Upon investigation it seems that it was super easy to hack, you didn't even have to collude with a witness. Basically if you craft the right transaction it just works.
And that is really easy, so I can actually imagine a lot of people doing that. Would probably take someone 30 minutes to code it up.
I really don't pity the devs here, if they use the tx in isolation as the randgen seed then they are as incompetent as can be 🤷♂️ that is like hiding passwords in the client application 😂
I didn't think that someone would modify steemd to make their witness produce specially crafted blocks that alter the randgen. But seriously, transactions?
I didn't think that someone would modify steemd to make their witness produce specially crafted blocks that alter the randgen
They will if there is enough money at stake (or even if it isn't and just feel like it is worth doing for the lulz anyway) and on a global network making assumptions about what someone somewhere will be willing to do nearly always ends badly.
Upon investigation it seems that it was super easy to hack, you didn't even have to collude with a witness. Basically if you craft the right transaction it just works.
And that is really easy, so I can actually imagine a lot of people doing that. Would probably take someone 30 minutes to code it up.
I really don't pity the devs here, if they use the tx in isolation as the randgen seed then they are as incompetent as can be 🤷♂️ that is like hiding passwords in the client application 😂
I didn't think that someone would modify steemd to make their witness produce specially crafted blocks that alter the randgen. But seriously, transactions?
They will if there is enough money at stake (or even if it isn't and just feel like it is worth doing for the lulz anyway) and on a global network making assumptions about what someone somewhere will be willing to do nearly always ends badly.