Inspiration

When tasked with the initial problem, The CEO of DCP said that there is a possibility we would break it. After doing some digging into what our project would be, we found a potential security breach and notified the CEO that we were thinking of hacking the platform. He gave us the green light to play around with it as long as we didn't break it and the rest is history!

What it does

Hello! Welcome to our Token Bot. In QHacks 2021 (the hackathon), our group consisting of @Harley-L, @barrackm, and @MSilver42 developed a bot that took advantage of the free credits from new users on the Distributed Compute Lab's network to gain infinite credits. These credits can be used to mine online currency (Bitcoin) and give the credits an inherent value.

How we built it

Using Selenium and MailSlurp as our python APIs, we were able to create bot emails and navigate the platform. Then, we were able to transfer credits from the bots account to the main account.

Challenges we ran into

Transitioning to a headless driver in selenium

  • HREFs were not preserved and were difficult to access when headless
  • As a fix, we removed one selenium driver and replaced it with a temporary email API

Making the code more efficient and consistent

  • We initially used wait times (time.sleep()) but due to connection and computer speed, it was very inconsistent and less efficient. We replaced this with checking that the previous task had fully finished before moving on to the next task.

Learning Javascript as a new language

  • After gaining an absurd amount of credits, we need to spend them! By implementing the practicality of our system using the DCP network, we had to learn Javascript when no one on our team had worked with it before.

Accomplishments that we are proud of

Achieving an efficiency of 1150 credits per hour, our platform was able to gain 300x the normal amount of credits in a given period.

What we learned

We learned the basics of Javascript, in-depth knowledge of web scraping with selenium, and effective teaming to delegate tasks to accomplish more as a team.

What's next for Breaking The DCP Economy

Sadly, DCP does not support network calls so, therefore, mining for currency such as Bitcoin is not possible yet. This would give the tokens inherent value and make this much more profitable. Also, we recognize that this project is very temporary and we urge DCP to fix these potential vulnerabilities!

DISCLAIMER

Before starting the project, our team told the CEO of Distributed Compute Labs of this potential problem and was given the green light to test the security of their system. We did NOT break their system and made this to help better their understanding of potential security risks.

Built With

Share this project:

Updates