khaled0111
Legendary
 Offline
Activity: 2520
Merit: 2873
Top Crypto Casino
|
 |
January 06, 2024, 08:40:23 PM |
|
I'm not going to comment on the bug itself as no PoC has been provided (I don't think it's ethical to post it publicly without the casino's consent, anyways). However, I wanted to salute you for your honesty and reporting the bug instead of exploiting it and milking the casino's wallets dry! I also wanted to share my opinion on your second question: How does someone go about reporting a bug to a casino a still hold casino accountable to pay a bounty?
You can't hold them accountable especially if they don't have a bug bounty program. Even those who have it but don't want to pay you can claim it's a duplicate and reject your report. |
|
|
|
|
|
|
|
|
|
|
In order to get the maximum amount of activity points possible, you just need to post once per day on average. Skipping days is OK as long as you maintain the average.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
AmoreJaz
Legendary
Offline
Activity: 3094
Merit: 1102
Leading Crypto Sports Betting & Casino Platform
|
|
January 06, 2024, 10:44:39 PM |
|
I'm not going to comment on the bug itself as no PoC has been provided (I don't think it's ethical to post it publicly without the casino's consent, anyways). However, I wanted to salute you for your honesty and reporting the bug instead of exploiting it and milking the casino's wallets dry! I also wanted to share my opinion on your second question: How does someone go about reporting a bug to a casino a still hold casino accountable to pay a bounty?
You can't hold them accountable especially if they don't have a bug bounty program. Even those who have it but don't want to pay you can claim it's a duplicate and reject your report. that is true, check the section of the terms regarding bug-related protocols for the site. because if they have, they have certain requirements to comply with. because not all sites have their rules on this bounty. however, for ethical purposes, one can always contact their support and ask for assistance about such concern. it is your conscience that will direct you if you will tell them about your discovered bug or just siphon their vaults for your own pocket. In summary to that, that thought only exist in your head, since the BC game team have seen that your reports for nnthe bug is not worthy of any attentions and how best you are truthful to yourself, and if their act as if nothing is wrong with the system and there is no bug which their have not stated any ways, but be sure that the only way we can believe you is when you share some screenshots since you said you have some of them at your disposal.
Any ways, I think the best way is to try more to get in the touch with the support and hear their own side of the story, but also note that when a player fine a bug in he system, it is noble enough for them to report the said bug the the team instead of exploting them
i believe it is his own disposal if he is true to intentions in helping the site about the bug or not. because let's say the site is not giving some incentives, are you going to submit your discovered bug or are you gonna exploit it? now, that is for you to contemplate about. because if you reach them and not reaching back, and you feel your time is being wasted, then, it is for you to decide what to do with the bug you discovered. |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|
Wiwo
|
|
January 06, 2024, 10:53:34 PM |
|
Wait a little bit OP, are you doing this just to get your reward or you're being passionate about seeing a bug being reported, another thing I would have suggested is for you to go through their own announcement thread to make such a report there or directly to their representative, this is one of the advantage of having their announcement thread here for a discussion on their service, let's see maybe you could get some attention either, but I will employ that you remain less desperate about receiving a reward on it.
From the look of things, the ops are up to a system that is not clearly open to the general public, because to some extent it looks like ops have nothing to show for it and since the casino team themselves have paid no attention to the claim, that leads us to more curiosity as of what we can't expect from the ops claims, and judging from ops recent communication also I have lost trust in him and at some point, I feel he is just trying to create a fud around. So that we can't take him seriously on his claims of possible bugs in the BC games system and if he has anything he can come up with evidence as proof of his claim and then the whole community will clap for him for his noble act. |
|
|
|
|
|
TimeTeller
|
|
January 07, 2024, 10:57:42 AM
Last edit: January 07, 2024, 11:19:46 AM by TimeTeller |
|
I'm not going to comment on the bug itself as no PoC has been provided (I don't think it's ethical to post it publicly without the casino's consent, anyways). However, I wanted to salute you for your honesty and reporting the bug instead of exploiting it and milking the casino's wallets dry! I also wanted to share my opinion on your second question: How does someone go about reporting a bug to a casino a still hold casino accountable to pay a bounty?
You can't hold them accountable especially if they don't have a bug bounty program. Even those who have it but don't want to pay you can claim it's a duplicate and reject your report. That is the problem if the site doesn't have bug bounty program. You can't force them to pay or give you some reward for your work. But if you want clear conscience, you can report it to them without waiting for any incentive. After all, they are not forcing you to report. It is in your morality whether you report it or exhaust this opportunity for your own gain. Either way, it is all on you at the end of the day. The management will just according to what the owners wanted them to do. |
|
|
|
|
Porfirii
Legendary
Offline
Activity: 1778
Merit: 2077
The Alliance Of Bitcointalk Translators - ENG>SPA
|
|
January 07, 2024, 11:04:08 AM |
|
-snip- I also wanted to share my opinion on your second question: How does someone go about reporting a bug to a casino a still hold casino accountable to pay a bounty?
You can't hold them accountable especially if they don't have a bug bounty program. Even those who have it but don't want to pay you can claim it's a duplicate and reject your report. That is the problem if the site doesn't have bug bounty program. You can't force them to pay or give you some reward for your work. But if you want clear conscience, you can report it to them without waiting for any incentive. After all, they are not forcing you to report. It is in your morality whether you report it or not. Nowadays having a bug hunting program is highly recommended for all casinos online, because otherwise they are facing an unnecessary risk. I hope the OP is eventually rewarded because it is in the best interest of both parties. My two sats. |
|
|
|
fapar
Sr. Member
Offline
Activity: 1414
Merit: 267
Undeads.com - P2E Runner Game
|
|
January 07, 2024, 03:36:31 PM |
|
If you are some sort of a programmer or having that coding experience and bug expert for you to find out those exploits and holes then it would be that easy but there were people who do able to find out bugs naturally specially to those who are really that making some gambling on the site itself on which they would really be expecting for some bug bounty or rewards on which it would really be that depending on a certain site whether they would really be considering those finds or wouldnt really be giving at all. It would really just vary on a certain individual on which not all people would really expecting somehow into those finds not unless if its really that a crucial find or exploit or bug then they might be expecting something.
The OP has updated the information about the problem at hand. According to him, the online casino does not respond to his request, and he does not even ask for a reward. Anyone else in his place would simply continue to exploit the vulnerability in the operation of the casino: I mean, if this mistake directly affected the ability to withdraw funds that are not on the account, for example. Online casinos should conduct bug bounties on an ongoing basis and increase the level of communication with customers. |
|
|
|
|
Potato Chips
|
|
January 07, 2024, 07:52:00 PM |
|
Just an update on the whole thing. Never requested or demanded a bounty but I did expect a reply which never happened.
You sure it's a case closed already? BC is def one of the reputable casinos but I remember one of their most received criticism was that they need to up their support game so perhaps their reply may just take time. I saw you posted about sending a PM to their bitcointalk account, what about writing on their main website? |
|
|
|
|
Wiwo
|
|
January 07, 2024, 07:58:07 PM |
|
Just an update on the whole thing. Never requested or demanded a bounty but I did expect a reply which never happened.
Are you sure it's a case closed already? BC is def one of the reputable casinos but I remember one of their most received criticism was that they need to up their support game so perhaps their reply may just take time. I saw you posted about sending a PM to their bitcointalk account, what about writing on their main website? Really, is the support that inactive? Because at some point there is a lot at stake if casino support becomes inactive or not responsive to tickets and issues that are as serious as this being left unattended is a significant bad role of the support. And if this bug report by ops is actually true and the support behaviour as this is also true it then means that BC games will be under a lot of losses without the knowledge. |
|
|
|
|
|
SamReomo
|
|
January 07, 2024, 08:08:29 PM |
|
It's always something good to find a bug a d report such as appropriately needed, if we are to consider the gambling sector for now, we are not having more of the people interested in this and it's all because they have experience low rate from how this is actually happening, you may hardly get to find one, gamblers will be so focused on having their fun in using the casino than looking for bugs around when majority are even after winning their bets, we can therefore see this that it's not common and that rampart as before that they were being discovered, however, we shouldn't still relent from finding more because they still exist.
Mostly players don't have much knowledge regarding those bugs and they aren't bug bounty experts either but sometimes a player with sharp mind can find some easy bugs that aren't related to code but can be accessed via the UI of a website. It requires specialized knowledge of hacking and programming to find the bugs in a casino or a game that a casino offers and I'm really sure that most of the players don't even care about such bugs because they mainly play to test their luck and if their luck is good then they can easily win against the casino's house edge. Let's assume if a player is expert at finding bugs then surely that player will spend more time to find those bugs rather than playing the game. I have noticed that very few players are interested in finding bugs in casinos and I have never seen casino sites to offer good rewards to those players or those people who can find bugs. But, it's a sure thing that if someone tries to help a casino by finding some bugs of their platform then they will at least get some rewards for doing that. |
| | | | | | | ███▄▀██▄▄
░░▄████▄▀████ ▄▄▄
░░████▄▄▄▄░░█▀▀
███ ██████▄▄▀█▌
░▄░░███▀████
░▐█░░███░██▄▄
░░▄▀░████▄▄▄▀█
░█░▄███▀████ ▐█
▀▄▄███▀▄██▄
░░▄██▌░░██▀
░▐█▀████ ▀██
░░█▌██████ ▀▀██▄
░░▀███ | | ▄▄██▀▄███
▄▄▄████▀▄████▄░░
▀▀█░░▄▄▄▄████░░
▐█▀▄▄█████████
████▀███░░▄░
▄▄██░███░░█▌░
█▀▄▄▄████░▀▄░░
█▌████▀███▄░█░
▄██▄▀███▄▄▀
▀██░░▐██▄░░
██▀████▀█▌░
▄██▀▀██████▐█░░
███▀░░ | | | | |
|
|
|
|
Potato Chips
|
|
January 07, 2024, 09:46:41 PM |
|
Really, is the support that inactive?
Because at some point there is a lot at stake if casino support becomes inactive or not responsive to tickets and issues that are as serious as this being left unattended is a significant bad role of the support.
And if this bug report by ops is actually true and the support behaviour as this is also true it then means that BC games will be under a lot of losses without the knowledge.
To sump it up there were many scam accusation that took time to receive replies so as a sign of good faith, BC started a support account on the forum, see: https://bitcointalk.org/index.php?topic=5475418From what I can see, there is def a significant improvement on their side but I'm not expecting it to be perfect hence it wouldn't be weird if slow replies happened in a couple of cases. There's also the fact that each cases have different complexities -- my logic to this is that simple queries will be the fastest to get a response as oppose to complex ones. |
|
|
|
|
Oilacris
|
|
January 07, 2024, 09:57:12 PM |
|
If you are some sort of a programmer or having that coding experience and bug expert for you to find out those exploits and holes then it would be that easy but there were people who do able to find out bugs naturally specially to those who are really that making some gambling on the site itself on which they would really be expecting for some bug bounty or rewards on which it would really be that depending on a certain site whether they would really be considering those finds or wouldnt really be giving at all. It would really just vary on a certain individual on which not all people would really expecting somehow into those finds not unless if its really that a crucial find or exploit or bug then they might be expecting something.
The OP has updated the information about the problem at hand. According to him, the online casino does not respond to his request, and he does not even ask for a reward. Anyone else in his place would simply continue to exploit the vulnerability in the operation of the casino: I mean, if this mistake directly affected the ability to withdraw funds that are not on the account, for example. Online casinos should conduct bug bounties on an ongoing basis and increase the level of communication with customers. One of the best things that a certain platform or company should have is to have that kind of active support or really that fast when it comes to responding on which it do really sucks when you are really that long time waiting for some reply specially that this one talks about some bugs or exploits on which simply this is really a security concern on which it is really just that normal that they should really be attentive if someone on their players had discovered it out, or maybe they did really do such thing intentionally just for them to avoid on giving out some reward or bounty on such find? Just like been said it would really be just that depending on the severity of such bug whether its crucial or really just that minimal. |
|
|
|
TristanGG
Jr. Member
Offline
Activity: 37
Merit: 3
|
|
January 07, 2024, 11:02:52 PM |
|
Most Casinos will only accept a report if it has a viable security impact with a PoC and not a general report from a scanner tool.
I'd recommend asking the casino if they have a private bug-bounty program either internally or externally (i.e, operated by BugCrowd, HackerOne, intigriti)
|
|
|
|
|
Sling0 (OP)
Newbie
Offline
Activity: 10
Merit: 0
|
|
January 09, 2024, 03:01:25 AM |
|
Wait a little bit OP, are you doing this just to get your reward or you're being passionate about seeing a bug being reported, another thing I would have suggested is for you to go through their own announcement thread to make such a report there or directly to their representative, this is one of the advantage of having their announcement thread here for a discussion on their service, let's see maybe you could get some attention either, but I will employ that you remain less desperate about receiving a reward on it.
From the look of things, the ops are up to a system that is not clearly open to the general public, because to some extent it looks like ops have nothing to show for it and since the casino team themselves have paid no attention to the claim, that leads us to more curiosity as of what we can't expect from the ops claims, and judging from ops recent communication also I have lost trust in him and at some point, I feel he is just trying to create a fud around. So that we can't take him seriously on his claims of possible bugs in the BC games system and if he has anything he can come up with evidence as proof of his claim and then the whole community will clap for him for his noble act. Kind of an ignorant reply in my opinion. I have created no FUD of any kind and even cleared stated I wasn't at all trashing BC Game. I have proof via screen recordings of the bug and how the bug allowed me to control the crash game. I proved to BC Game support staff via BC Game test server and can confirm as of now that the bug and how it was exploited has been fixed by BC Game because it is no longer exploitable. To be honest I've been monitoring the crash game since I reported the bug and I now see the game results showing more yellow crashes mixed in with red and green then prior weeks. Call it what you will but 2 days after I reported the bug seems crash is more stable. 🤔 I will continue to wait for BC support to reply to me if they wish and best case scenario get $ bounty or worst case a half hearted thanx. Can't post 15 minutes of screen recording anyway. |
|
|
|
|
|
Hirose UK
|
|
January 09, 2024, 03:43:29 AM |
|
Just an update on the whole thing. Never requested or demanded a bounty but I did expect a reply which never happened.
You sure it's a case closed already? BC is def one of the reputable casinos but I remember one of their most received criticism was that they need to up their support game so perhaps their reply may just take time. I saw you posted about sending a PM to their bitcointalk account, what about writing on their main website? On gambling site, the customer support service will definitely work 1x24 hours or they will respond to every customer report with excellent responsiveness because customers are the most valuable group. Talking about BC, it seems that there are several reviews which state that support needs to be improved, but from every problem that occurs it can also be seen that support certainly solves many problems and also responds to every complaint made by customers. The casino team needs to research and investigate every problem that occurs so I don't think delay in responsiveness is too fatal, but with improvements in support they might be able to ensure customer satisfaction and comfort. I use several gambling sites but so far I feel really good satisfaction because there are no problems whatsoever and I always get good responsiveness from the support of each site I use. It is always better to report any problems that occur to the gambling site support because they can be handled more quickly and you can get the right solution. Not all problems that occur can be sent by PM to their Bitcointalk account because not all customers themselves are members of this forum. |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
kotajikikox
Full Member
Offline
Activity: 2380
Merit: 207
★Bitvest.io★ Play Plinko or Invest!
|
|
January 09, 2024, 01:07:47 PM |
|
Most Casinos will only accept a report if it has a viable security impact with a PoC and not a general report from a scanner tool.
I'd recommend asking the casino if they have a private bug-bounty program either internally or externally (i.e, operated by BugCrowd, HackerOne, intigriti)
I think if you follow the thread you will read all what OP wanted to elaborate here because he had given everything and even telling the people here what had happened and his only demand is at least a THANK YOU for what have he done for the team , take not the Money because we all need this at appreciation for what have you done good is for me a better giving here. |
|
|
|
|
carlfebz2
|
|
February 16, 2024, 09:06:10 PM |
|
Most Casinos will only accept a report if it has a viable security impact with a PoC and not a general report from a scanner tool.
I'd recommend asking the casino if they have a private bug-bounty program either internally or externally (i.e, operated by BugCrowd, HackerOne, intigriti)
I think if you follow the thread you will read all what OP wanted to elaborate here because he had given everything and even telling the people here what had happened and his only demand is at least a THANK YOU for what have he done for the team , take not the Money because we all need this at appreciation for what have you done good is for me a better giving here. Sorry for the heads up on this one but i cant really just that easily accept that someone who do found a bug would really be just liking to have or get some THANKS. Of course you would really be expecting something for some bounty based up on what you have found. The sad part when you do find an exploit which even if you do saw that its a major one, you dont really receive any something in return but well they could really be able just simply tell you that the bug you have found is really just that minimal or something that critical. Is there something you can do? of course none. |
|
|
|
|
