On September 16, 2023, the ZKasino team released a security update. The security update claimed a potential weak point was identified by a white-hat hacker named 'bart1e' in their smart contracts. In response to questions and concerns from the community, this article will analyze this issue and identify the root cause.
ZKasino, a decentralized betting platform, offered games such as CoinFip, Dice, and Plinko through smart contracts to the users.
For a betting game to be considered fair, its results must be entirely random. A third-party service (oracle) generates random numbers to ensure this randomness. The game then asks this third party for a specific random number. To decide the game's winner or result, the provider invokes the 'rawFulfillRandomWords' function using the given random number. This guarantees that every game is both random and fair.
The security flaw comes from a glitch in a third-party service that supplies random numbers. Suppose this service doesn't properly run a specific process (known as a callback function) to send random numbers to the game within a 200-block timeframe. In that case, players can exploit this situation by frontrunning the game results with a refund transaction. This manipulation enables them to secure refunds for games they would otherwise lose, ensuring they keep winning.
This vulnerability was explicitly mentioned in CertiK’s previous audit to ZKasino and under the section 'OPERATION DEPENDENCIES ON THIRD PARTY PLATFORMS.’ It is not a missing finding.
In ZKasino, once a player kicks off a game, it can wrap up in one of two ways:
Keep in mind that even after the 200-block time limit, where players can ask for a game refund, the smart contract might still end up getting that delayed random number through the 'rawFulfillRandomWords' function. Because of this lag, savvy players can keep an eye on the 'rawFulfillRandomWords' transactions sitting in the mempool to understand how the game might turn out. This gives them an edge, allowing them to snag refunds for games they'd probably lose and keep winning.
The 'rawFulfillRandomWords' transaction could face latency issues in multiple instances. ZKasino outlines one specific case where an attacker artificially spikes gas prices to impede the random number provider's operation. However, it's crucial to recognize that delays may also stem from other variables. These could include the provider conducting maintenance or system upgrades or the blockchain network experiencing heightened transactional volume.
Given the game's dependency on an external third party for random number generation, an attacker can exploit this vulnerability to manipulate the game's outcome. Here's the technical walkthrough:
On December 16th, 2022, CertiK initiated a comprehensive security assessment of ZKasino's underlying architecture, with the final report being concluded on January 19th, 2023.
The report's 'Review Note' segment outlines that ZKasino's gaming contracts are constructed to interface with multiple external third-party dependencies. The audit was conducted under the assumption that these third-party modules would perform as expected. Additionally, it was projected that the third-party random number generator would consistently issue unique request identifiers, deliver statistically reliable random values, and promptly execute the 'rawFulfillRandomWords' function for deterministic randomness within the gaming ecosystem.
To further emphasize the potential risks associated with these third-party systems, a dedicated finding – GLOBAL-05 OPERATION DEPENDENCIES ON THIRD PARTY PLATFORMS (see Vulnerability section) was added to alert both the ZKasino team and community about the potential impact of these third parties do not work as expected.
The finding is labeled as 'Informational' due to the inherent uncontrollability of risks originating from third-party dependencies. For example, a blockchain malfunction could render all chain assets inaccessible. Auditors focus their security assessment on the project, treating external dependencies as 'black boxes' assumed to operate as designed. However, CertiK has included this informational finding in the report to ensure heightened awareness among both ZKasino's team and its community.
Here are the comparisons of the potential exploit scenario and its consequence described between CertiK's finding and ZKasino's tweet:
In CertiK's security audit, several key areas were proactively identified that align precisely with the risks ZKasino later tweeted about.
As a remediation, the ZKasino team stated they would closely monitor these third-party dependencies and take necessary actions in response. Notably, they've decided to extend the refund period from 100 to 200 blocks and will keep track of the gas prices to prevent callback failures stemming from these third-party dependencies.
The security issue highlighted in ZKasino's announcement stems from irregular operations of a third-party dependency, a matter previously flagged in the audit report. Although CertiK assumes that this dependency functions correctly during the audit phase, CertiK prioritizes risk mitigation as an integral aspect of the project's security strategy. Even though these external components are like "black boxes" beyond the audit's scope, CertiK is taking steps to tackle issues arising from their improper functioning. CertiK also identifies potential attack scenarios that could exploit these weaknesses in the audit report. CertiK's commitment to robust security assessments and proactive risk management demonstrates its dedication to upholding the security of blockchain projects.