TokenWar Exploit

Okay OP, I'll bite. However I'm more interested in hearing exactly what you mean by "Then you just need to decompile the data you get back and voila you have the id of the next golden."

I have the free version of the IDA disassembler, but I always thought that was just for binary files. Can you detail what you are using to decompile Solidity code?

Likewise I think Isee the function you are talking about, SetGoldenCardToken? You mentioned you need to call a different one that isn't locked down to dev only. Which is this and what parameters did you use?

All bullshit in this thread.

1) The source code is here: etherscan.io/address/0x90b12b97a52451f38090f49bce8bc2962dde4902#code

2) There's no method to "check" the next Golden Card.

3) Line 157 is the method "setGoldenCardToken(uint256 tokenId) public onlyAdmin" which is called by the owner to set the next golden card. The owner can set WHATEVER id he wants, there's not "Look it's gonna be the Che" anywhere.

3) The owner of Guevara posted this message to fuck with you.

4) Fuck you commies.

Thanks user

You do you. At midnight Tupac will be golden card and then we will see who is full of bs

And your explanation isn't right. setGoldenCardToken just is used to launch the next golden card. You feed (uint256 tokenId) with a new token object for it to get populated by NewGoldenToken(). Do you really think people would buy if the devs had that much power over it? The contract would never get popular.

The golden card itself is arbitrary but solidity randomness is impossible to create.
Source:
>solidity.readthedocs.io/en/develop/frequently-asked-questions.html#how-do-you-get-a-random-number-in-a-contract-implement-a-self-returning-gambling-contract

What i did was test the pseudo number generator with web3 callbacks (the data that comes back when you call a function) and you can easily see a pattern. When i first got the pattern i just turned the binary gibberish into ASCII and i got a long number "2018021119000004" and i passed the last two digit through NewGoldenToken() and it gave me an error because it was already going to use it to generate a new golden card (the gas limit went to a ridiculous amount). In case you didn't notice 4 is today's golden card.

Ran it a bit more "3914200341300027" gave an error: 27 -> tupac
Ran it a bit more "7830111237670010" gave an error: 10 -> che

I just explained it badly at first because i didn't want to spend 15 minutes writing something just like i did...
You might still call me bs so before you do that wait until midnight if it is tupac you owe me an apology!

...

Not even trying to debunk you at midnight we will see you are lying

> You feed (uint256 tokenId) with a new token object for it to get populated by NewGoldenToken().

This user doesn't know what he's talking about. NewGoldenToken() is an event definition, it has NO effect appart from populating the logs.

>Do you really think people would buy if the devs had that much power over it? The contract would never get popular.
Hence why you're lying to the guys who don't get it, okay, thanks user.

>The golden card itself is arbitrary but solidity randomness is impossible to create.
Wait, you're admitting it's arbitrary now?

>What i did was test the pseudo number generator
There's none anywhere in this contract.

>and i passed the last two digit through NewGoldenToken()
Thanksfully, the code itself is saying you're lying.

Line 80: /// @dev The NewGoldenCard event is fired whenever a golden card is change.

TL;DR: this user is either trying to shill for Tupac, or for Che, so he's etherscan.io/address/0xb03bef1d9659363a9357ab29a05941491accb4ec (current Tupac holder, doubt it), or etherscan.io/address/0x53a2926cc8657e3c2c9f89093324389bd4994fca (current Che holder, poorfag)

Blacklist his address to prevent future shills.

so let me put it this way. EVERYONE dont believe in me and believe in 7955761 until you have any reason to believe in me. I made 2 predictions if the first one is right then stop calling me liar and just accept that 1 year of contract development is worth something when reading code. As you can see on the last quote he is basing his accusation in comments and that everyone can do but as i said only give me trust when i deserve it.

lol, ok

Now if anybody's dumb enough that they can't read Solidity and they believe this shit and lose their money, it's your loss for being stupid.

i honestly wouldn't buy today since yeah i know it looks like a scam. But it is not i swear (like if my word would be enough to convince you kek). I can see you thinking this is a scam because if i found a exploit like i found i would use it myself and don't share. Is that one of the reasons?

>I can see you thinking this is a scam because if i found a exploit

There's no exploit.

you are correct, I read the source and OP is a lying faggot because setGoldenCard token is marked as only callable by admin.. Good work.

The thing is i'm using it myself. And since i'm doubling my money if the price increases before that is more profit that i get. And i'm not che holder, just look at the etherscan do you think i have 0.8 eth haha i wish

i already explained that... but yeah nvm wait for midnight and then we talk

*cryptobrofist*

Also, if anyone is wondering, yes there are onlyAdmin and onlyHost modifiers to restrict function calls (it's common in smart contract to have a "master" address for money withdrawal and a "script" address for day-to-day data modification), but both admin and host address are the same.

Face it, you got scammed and nobody wants to buy a commie from you. Stick with your hot potato or try to sell it on RareBits.

>*cryptobrofist*
kill yourself

rood

OP is definitely the holder of Che, because there's already a hint on tokenswar.com/golden that strongly suggests Tupac ("All Eyez On Me" was one of his albums)

So the only reason he mentioned Che is because he is the holder of Che. Clever scam but I'm not falling for it.

?

It's going to be tupac but not because there's an exploit in the code, it's because the admin offered a big hint.

You said

>You don't need if you want. But just in case check tomorrow if Tupac is gold. If my first "prediction" is true will you believe in the second as well? It's not you buying it would make me loose anything though so feel free to waist this opportunity. Just remember that after it gets gold it's too late to buy

But your first prediction of Tupac is something that anyone can predict, your second prediction is just you shilling your bags. No other reason you would bring up Che.

sage

If the admins could choose the golden that way the game would be biased what you are saying doesn't make sense. And there is not discord or social media for the game

>If the admins could choose the golden that way the game would be biased
It's literally in the code that the admin chooses the goldencard. Stop fucking lying you filthy pajeet.

function setGoldenCardToken(uint256 tokenId) public onlyAdmin {
goldenTokenId = tokenId;
NewGoldenToken(goldenTokenId);
}

Function is callable by admin only who can set the tokenID. There is no random number generator in the code.

and adding to the lack of social media i dont have a way to talk with the devs they can't give me hints whatsoever. And why would they give it to me kek

that just says when to launch it

The hint is on the "golden token" page you stupid pajeet, can you not read English?

Die pajeet

No it doesn't you stupid lying scamming fuck. You apparently cannot read solidity. Rope yourself.

You apparently don't want to have a civilized discussion. Your loss

Because you are lying straight up about what a function does and expect me to take you seriously when I can read it myself.

Filthy fucking scamming pajeet kys.

you read the fucking code comment above the function and think that makes you a solidity pro. you need to understand wtf it is doing not what they say it's doing. it isn't obvious? yeah why tf do you think just now someone noticed. stfu fucking fudder

>Filthy fucking scamming pajeet kys.
Fun thing is people will still believe in the lies of the guy who manages to get five insults in one line... baka
guess i will be buying it alone

Please point out the random number generation function in the contract and exactly which function "checks" the golden card. No, setGoldenCardToken is clearly a setter function so that is not it.

I will wait.

Filthy lying pajeet. This is why Indians should be banned from Veeky Forums

Let's all get schooled by the racist. Go back to /b/
I'm open to answer serious people though... my conversation with ID: l4ohM6vA was way more productive even if he thought i was a scammer as well

>Let's all get schooled by the racist.
Lmao you all but admit to being a pajeet.

I will keep calling your pajeet until you answer my questions, fucking faggot ranjeesh..

POO IN LOO.

if this gets archived, make a new thread.
Are you having a sperg meltdown? Do you need a hotline, user?

Samefaggot

i will do that for sure
and he just needs a hug btw

the fun thing is it's actually not lel i'm still astonished someone is not calling me faggot

shhh user

breathe

remember to sshhhhh

Surprised this lasted so long before being archived

Same desu, I'm taking a look at it rn.

15 minutes for you all to see i'm not a scammer. Hype!

It's going to be 2pac but tomorrow is not going to be Che.

You deserve to lose your money if you fall for this.

Fud...

It's getting late here so i might go have fun getting rich or arguing that i'm a scammer. You choose it

You see it is Tupac. Now lets get che to the moon!

It says it's going to be an NBA star.

Nice try though.