Topic: How best to report vulnerabilities? - page 2. (Read 659 times)
If ops have tried to reach out to tge casino involved via their support and there is no positive response, i think ops should contack tgem again, may be busy or there have not find their way around the situation so their team are just using the delayed tactic for the players so that he will not expose the venerabilities.
It's better if you make a comment to their thread here in the community and wait for their response if that bug doesn't have affection with the transaction and abuses the current system of their current platform I guess they will just ignore those but if you see that as critical might damage and make them lose a lot of money I guess that's the time they make an action. Better to contact their email or just the moderator in the chat if they have.
Nope. You will just make the casino exposed to multiple abuse once the bug is critical to their security. Reporting a bug should be in private through customer support or the official email to make it discreet to other players. I believe the OP main goal for creating this thread is to get paid for reporting the bug that finds out. The only problem was casino representative ignore his findings which is why he is asking advised here. The only problem was Owl.games is already out in the forum and focus only with their social media and customer support on handling things like this.
Nevertheless, People should not expect reward on finding bug. It’s up to the casino if they will reward you or not if they don’t have bug bounty program.
I see a failure there, because we have witnessed that when there is a failure in a casino, those who discover it do not report it, but instead explode and often cause that casino to suffer losses and even go bankrupt, especially casinos that are started, if only there was a part where the casinos tell them that if they find a bug, they could reward it according to the degree of complexity, as they have established here in the forum, that if they find a bug they pay in gold terms, and that is something that motivates a lot, if there is no monetary motivation, it is very difficult for them to achieve things.
copper member
Activity: 2800
Merit: 1179
Leading Crypto Sports Betting & Casino Platform
It's better if you make a comment to their thread here in the community and wait for their response if that bug doesn't have affection with the transaction and abuses the current system of their current platform I guess they will just ignore those but if you see that as critical might damage and make them lose a lot of money I guess that's the time they make an action. Better to contact their email or just the moderator in the chat if they have.
Nope. You will just make the casino exposed to multiple abuse once the bug is critical to their security. Reporting a bug should be in private through customer support or the official email to make it discreet to other players. I believe the OP main goal for creating this thread is to get paid for reporting the bug that finds out. The only problem was casino representative ignore his findings which is why he is asking advised here. The only problem was Owl.games is already out in the forum and focus only with their social media and customer support on handling things like this.
Nevertheless, People should not expect reward on finding bug. It’s up to the casino if they will reward you or not if they don’t have bug bounty program.
It's better if you make a comment to their thread here in the community and wait for their response if that bug doesn't have affection with the transaction and abuses the current system of their current platform I guess they will just ignore those but if you see that as critical might damage and make them lose a lot of money I guess that's the time they make an action. Better to contact their email or just the moderator in the chat if they have.
The best way is to engage their discussion thread here on the gambling section or contact their representative, also if the case involved is beyond an ordinary report then one can open a reputation thread against them and present your take, we cannot expect all the casinos or gambling organizations to function the same way we have with others and as for those not on the forum here, it may be difficult to get across to them since they know that they already had a vulnerability, they wouldn't respond to your complaints and this is part of the risk associated to using casinos we aren't sure about their reputation.
Wait what are you suggesting here? OP is just disappointed to what is the response of the team towards His report on Bug in their site(maybe disappointed as he did not received a single penny for his report) but this does not even connected to bad reputation..hope that you read the whole post and understand before replying.
I think ops is not making a personal claim of harm from the casino and all he want to do is to report system vulnerability to the team, so creating thread has noting to do with this and I think ops did right to open this thread so that he can take suggestions and advise from other members here who may have experienced similar system loophole before.
The best option os that ops should continue to make a support tickets, and reporting the situation.
but it looks like continuing to create support tickets to the dev team will only make it more complicated. because at first the OP was ignored by the team and if you keep making support tickets, it's like the team requires you to accept the report and the team can judge that OP only wants to make a profit, that's not good for me.The best option os that ops should continue to make a support tickets, and reporting the situation.
and it would be better to still provide personal contact information that can be contacted so that one time the team has the wrong idea they can contact the OP to continue the bug report.
So I discovered a bug affecting a mode of play at OwlGames casinos that results in certain games rewarding more money than they should. I tried to report it to OwlGames but was told that they have no bug bounty program and to "enjoy the bug" (not kidding). (of course their docs say that any "exploit" can result in not being paid out, but it's not an exploit if it's simply how things run under the given conditions - not that that would stop them from screwing someone over I'm sure)
That is not a good attitude addressing the person concern about their business and operation , but if you are hurt because of not getting any bounty then that is their way so sorry for not having yet they are not giving any amount.Quote
Their poor attitude certainly doesn't do much to make me want to help them out anymore although that was my intent.
But maybe they have just react that way but deep inside they are finding that bug for their own safeties it is just they don't want to give you hints how helpful that reporting you did for them. 
Well this thread is very good, but before continuing to see suggestions, what casinos offer rewards or incentives to report these bugs? I don't know of any casino that says that any bug they suggest will be rewarded, because most players or those people who are in casinos and get vulnerabilities don't report them but exploit them, because that way they get a lot of money, and that's what they do.
Fortunejack was one of casino which run bug bounty program in the past Bug Bounty on FortuneJack | Get Rewarded for Finding Bugs, but since owlgames doesn't run bug bounty program and they're not appreciating the @OP for finding the bugs, owlgames can't be blamed in this situation since it's in grey area. Yeah maybe those users are exploit the bugs in order to get easy money, moreover if they're have a good understanding about privacy, they can escape from chainalysis. I just hope the @OP didn't mad and exploit the bugs, although he can do that.
but compensating the reporter would not hurt them so why need to be that acting? maybe this will let others who found bug on their site to deny letting them know and maybe will be used to attack them though i don't pay consent in this act.
Well this thread is very good, but before continuing to see suggestions, what casinos offer rewards or incentives to report these bugs? I don't know of any casino that says that any bug they suggest will be rewarded, because most players or those people who are in casinos and get vulnerabilities don't report them but exploit them, because that way they get a lot of money, and that's what they do.
Fortunejack was one of casino which run bug bounty program in the past Bug Bounty on FortuneJack | Get Rewarded for Finding Bugs, but since owlgames doesn't run bug bounty program and they're not appreciating the @OP for finding the bugs, owlgames can't be blamed in this situation since it's in grey area. Yeah maybe those users are exploit the bugs in order to get easy money, moreover if they're have a good understanding about privacy, they can escape from chainalysis. I just hope the @OP didn't mad and exploit the bugs, although he can do that.
The best way is to engage their discussion thread here on the gambling section or contact their representative, also if the case involved is beyond an ordinary report then one can open a reputation thread against them and present your take, we cannot expect all the casinos or gambling organizations to function the same way we have with others and as for those not on the forum here, it may be difficult to get across to them since they know that they already had a vulnerability, they wouldn't respond to your complaints and this is part of the risk associated to using casinos we aren't sure about their reputation.
I think ops is not making a personal claim of harm from the casino and all he want to do is to report system vulnerability to the team, so creating thread has noting to do with this and I think ops did right to open this thread so that he can take suggestions and advise from other members here who may have experienced similar system loophole before.The best option os that ops should continue to make a support tickets, and reporting the situation.
So I discovered a bug affecting a mode of play at OwlGames casinos that results in certain games rewarding more money than they should. I tried to report it to OwlGames but was told that they have no bug bounty program and to "enjoy the bug" (not kidding). (of course their docs say that any "exploit" can result in not being paid out, but it's not an exploit if it's simply how things run under the given conditions - not that that would stop them from screwing someone over I'm sure)
Their poor attitude certainly doesn't do much to make me want to help them out anymore although that was my intent.
But since it is only certain games, from 1 provider, should I try to contact that provider instead? It's possible I imagine that it's not just OwlGames that might possibly lose money to the issue, though I really don't know.
I guess since these are casinos, losing a couple hundred to a few players every few days that would otherwise not have won anything maybe is just a drop in the bucket. But I found it so strange that they immediately just alerted me that they have no bounty program. Aren't casinos supposed to be pretty protective of their money even if they have a ton of it?
Anyone else have any experiences of trying to report issues like this? I want to be rewarded for my time verifying the issue without taking advantage of it and alerting someone about it, too, so I'm also just worried about giving the info out and having them come up with some excuse like "oh it just needed a restart it's fine now, that's not a bug."
I doubt any legit casino would say something like "enjoy the bug" or have no bug bounty program. Or maybe it's a whole different story. They are aware of the bug, but they don't do anything about it. Only when someone exploits the bug, they confiscate their funds saying that they abused a bug in their casino. As long as someone is losing, they wouldn't care. If someone is winning, they can put an excuse saying that the bets are invalid due to slot malfunction (all slots literally have this rules were your bets are invalid if the slot has issues) and deny them their winnings.Their poor attitude certainly doesn't do much to make me want to help them out anymore although that was my intent.
But since it is only certain games, from 1 provider, should I try to contact that provider instead? It's possible I imagine that it's not just OwlGames that might possibly lose money to the issue, though I really don't know.
I guess since these are casinos, losing a couple hundred to a few players every few days that would otherwise not have won anything maybe is just a drop in the bucket. But I found it so strange that they immediately just alerted me that they have no bounty program. Aren't casinos supposed to be pretty protective of their money even if they have a ton of it?
Anyone else have any experiences of trying to report issues like this? I want to be rewarded for my time verifying the issue without taking advantage of it and alerting someone about it, too, so I'm also just worried about giving the info out and having them come up with some excuse like "oh it just needed a restart it's fine now, that's not a bug."
Since support wasn't helpful, try contacting them here if they have an ANN thread. If nothing, I would advise you not to exploit the bug since they will end up confiscating your funds.
The best way is to engage their discussion thread here on the gambling section or contact their representative, also if the case involved is beyond an ordinary report then one can open a reputation thread against them and present your take, we cannot expect all the casinos or gambling organizations to function the same way we have with others and as for those not on the forum here, it may be difficult to get across to them since they know that they already had a vulnerability, they wouldn't respond to your complaints and this is part of the risk associated to using casinos we aren't sure about their reputation.
As @uneng have mentioned in this topic, the thread was already locked by project manager which seems to me that they don't have actions yet or are just disregarding their players' concern. In this case, moving to another gambling platform would be a better idea than to wait for them to solve the issues; that is their responsibility in the first place and that is not something a player should still ask for them. Bugs and other 'glitches' are somewhat normal for new projects especially we are talking about online platform wherein servers are huge. But their action would speak louder than their words for sure.if the site rep/admin or any other staff from the casino ignores the situation, better move on as they are not interested to address the given problem. or better yet, they don't want to give reward to the person who found the bug, and they will just address it silently. but if the bug is still there, better play on another site which you think is taking care of its customers.
The best way is to engage their discussion thread here on the gambling section or contact their representative, also if the case involved is beyond an ordinary report then one can open a reputation thread against them and present your take, we cannot expect all the casinos or gambling organizations to function the same way we have with others and as for those not on the forum here, it may be difficult to get across to them since they know that they already had a vulnerability, they wouldn't respond to your complaints and this is part of the risk associated to using casinos we aren't sure about their reputation.
As @uneng have mentioned in this topic, the thread was already locked by project manager which seems to me that they don't have actions yet or are just disregarding their players' concern. In this case, moving to another gambling platform would be a better idea than to wait for them to solve the issues; that is their responsibility in the first place and that is not something a player should still ask for them. Bugs and other 'glitches' are somewhat normal for new projects especially we are talking about online platform wherein servers are huge. But their action would speak louder than their words for sure.
The best way is to engage their discussion thread here on the gambling section or contact their representative, also if the case involved is beyond an ordinary report then one can open a reputation thread against them and present your take, we cannot expect all the casinos or gambling organizations to function the same way we have with others and as for those not on the forum here, it may be difficult to get across to them since they know that they already had a vulnerability, they wouldn't respond to your complaints and this is part of the risk associated to using casinos we aren't sure about their reputation.
Well this thread is very good, but before continuing to see suggestions, what casinos offer rewards or incentives to report these bugs? I don't know of any casino that says that any bug they suggest will be rewarded, because most players or those people who are in casinos and get vulnerabilities don't report them but exploit them, because that way they get a lot of money, and that's what they do. You have to change the casinos, so they protect themselves twice so that they are reported and so that they no longer have this type of problem, in everything that is online there will always be vulnerabilities, but if they do not offer good rewards it will not be attractive to some.
I think you should change the title of the thread that will call out Owlgame, so they come here and explain their side of the story, we don't know the real story until we hear their version but what you've posted is not good for the reputation of a casino, they just ended their signature campaign and they have one complaint that is still unresolved.
It's irresponsible especially for a casino not to fix the bug or even not acknowledge it because it will end up a more serious issue, no gamblers will want to play in a casino with bugs, as the true result will not reflect on their game.
It's irresponsible especially for a casino not to fix the bug or even not acknowledge it because it will end up a more serious issue, no gamblers will want to play in a casino with bugs, as the true result will not reflect on their game.
Amazingly, your account was made for your post. So if interested, stick around the forum and learn more about different stuff, not just gambling but crypto in general.
Anyway, you have already done your part in reporting and contacting them. If they still didn't make a move on it, it's their loss. Good job on finding it! Can you share how you found out about it?
Anyway, you have already done your part in reporting and contacting them. If they still didn't make a move on it, it's their loss. Good job on finding it! Can you share how you found out about it?
This is really strange and you should possibly recheck it again if you haven't done so because since you've already informed them, I'm sure they might have gone to check it out without wanting it seem like a big from them or wanting you seek for a compensation from them but in the other hand their response was really strange to me and I must confess that if I was to be in your shoes, I would take a greater advantage of what was presented to me without hesitation but I'm sure that if they were in the position to take such advantage of me, they would do so even without having to inform me on ay issue or so.
But at same time I think th casino doesn't haven anything or much to loss since the casino might be provably fair but what this bug might so is just give you some winning advantage over other players.
But at same time I think th casino doesn't haven anything or much to loss since the casino might be provably fair but what this bug might so is just give you some winning advantage over other players.
It's the first time 
I've heard a casino say "take advantage of the bug".
maybe it's a "small" bug that can't have a big impact on their economy?
at this point it is certainly correct to talk to the provider of that specific game just to have a "clear conscience" and act honestly.
unfortunately there aren't many solutions in this case if they don't want to award the players and exploiting the bug I don't think is the correct solution (also because they may simply not pay you...)
I've heard a casino say "take advantage of the bug". maybe it's a "small" bug that can't have a big impact on their economy?
at this point it is certainly correct to talk to the provider of that specific game just to have a "clear conscience" and act honestly.
unfortunately there aren't many solutions in this case if they don't want to award the players and exploiting the bug I don't think is the correct solution (also because they may simply not pay you...)
Well, not all "bugs" lead to losses for the casino or the provider... some losses will give an unfair advantage for players who knows how to "game" the system ....and this gives them a higher chance to win over other players. I explained in a previous post how players of Mount Magma figured out how to win the daily jackpot.... so the casino did not lose anything, because the daily jackpot payout in any way.
The thing is...... if you say your games are provably fair, then you have to make sure that everyone gambling at the casino... have the same chance to win on all the games.
Anyone else have any experiences of trying to report issues like this? I want to be rewarded for my time verifying the issue without taking advantage of it and alerting someone about it, too, so I'm also just worried about giving the info out and having them come up with some excuse like "oh it just needed a restart it's fine now, that's not a bug."
Don't expect about them giving bounty to you for discovering a bug if they give then much better if not still fine but at least you help them figure out about the issue and as well you help other gamblers to make their playing experience became more convenient to them.
But if you think the bug is severe and it takes a lot of time for you to discover this then try to contact them and ask about possible reward maybe they can think about it.
Jump to: