Developers have found a critical vulnerability in FairWin, a gambling game built on Ethereum.
According to Philippe Castonguay, an R&D researcher at Horizon Games, a blockchain-based game studio, FairWin "contains critical vulnerabilities that put all funds at risk" adding that "details on the exploits will be published soon."
Castonguay also calls FairWin a "Ponzi scheme" due to the game's structure of offering abnormal dividends to users who deposit ETH on its platform. While FairWin has been accused of running a Ponzi scheme, its structure more closely mimics a pyramid scheme, using network effects to benefit earlier participants.
According to ETH Gas Station, FairWin makes up over 60% of gas usage on Ethereum. The game's smart contract holds over $8 million worth of ether at the time of this writing.
A notice on FairWin's website claims that the risk of stolen funds does not exist and that FairWin's "smart contract code has been securely authenticated." The notice also calls claims that FairWin is a Ponzi scheme "misleading."
Castonguay told The Block there was no evidence the vulnerability had actually been exploited, but pointed to three main vulnerabilities they discovered, "one allowing the owner/admin of the contracts to totally drain [the smart contract containing $8 million in ether], one where the admin can prevent users from withdrawing forever and one where anyone, not just the owner, can steal new deposits," he said, noting, "there may be more."