Ethereum developers find 'critical vulnerabilities' in 'Ponzi scheme' FairWin

Developers have found a critical vulnerability in FairWin, a gambling game built on Ethereum.

According to Philippe Castonguay, an R&D researcher at Horizon Games, a blockchain-based game studio, FairWin "contains critical vulnerabilities that put all funds at risk" adding that "details on the exploits will be published soon."

Castonguay also calls FairWin a "Ponzi scheme" due to the game's structure of offering abnormal dividends to users who deposit ETH on its platform. While FairWin has been accused of running a Ponzi scheme, its structure more closely mimics a pyramid scheme, using network effects to benefit earlier participants.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

According to ETH Gas Station, FairWin makes up over 60% of gas usage on Ethereum. The game's smart contract holds over $8 million worth of ether at the time of this writing. 

A notice on FairWin's website claims that the risk of stolen funds does not exist and that FairWin's "smart contract code has been securely authenticated." The notice also calls claims that FairWin is a Ponzi scheme "misleading."

Castonguay told The Block there was no evidence the vulnerability had actually been exploited, but pointed to three main vulnerabilities they discovered, "one allowing the owner/admin of the contracts to totally drain [the smart contract containing $8 million in ether], one where the admin can prevent users from withdrawing forever and one where anyone, not just the owner, can steal new deposits," he said, noting, "there may be more."

About Author

Steven Zheng is a researcher for The Block. He joined The Block in August 2018. Steven graduated from St. John’s University with a degree in economics. Previously, he covered blockchain and crypto at Radicle, a startup analytics firm. He also had brief stints at Cheddar, a media startup, and Bowery Capital, a venture capital firm. He owns bitcoin. Follow Steven on Twitter at: @Dogetoshi

M