Hi Stars !!
There are lots of security Vulnerability in your site a Rouge Coder can ******** Your site as they did with Luckybit earlier (No hard feeling).Just Found Two Run Time Errors taht can be fatal from Point of view of your business.
#Bug 0:(noobs Bug)
Bet can be placed even the bet amount is zero
#Bug 1:
I would like you to take you back to few months back may be much more , i guess all guys reading this may remember that once the blockchain.info "
latest Transaction" were filled with transactions of Luckybit Blue or red or green...
They were all because before luckybit coders used Instance variable rather than class variables to make a Bet and stored them in Tables(DB) as a instance variables , Instance variables are easy to inject and can be spoof the database for ,say 1-2 seconds to even 3-4 hours until the database refresh(If another guy make a bet after me in "t" time then the database will refresh in "t" time) , assume if it is night and no one is playing on your site means the database is not refreshing and someone rouge comes to your site and played that trick then he has a lot of time to withdraw as no one is playing n your site and the withdraw(if auto) then you can loose a big amount , i remember that some one withdrew 65 btc from Luckybit with this method and im sure he might be reading this.
How i found this in your site with that method: #Bug 2:
I had initially 0.000005 Btc from Faucet , I played Two bets but Your database is showing Just 1 bet placed and it is showing my balance 0.000003 , How it can be Posiible , if i played only one bet that was default worth 0.000001
BTC , then my balance must be 0.000004 btc not 0.000003 btc , i Guess this error is due to
1. I went to your site and got registered.
2.I went to faucet and claimed 0.000005 btc
3.I payed two times but your database is showing only one time , in which runtime error occured and it deduced the balance but didn't put the bet in bet history table and deduced the 0.000001 btc x2 , The current bet section showed i won but the roll under/above showed that i lost , How two things are possible but as soon as the other guys placed the bet the database was refreshed and i was again showed lost.
direct image link:
http://postimg.org/image/vpcxpfqnb/See bet 12206 roll was under but it stated i won , after some time it was corrected as others put their betting after me.
My balance shows 0.000003 btc but i played only one bet according to your bet history table(of 0.000001), then where is the another 0.000001 btc ,this is because of enableviewstate i already mentioned it in above.
I guess if user
Ecuamobi can Put some light here then it will be much appreciated, as he same from the coding background.
I guess i have said and given two bug reports:
Let me know if You are on your words.
