Augur's system vulnerability being exploited by scammer, repair won't come soon

21 Mar, 2019 | Updated: 21 Mar, 2019
by Fifi Arisandi
Security
Augur's system vulnerability being exploited by scammer, repair won't come soon

Augur system has a vulnerability that has been exploited by scammers, which can't be fixed until Augur v.2 is launched. 

In a series of tweet, Augur’s CEO, Joey Krug admitted the vulnerability of his platform’s betting system has been exploited by a malicious actor. 

The tweets came in response to a post on Reddit, titled “Augur is being gamed!” by user Singlefin 12222.

The user elaborated how some malicious people have managed to get profit by betting on impossible outcomes while voting to make the market (bet) invalid. This method is said to trigger Augur’s system to equally distribute all the market’s collected money to all participants.

In more details, what the scammers do was first, they created a bet with an “very subtle mistake” in the description. Then, they put a bet on the outcomes that will not win, staked REP on the market being invalid and voila! all staked funds will be distributed equally, which meant those that bet on the wrong outcome will also get the money.

Augur is being gamed! from r/ethereum


Krug responded by claiming that the Reddit post is “kinda fake news for a few reasons”. He argued that all the confusing markets were created on purpose by only 1 person/address, not a bunch of people as the Redditor claimed.

He further explained that his team has been aware of such issue, thus a new way to prevent more exploitations to occur has been built. The new way, called validity bond will act as collateral if users try to cheat with the aforementioned scenario.

That said, there’s still a problem as the algorithm that determines the amount lost when invalid bets are created on purpose is not yet properly configured.


Krug promised a total repair on Augur v.2, which is sadly it’s not planned to launch anytime soon. That being said, the Augur team has created a “temporary fix” to the issue by implementing basic UI messages that will warn users if they interact with a potentially fraudulent market.

“These aren’t things to be rushed. I think it’s probably easier to address UI side, by warning people about this stuff more,” Krug told The Next Web.

Until Augur v.2 is launched, he suggested users to stay alert by paying attention to the details of the markets (bets), such as the descriptions and listed dates.

Follow Chepicap now on Twitter, YouTubeTelegram and Facebook!

Chepicap is here for you 24/7 to keep you informed on everything crypto. Like what we do? Tip us some Satoshi with the exciting new Lightning Network Tippin.me tool!

 

Read more: How to tip and receive Bitcoin via the Lightning Network with Tippin.me

Read more about:Augur (REP)

Poll

Have you participated in or created any predictions on Augur so far?

(17 votes)

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage