If you agree with my report I would ask that you leave negative feedback to the user: Johny1976
https://bitcointalksearch.org/user/johny1976-143958 until he sends me the funds. I would very much appreciate it.
What happened: Johny1976 is known for his dice script coindice located here:
https://bitcointalksearch.org/topic/coindice-start-your-own-dice-site-today-507515. He had previously stated to all clients that he was willing to pay up to 1 BTC per client for any losses that his customers suffered as a result of his code having vulnerabilities.
I discovered one major one called 'multi-threading', it's where a person is able to fire multiple page requests quickly at a specific url. The server processes these requests at the same time (hence the multi aspect) and since they are being processed at the same time, they take the same seed value, the same account balance etc (the problem).
Johny implemented time restrictions within the javascript which is user side but he didn't in the php which is server side. This allows users to go to the direct url e.g.
https://url.com/content/ajax/place.php?w=0&m=2&hl=1&_unique=12345 and effectively 'spam' it. Likewise with withdrawals. This allowed users to have multiple withdrawals without the funds.
There were also a few minor bugs like users being able to go into negative balance.
So I contacted johny via PM and he agreed to pay me (see figure 1 in logs). You can also see the attached in-formal skype conservation, after which he didn't respond to me (see figure 2 in logs) on April 19th.
I then posted on his thread as he wasn't responding after a few days. He deleted my comments and requested I PM him, despite me doing so on the 17th May, 14 days ago. You can see the entire bitcointalk conversation in figure 3 in logs below.
After this period of waiting I decided to lower the amount I wanted in the hope I would get a quick payment.
Anyway it is now the 16th June, almost 2 months since I first reported this major bug and I would like to be paid. He hasn't responded to my PM's for over a week now despite being active.
Scammers Profile Link: https://bitcointalksearch.org/user/johny1976-143958 Reference Link: https://bitcointalksearch.org/topic/coindice-start-your-own-dice-site-today-507515Amount Scammed: 0.6
BTC lowered by me from 1
BTC Payment Method: BTCProof of Payment: N/A
PM/Chat Logs: Figure 1 (alerting of bug):
Figure 2 (me reporting):
Figure 3 (him avoiding payment):
Additional Notes: N/A