

sr. member

Activity: 2030

Merit: 323

Quote from: Odusko on January 04, 2024, 02:01:04 PM

Quote from: fapar on January 03, 2024, 02:30:03 PM

It should be beneficial for the casino to try to identify errors/problems in the operation of the website or casino software. Because the financial security and profit of the casino directly depend on this. Any sane casino will offer rewards for finding bugs for white-hat hackers and ordinary users, or even organize hackathons.

For sure before a casino is launched, there is what operators always do and that is make sure to test all the system of the casino systems to make sure they are bug-free because any casino that has a bug problem will likely not succeed in terms of revenue generations which is an integral part of the casino operation.
Some casinos even give incentives to expect bug hunters to run several private hunts on their systems before the site goes live, The majority of the casinos that crashed along the way are all doing so because of a lack of proper bug tests and exploitation of the system via the bug or other system failures.

Generally, it's not only before the launch, but some platforms would have a bug bounty for a pretty long time when they start their platform so that users that find the bugs report it to them to get the reward instead of trying to exploit the bugs and steal from the casino. I believe some people might try to do that instead of reporting the bugs because a lot of people think it's easy to use a bug or something in a platform and then steal from the system.

If a platform, whether it's a casino, a new cryptocurrency project, or anything in general, doesn't have a specific bug bounty, you will barely get anything from them if you report a bug because they will say that unfortunately they don't have a bug bounty right now and they might compensate you later for it but you won't get anything later.

Bushdark

sr. member

Activity: 1008

Merit: 262

Vave.com - Crypto Casino

Quote from: Sling0 on December 31, 2023, 12:55:34 PM

How does someone go about reporting a bug to a casino a still hold casino accountable to pay a bounty?

You should be ready to write to the team about something you have to tell them. First of all, you don't have to disclose the bug to the team immediately but just have to inform them that you have something that could lead to them losing big money as a result of the bug.
They will be the one to ask you if what the big could be explaining in details. They might want to add bounty for you if your claim is genuine and could pose a big threat to them.

sujonali1819

legendary

Activity: 2436

Merit: 1189

Need Campaign Manager?PM on telegram @sujonali1819

Quote from: Sling0 on January 05, 2024, 09:22:56 AM

Some how and still don't know how I was able to get crash to attach to me device allowing me to crash the game whenever I hit the cashout button. This also allowed me to send the game to the moon believe it or not.

This is insane and a very critical bug for sure. You deserve a reward from the platform end if it's legit. But yes if the casino does not have a bug bounty listed somewhere in the platform or an announcement from the official channel, you can not force them to pay. (I am not saying you are forcing)

But yeah since you came up with this topic here in the forum and you know it's Bcgame, It will be better if you keep discussing this on their ANN thread.

Sling0

newbie

Activity: 12

Merit: 0

Quote from: Dunamisx on January 05, 2024, 09:48:33 AM

Wait a little bit OP, are you doing this just to get your reward or you're being passionate about seeing a bug being reported, another thing I would have suggested is for you to go through their own announcement thread to make such report there or directly to their representative, this is one of the advantage of having their announcement thread here for discussion on their service, let's see maybe you could get some attention either, but I will employ that you remain less desperate about receiving a reward on it.

Just an update on the whole thing. Never requested or demanded a bounty but I did expect a reply which never happened. So just updating my original post so nobody needs to guess anymore on it. But truly I do wonder the provable fair aspect of any of the crash games because of the script being controlled by a basic users device. Whats the odds of crash crashing three times in a row at 0.00? What are the odds of it crashing at the very same time a user hits "cashout" ten times in a row? How many times have you logged the game showing 0 of 2200 people when crash reaches 100? I'm not blasting BC Game at all even though I am disappointed that a simple thanks never happened after they fixed the problem.

Odusko

hero member

Activity: 1008

Merit: 520

Leading Crypto Sports Betting & Casino Platform

Quote from: paxmao on January 03, 2024, 07:30:58 PM

usually you may report a bug and hope to get some short of reward for your white hat action on the matter. However that is strictly voluntary for the site, so no guarantee. Another way to go about it is try to reach a deal with the site, still risky unless you get a third party escrow into the matter. Ideally casinos should have a permanent bug-hunting programme altogether, but... no easy way for this despite looking quite obvious they should.

Subsequently, on that basis, it is good to note that bugs have varieties and what they hold on the site, if it has to do with a less technical aspect, the site may decide not to pay anything for them since it believes at that stage the it based on features that do not have direct implications and application on games that are listed on the casino.
Aside from that, other bugs have to do with the game system which if left intended could lead to a high degree of impact on the game realities and results, this level of bug is treated with high attention and casinos will easily pay bounty or compensation for those who will report them.

Dunamisx

hero member

Activity: 952

Merit: 555

Wait a little bit OP, are you doing this just to get your reward or you're being passionate about seeing a bug being reported, another thing I would have suggested is for you to go through their own announcement thread to make such report there or directly to their representative, this is one of the advantage of having their announcement thread here for discussion on their service, let's see maybe you could get some attention either, but I will employ that you remain less desperate about receiving a reward on it.

Sling0

newbie

Activity: 12

Merit: 0

UPDATE.

So to date no reply from any staff at BC Game on the reported bug and support has no information on my reporting it or the help on showing them the bug on their test server. So if a bounty isn't listed on the site I would recommend not reporting it if you would expect a thank you. NOW FOR THE BUG:
I don't ever play crash because I always lose and imo it's a high roller game but for the hell of it played anyway. Some how and still don't know how I was able to get crash to attach to me device allowing me to crash the game whenever I hit the cashout button. This also allowed me to send the game to the moon believe it or not. (I have screen recording so please not interested in arguing). At 1st I thought it was a fluke and the game was crashing at the very same time I would hit the button and it wasn't a fluke. The errors would come across my screen script fail, etc, etc won't list them all. Had I been a hacker or less of a human being I would have exploited this for major profit but instead I immediately reported it. The next question I would have now is how provable fair are these games if I was able to control the outcome from my device? Thoughts?

chaser15

legendary

Activity: 2688

Merit: 1065

Undeads.com - P2E Runner Game

Quote from: Sling0 on December 31, 2023, 12:55:34 PM

How does someone go about reporting a bug to a casino a still hold casino accountable to pay a bounty?

Usually, when someone finds a bug, the casino will give a token of gratitude regardless if the site offers a bounty for reporting a bug.

Also depends on what kind of bug you discover e.g. technical bug, glitch, unresponsive script, unpaid legit lines, etc.

To report it, obviously, you have to reach the site thru their available channels, not unless there's a specific instruction posted on the site about how to report bugs. Do you find a bug? If that can be a caused of chances of being abuse, I hope you reach the site immediately.

Quidat

hero member

Activity: 2688

Merit: 540

DGbet.fun - Crypto Sportsbook

Quote from: Odusko on January 04, 2024, 02:01:04 PM

Quote from: fapar on January 03, 2024, 02:30:03 PM

It should be beneficial for the casino to try to identify errors/problems in the operation of the website or casino software. Because the financial security and profit of the casino directly depend on this. Any sane casino will offer rewards for finding bugs for white-hat hackers and ordinary users, or even organize hackathons.

For sure before a casino is launched, there is what operators always do and that is make sure to test all the system of the casino systems to make sure they are bug-free because any casino that has a bug problem will likely not succeed in terms of revenue generations which is an integral part of the casino operation.
Some casinos even give incentives to expect bug hunters to run several private hunts on their systems before the site goes live, The majority of the casinos that crashed along the way are all doing so because of a lack of proper bug tests and exploitation of the system via the bug or other system failures.

Yes, most of the time on which these platforms are completely ready on the time that they do launch, only a few will really be having that kind of bounty program into those the public
if ever they would really be running one but its not really that something common on which they would really be making announcement if ever they would really be giving some rewards
but somehow people or users could really be able to experience some possible problems on which they might be able to encounter. So the best way to do is to report it to
support and tell them but never expect about bounty or reward not unless if it is really that a serious bug that had been found.

paxmao

legendary

Activity: 2366

Merit: 1624

Do not die for Putin

Quote from: BenCodie on January 03, 2024, 03:19:26 PM

If it is a user interface bug, expect no more than a pat in the back. If it is a non-exploitable/non-vital platform bug, don't expect a reward but it should be more likely to get one as it may help patch a hole in leaking/lost business as a result of the bug. If it is an exploitable bug, it should definitely be rewarded.

That's my 2 cents generally...however...

Quote from: Sling0 on December 31, 2023, 06:57:21 PM

Quote from: acroman08 on December 31, 2023, 05:02:38 PM

Quote from: Sling0 on December 31, 2023, 04:12:53 PM

In my opinion it's a substantial bug but again I'm not qualified or educated enough on it. But if I can exploit it then others would have fun. Very reputable casino with a large reach. I've contacted support and waiting. No bounty page on their site but for sure reputable so I hope they would compensate given the bug.

looking forward to what they have to say when you show them what bug you found, I am also curious about which casino you found this bug on and what issue/exploit the bug is causing(would you mind sharing what casino it is? you don't have to if you don't want to share the name of the casino).

BC Game. I messaged them on here yesterday but no response

...I wouldn't count it from this casino. They've been known to hold balanced and freeze funds for extended periods of time, until they suddenly had someone come and solve all problems months later. If you didn't message that account handling their "PR 2.0" (so to speak) then you can do so here:
https://bitcointalksearch.org/user/bcgame-support-3592321 - This profile is the support account. The OP of their thread is (apparently) for some other purpose.

Yes that seems like a very long shot to get anything from them since it seems they are not even treating some of their customers like they are supposed to. Try anyway to send a letter about the bug, but it may only be interesting to them if it is something that can actually be exploited and cause serious problems. Service problems or user experience bugs... do not bother.

Fivestar4everMVP

legendary

Activity: 2422

Merit: 1083

Leading Crypto Sports Betting & Casino Platform

Quote from: Dunamisx on January 04, 2024, 01:55:03 PM

Quote from: SamReomo on January 04, 2024, 01:43:41 PM

Quote from: Sling0 on January 02, 2024, 10:25:33 AM

Yes I have reported it to the casino....Snip....
Still waiting for them to update me and also receive a thank you$? 🙄

You have done a great job by reporting the bug to the support team of the casino. If they find the bug as harmful then surely they'll compensate you for it and even if they don't that's still okay because you have done a great job anyway. I would recommend you to wait for their response if they're a reputed casino then you'll surely get some reward for reporting of that bug. It's not always necessary for a casino to run a bug bounty program but if someone finds a bug and reports it to a casino then in most cases casino appreciate that favor and reward such person with some money.

It's always something good to find a bug a d report such as appropriately needed, if we are to consider the gambling sector for now, we are not having more of the people interested in this and it's all because they have experience low rate from how this is actually happening, you may hardly get to find one, gamblers will be so focused on having their fun in using the casino than looking for bugs around when majority are even after winning their bets, we can therefore see this that it's not common and that rampart as before that they were being discovered, however, we shouldn't still relent from finding more because they still exist.

Well, I think you are wrong, except I don't clearly understand what you mean, which I will apologize if that be case.

Gamblers aren't the ones who go bug hunting bud, developers are mostly the ones who do, what or how will a gambler without a developer experience possibly recognize a bug in a line of codes? Practically impossible.
So, while gamblers are busy hunting for the next big winnings, developers are busy hunting for their next pay through finding bugs on already developed products.

And you are right with what you said that bug still do exist, they do, but not like before. Understand that technology have greatly improved the way websites are built this days, alot of things are now automated and not analogly done any more, this has greatly reduced the chances of human errors in codes, which is the bug we are talking about.

Odusko

hero member

Activity: 1008

Merit: 520

Leading Crypto Sports Betting & Casino Platform

Quote from: fapar on January 03, 2024, 02:30:03 PM

It should be beneficial for the casino to try to identify errors/problems in the operation of the website or casino software. Because the financial security and profit of the casino directly depend on this. Any sane casino will offer rewards for finding bugs for white-hat hackers and ordinary users, or even organize hackathons.

For sure before a casino is launched, there is what operators always do and that is make sure to test all the system of the casino systems to make sure they are bug-free because any casino that has a bug problem will likely not succeed in terms of revenue generations which is an integral part of the casino operation.
Some casinos even give incentives to expect bug hunters to run several private hunts on their systems before the site goes live, The majority of the casinos that crashed along the way are all doing so because of a lack of proper bug tests and exploitation of the system via the bug or other system failures.

Topic: Finding a Bug - page 2. (Read 650 times)