Back to all stories
Reports
Incident Analysis
ZKasino Security Update Post Mortem
9/19/2023
ZKasino Security Update Post Mortem

On September 16, 2023, the ZKasino team released a security update. The security update claimed a potential weak point was identified by a white-hat hacker named 'bart1e' in their smart contracts. In response to questions and concerns from the community, this article will analyze this issue and identify the root cause.

Vulnerability

ZKasino, a decentralized betting platform, offered games such as CoinFip, Dice, and Plinko through smart contracts to the users.

For a betting game to be considered fair, its results must be entirely random. A third-party service (oracle) generates random numbers to ensure this randomness. The game then asks this third party for a specific random number. To decide the game's winner or result, the provider invokes the 'rawFulfillRandomWords' function using the given random number. This guarantees that every game is both random and fair.

The security flaw comes from a glitch in a third-party service that supplies random numbers. Suppose this service doesn't properly run a specific process (known as a callback function) to send random numbers to the game within a 200-block timeframe. In that case, players can exploit this situation by frontrunning the game results with a refund transaction. This manipulation enables them to secure refunds for games they would otherwise lose, ensuring they keep winning.

This vulnerability was explicitly mentioned in CertiK’s previous audit to ZKasino and under the section 'OPERATION DEPENDENCIES ON THIRD PARTY PLATFORMS.’ It is not a missing finding.

unnamed (45)

Root Cause Analysis

In ZKasino, once a player kicks off a game, it can wrap up in one of two ways:

  1. The third-party service sends over (known as a 'rawFulfillRandomWords' function) a random number, which the game uses to determine whether the player wins or loses. The player would either win extra payouts or lose their wager.
  2. If that random number doesn't show up within a certain time, the player can return their money for that game.

Keep in mind that even after the 200-block time limit, where players can ask for a game refund, the smart contract might still end up getting that delayed random number through the 'rawFulfillRandomWords' function. Because of this lag, savvy players can keep an eye on the 'rawFulfillRandomWords' transactions sitting in the mempool to understand how the game might turn out. This gives them an edge, allowing them to snag refunds for games they'd probably lose and keep winning.

The 'rawFulfillRandomWords' transaction could face latency issues in multiple instances. ZKasino outlines one specific case where an attacker artificially spikes gas prices to impede the random number provider's operation. However, it's crucial to recognize that delays may also stem from other variables. These could include the provider conducting maintenance or system upgrades or the blockchain network experiencing heightened transactional volume.

Potential Attack Scenario

Given the game's dependency on an external third party for random number generation, an attacker can exploit this vulnerability to manipulate the game's outcome. Here's the technical walkthrough:

  1. The attacker enters the game, strategically placing multiple bets to cast a wider net.
  2. The attacker artificially increased the gas prices over 200 consecutive blocks. This tactic effectively disrupts the callback functions from the third-party random number provider.
  3. After successfully implementing the above disruptions, the attacker observes the mempool, where pending transactions are held. This allows them to pinpoint which bets are likely to lose and then front-run these transactions by invoking the refund function, securing a refund on wagers that would otherwise be lost.
  4. Once the 'rawFulfillRandomWords' transaction is eventually processed, it only validates wagers programmed to win. This effectively tilts the game in the attacker's favor, completing the exploit.

unnamed (46)

Security Audit

On December 16th, 2022, CertiK initiated a comprehensive security assessment of ZKasino's underlying architecture, with the final report being concluded on January 19th, 2023.

The report's 'Review Note' segment outlines that ZKasino's gaming contracts are constructed to interface with multiple external third-party dependencies. The audit was conducted under the assumption that these third-party modules would perform as expected. Additionally, it was projected that the third-party random number generator would consistently issue unique request identifiers, deliver statistically reliable random values, and promptly execute the 'rawFulfillRandomWords' function for deterministic randomness within the gaming ecosystem.

unnamed (47)

To further emphasize the potential risks associated with these third-party systems, a dedicated finding – GLOBAL-05 OPERATION DEPENDENCIES ON THIRD PARTY PLATFORMS (see Vulnerability section) was added to alert both the ZKasino team and community about the potential impact of these third parties do not work as expected.

The finding is labeled as 'Informational' due to the inherent uncontrollability of risks originating from third-party dependencies. For example, a blockchain malfunction could render all chain assets inaccessible. Auditors focus their security assessment on the project, treating external dependencies as 'black boxes' assumed to operate as designed. However, CertiK has included this informational finding in the report to ensure heightened awareness among both ZKasino's team and its community.

Here are the comparisons of the potential exploit scenario and its consequence described between CertiK's finding and ZKasino's tweet:

Screenshot 2023-09-19 at 1.57.44 PM

In CertiK's security audit, several key areas were proactively identified that align precisely with the risks ZKasino later tweeted about.

  1. CertiK's report flagged the potential for "high blockchain traffic" affecting third-party callbacks, mirroring the ZKasino scenario where an attacker inflated gas prices for 200 blocks.
  2. CertiK forecasted that during such disruptions, bad actors could scan the transaction pool (mempool) to identify losing bets, precisely as described by ZKasino.
  3. CertiK also specified that these attackers could then front-run refund transactions to avoid losing games, which is identical to the consequence in the ZKasino announcement.

As a remediation, the ZKasino team stated they would closely monitor these third-party dependencies and take necessary actions in response. Notably, they've decided to extend the refund period from 100 to 200 blocks and will keep track of the gas prices to prevent callback failures stemming from these third-party dependencies.

Conclusion

The security issue highlighted in ZKasino's announcement stems from irregular operations of a third-party dependency, a matter previously flagged in the audit report. Although CertiK assumes that this dependency functions correctly during the audit phase, CertiK prioritizes risk mitigation as an integral aspect of the project's security strategy. Even though these external components are like "black boxes" beyond the audit's scope, CertiK is taking steps to tackle issues arising from their improper functioning. CertiK also identifies potential attack scenarios that could exploit these weaknesses in the audit report. CertiK's commitment to robust security assessments and proactive risk management demonstrates its dedication to upholding the security of blockchain projects.

Sources

CertiK's Security Assessment on ZKasino

ZKasino's Announcement