Developer Reveals Exploit in Atari's On-Chain Game to Prove Security Point

ChainPlay

•

5 months ago

Share :

Kautuk Kundan, the founder and CEO of Stackr Labs, claims to have hacked Atari’s latest crypto arcade game to prove a significant point. The game, built on Coinbase’s Ethereum layer-2 network Base, was marketed as being “on-chain.” However, Kundan and his team found evidence suggesting otherwise. They managed to sabotage the leaderboard of Atari’s newly launched Asteroids game without actually playing it.

The Hack Explained

On August 6, Kundan posted on X, revealing how the Stackr Labs team manipulated the game’s leaderboard. According to Kundan, when a user starts the game, nothing happens on-chain. The game interacts with the blockchain only at the end, when the user’s score is recorded. This process involves making an API call rather than actual on-chain activity. Kundan exploited this by sending fake API calls to Web2 servers, thereby altering the leaderboard without playing the game.

Kundan’s actions demonstrate that the game is not truly “on-chain,” contrary to Atari’s claims. While Kundan and his team refrained from tampering with other scores, he hinted that less ethical actors could have easily manipulated their scores to rank higher on the leaderboard. This raises concerns about the integrity and security of the game’s scoring system.

Atari’s Launch and the Game’s Mechanics

Atari launched the Asteroids game on July 25, in collaboration with Coinbase’s layer-2 Ethereum network Base. Players were enticed with the opportunity to play the classic arcade game and compete for prizes, including a $1,000 Atari gift card. Despite the appeal, Kundan’s revelation casts doubt on the game’s on-chain authenticity.Sources: X
Kundan emphasized that even if an app operates off-chain, it should produce commitments that are verifiable on the blockchain. He used this incident to advocate for Proof of Gameplay, an Ethereum roll-up system developed by Stackr Labs. According to Kundan, for games and products to genuinely claim they are “on-chain,” they must ensure that their operations are verifiable on the blockchain itself.

Kundan clarified that the hack was not intended as a negative criticism. Instead, it was an effort to highlight and find solutions for persistent issues in crypto applications. By exposing the vulnerabilities in Atari’s Asteroids game, Kundan hopes to encourage the development of more secure and verifiable blockchain-based applications.Sources: X
Kautuk Kundan’s hack of Atari’s Asteroids game reveals a significant flaw in its on-chain claims. By manipulating the leaderboard through API calls, he demonstrated that the game’s interactions were not genuinely on-chain. This incident underscores the need for verifiable on-chain commitments in crypto applications. Kundan’s advocacy for Proof of Gameplay highlights the importance of developing secure and transparent blockchain systems. Ultimately, his actions aim to improve the integrity and reliability of crypto applications.