seoincorporation (OP)
Legendary
Offline
Activity: 3332
Merit: 3116
|
|
September 27, 2014, 07:31:39 PM |
|
Good day to all, im here to talk about my experience in PrimeDice.com.
When "PrimeDice 3" was released, it was a "bug" site, its has some epic rules or we can call it "Math Fail Rules". I found the bug and make some test:
FIRST BUG. Every time a pearson withdraw 0.001, he got 0.001 on wallet and the PD account get 0.0001 on balance. We dont need to be Newton or Euler to see that is a Math Epic Fail.
Then i think, lets see how can i exploit this before report it, and i start exploiting that bug using the next method:
1.-I join to PD from 2 accounts at the same time (A & B) 2.-Make a 0.1 deposit on A 3.-Tip 0.001 from A to B 4.-Withdraw 0.001 from B to wallet 5.-Tip 0.001 from A to B 6.-Withdraw 0.0011 from B to wallet 7.-Tip 0.001 from A to B 8.-Withdraw 0.0011 from B to wallet 9.-Tip 0.001 from A to B 10.-Withdraw 0.0011 from B to wallet ... (And make this again and again...)
I deposit 0.1 Btc and make 99 withdraw of 0.0011 and 1 of 0.001. that means i should get 0.1099 on my wallet. But i got a nice surprise when see only 0.07 go to my wallet.
I was exploiting that bug and got busted, then i contact "Stunna" and PD support, Told them there was a bug in the page and i was exploiting it to give proof it was a serious bug.
And they told me "You was exploiting it". and i say of coursei was exploiting it, i found the bug and need some proof to report it... Then i tell them, ok i dont want a prize for find and report that bug, i only want my 0.03 Btc Back... and they tell me the same trash "You was exploiting it". They never give me back my money, even said thanks for my report.
But then i found the SECOND BUG:
1.-I join to PD from 2 accounts at the same time (A & B) 2.-Make 0.001 deposit on A 3.-Claim faucet on B 4.-Tip balance from A to B 5.-Claim faucet on A 4.-Tip balance from B to A ... (And make this again and again...)
I call that a "Snow ball" because balance was getting bigger, when i get 0.0025 in my balance, i report this bug... My account got frozen again and my BTC was lost again...
I report this same bug at 999dice.com and "Jake" the owner, give me a 0.05 prize for report this bug, while PrimeDice still frozing my accounts and scamming my balances, 999dice say thx and pay me for report the bugs. There i found i wasn't wrong.
It was some weeks ago, and that bugs got fixed, every time some one withdraw he get ballance - Fees on wallet, and page dont give back 0.0001 to the PD balance.
But i make this info public because i help to found bugs on that page, i report them and they fix it now, and Stunna even said thanks and he stole me some BTC.
What we learn from this?
1.- One time you Deposit on PrimeDice, that is not your money any more, if Stunna or the PD team decide that you are making something bad on the page, they will keep your money
2.- If you report a bug on PrimeDice you will be the bad guy, and they will tell you "GTFO damn hacker!!!".
3.-PD team its ungrateful people, who make me lost time and money. If you are thinking they will give you a prize for report bugs or problems in the page, you are wrong.
I hope you do not misunderstand things, PrimeDice its legit site, i was exploiting the bug to get proof for report it but get busted, that was all.
This was my experience with PrimeDice and now im out of that page, i found more bugs, but im not interested in reporting it or exploit it. I have no reason to do it. I dont care about my 0.03 lost, keep that PD, looks like you need it more than me.
If some one has a bad experience with PD, please share it here, i want to know if im the only one who get busted on that site.
|
|
|
|
Stunna
Legendary
Offline
Activity: 3192
Merit: 1279
Primedice.com, Stake.com
|
|
September 27, 2014, 09:47:03 PM |
|
There's a difference between responsibly reporting a bug and getting caught abusing one. If I recall correctly your account was banned after this was detected and THEN you emailed us to report a bug which we caught you abusing.
I have no interest in discussing this matter further. It wasn't a particularly genius or profitable bug either, about 5 other people actively attempted to farm it and made a few bitcents. We're more than happy to credit people who responsibly disclose unreported exploits.
|
|
|
|
seoincorporation (OP)
Legendary
Offline
Activity: 3332
Merit: 3116
|
|
September 27, 2014, 10:21:59 PM |
|
There's a difference between responsibly reporting a bug and getting caught abusing one. If I recall correctly your account was banned after this was detected and THEN you emailed us to report a bug which we caught you abusing.
I have no interest in discussing this matter further. It wasn't a particularly genius or profitable bug either, about 5 other people actively attempted to farm it and made a few bitcents. We're more than happy to credit people who responsibly disclose unreported exploits.
I have no interest in discussing this matter further, i know its was my error, i was trying to get evidence about the bug before report it, that is the way i do it. I give evidence not speculations. But i say again, it was my mistake and sorry if i make you think i was exploiting your page. Because the idea was find the bug for report it. At last you only lost a cliente, now i play dice on 999dice, the matter is not so serious... I wish you the best for your dice site, and im only sharing my experience about your page, if you take this like a aggression for your site, please let me now and i will remove this thread. Have a great weekend Stunna.
|
|
|
|
rz20
Legendary
Offline
Activity: 1330
Merit: 1001
|
|
September 27, 2014, 10:33:58 PM |
|
I reported this bug when pd was released.
I used it also as they took around 1 week to fix it.
|
|
|
|
seoincorporation (OP)
Legendary
Offline
Activity: 3332
Merit: 3116
|
|
September 27, 2014, 10:36:01 PM |
|
I reported this bug when pd was released.
I used it also as they took around 1 week to fix it.
And you got something for report it?
|
|
|
|
sparkleboy
Newbie
Offline
Activity: 32
Merit: 0
|
|
September 27, 2014, 11:00:08 PM |
|
I reported, I think they are cheating they have backing from idiots and retards, I won there, but I knew if played they will start beating me. They didnt give me nothing for reporting a bug
|
|
|
|
rz20
Legendary
Offline
Activity: 1330
Merit: 1001
|
|
September 28, 2014, 08:25:51 AM |
|
I reported this bug when pd was released.
I used it also as they took around 1 week to fix it.
And you got something for report it? No. Just the amount I took from the bug around 1$
|
|
|
|
DiamondCardz
Legendary
Offline
Activity: 1134
Merit: 1118
|
|
September 28, 2014, 08:27:52 AM |
|
They didnt give me nothing for reporting a bug
So they did give you something? Or what? Sorry, I can't quite understand your lack of English skills... Because PD isn't provably fair and you can't verify the hashes after each roll, y'know?
|
BA Computer Science, University of Oxford Dissertation was about threat modelling on distributed ledgers.
|
|
|
RandyFolds
|
|
September 28, 2014, 09:08:29 AM |
|
When I read the thread title I new it's just another useless thread. People just don't know when to use Scam word. But seriously, abuse the site until you get caught and then you try to get reward for abusing it.
|
|
|
|
waterpile
|
|
September 28, 2014, 09:12:58 AM |
|
They didnt give me nothing for reporting a bug
So they did give you something? Or what? Sorry, I can't quite understand your lack of English skills... Because PD isn't provably fair and you can't verify the hashes after each roll, y'know? its not about the provably fair, its about an exploit when transferring money by withdrawals
|
|
|
|
Pkofet
|
|
September 28, 2014, 09:35:47 AM |
|
I deposit 0.1 Btc and make 99 withdraw of 0.0011 and 1 of 0.001. that means i should get 0.1099 on my wallet. But i got a nice surprise when see only 0.07 go to my wallet.
Putting aside the story of abusing/testing the bugs, how did you end up with just 0.07? Are the withdrawal amounts wrong? Or do some of the withdrawals never reach your end?
|
|
|
|
DiamondCardz
Legendary
Offline
Activity: 1134
Merit: 1118
|
|
September 28, 2014, 09:43:27 AM |
|
They didnt give me nothing for reporting a bug
So they did give you something? Or what? Sorry, I can't quite understand your lack of English skills... Because PD isn't provably fair and you can't verify the hashes after each roll, y'know? its not about the provably fair, its about an exploit when transferring money by withdrawals I think they are cheating
Rather than blindly assuming I'm talking about the OP, read the posts of the other people in the thread, eh?
|
BA Computer Science, University of Oxford Dissertation was about threat modelling on distributed ledgers.
|
|
|
LiteCoinUser84
|
|
September 28, 2014, 12:30:40 PM |
|
You were using an exploit for your own ends clearly... honesty is the best policy.
|
|
|
|
B4RF
|
|
September 28, 2014, 12:48:02 PM |
|
I think nearly everyone knew this bug. I have reported this one as well (as many others might have done) and I haven't really expected any reward. But the difference is that I haven't exploited this bug! Why should you use the bug first to get a profit and then report it? That makes you the scammer
|
▄▄▄████████▄▄▄ ▄██████████████████▄ ▄██████████████████████▄ ██████████████████████████ ████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ████████████████████████████ ██████████████████████████ ▀██████████████████████▀ ▀██████████████████▀ ▀▀▀████████▀▀▀
| | | | ███████ ██████████ ██████████ ██████████ ██████████ ██████████ ██████████ ██████████ ██████████ ██████████ ██████████ ██████████ ███████ | | | | ▄▄██████████████▄▄ ▄██████████████████████▄ █████ ▄██████████████████████████▄ █████ ████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████ ▄██▀ ████ █████ ██████ █████ ████ ▄██▀ ████ █████ ██████ █████ ████ ██▀ ████ █████ ██████ █████ ████ ██ ████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄ ████████████████████████████ ████████ ███████▀ ▀███████ ▀██████▀ █████▀ ▀█████ ▀██████████████████████████▀ ▀▀████████████████████▀▀ | | |
|
|
|
Minnlo
|
|
September 28, 2014, 01:31:25 PM |
|
Sure, it is reasonable that you need to do some testing before reporting the bug, but honestly do you really need to make 99 tests?
|
|
|
|
pthnmj
|
|
September 28, 2014, 01:42:18 PM |
|
LoL | I remember reporting a bug that allowed me to control any account I wanted to (and able to gamble, and make them lose their coins) | Later reported to STUNNA who gave me 0.01BTC >_< Quite low, but at least he still a chill person I took 3BTC from BitTrivia... Just be careful who you take from... They will fuck you in the ass
|
|
|
|
seoincorporation (OP)
Legendary
Offline
Activity: 3332
Merit: 3116
|
|
September 28, 2014, 01:50:00 PM |
|
Sure, it is reasonable that you need to do some testing before reporting the bug, but honestly do you really need to make 99 tests? I make 99 teste because if i only make 1 it doesn't look like a serious bug "Hey Stunna! i found a bug and i get 0.0001 free from your page", i Was trying to get 0.01 before report it to let him know it was serious.
|
|
|
|
seoincorporation (OP)
Legendary
Offline
Activity: 3332
Merit: 3116
|
|
September 28, 2014, 01:58:48 PM |
|
I deposit 0.1 Btc and make 99 withdraw of 0.0011 and 1 of 0.001. that means i should get 0.1099 on my wallet. But i got a nice surprise when see only 0.07 go to my wallet.
Putting aside the story of abusing/testing the bugs, how did you end up with just 0.07? Are the withdrawal amounts wrong? Or do some of the withdrawals never reach your end? They cancel more that 30 withdraw's of 0.0011... and i say bye to 0.04 bitcoins. At last i was not waiting a compensation, i only ask for my money back but the site SCAM me my bitcoins. When some one take your BTC and dont give back, for me that is a scam. And when i report the second bug, they do the same, they take my bitcoins again. I think the way to find and report a bug its the next: Search the Bug, Make some test, Proof the bug works, report it... If im wrong please let me know.
|
|
|
|
ndnh
Legendary
Offline
Activity: 1302
Merit: 1005
New Decentralized Nuclear Hobbit
|
|
September 28, 2014, 02:23:15 PM |
|
On neutral stance:
How will someone report a bug without verifying that the bug exists?
and
If you had intended to find a bug, why didn't you inform PD support beforehand? You should have done it just twice anyway. You kinda invited the second ban. Multiple accounts are not allowed in almost all sites.
|
|
|
|
seoincorporation (OP)
Legendary
Offline
Activity: 3332
Merit: 3116
|
|
September 28, 2014, 02:37:15 PM |
|
On neutral stance:
How will someone report a bug without verifying that the bug exists?
That is the poin. Now i can send the a Mail "I want to report a bug, with it i can get 1 BTC from your page", and they will tell me "How the bug works?" and i will say "I dont know because if i test it i will get banned..." If you had intended to find a bug, why didn't you inform PD support beforehand? You should have done it just twice anyway. You kinda invited the second ban. Multiple accounts are not allowed in almost all sites.
I ask them and they tell me its allowed have multiple accounts, at last if a "Bad guy" go to the page and try to hack it, you think he will care about what its allowed? If it is not allowed they must fix the code to avoid this happen.
|
|
|
|
|