When tasked with the initial problem, The CEO of DCP said that there is a possibility we would break it. After doing some digging into what our project would be, we found a potential security breach and notified the CEO that we were thinking of hacking the platform. He gave us the green light to play around with it as long as we didn't break it and the rest is history!
What it does
Hello! Welcome to our Token Bot. In QHacks 2021 (the hackathon), our group consisting of @Harley-L, @barrackm, and @MSilver42 developed a bot that took advantage of the free credits from new users on the Distributed Compute Lab's network to gain infinite credits. These credits can be used to mine online currency (Bitcoin) and give the credits an inherent value.
How we built it
Using Selenium and MailSlurp as our python APIs, we were able to create bot emails and navigate the platform. Then, we were able to transfer credits from the bots account to the main account.
Challenges we ran into
Transitioning to a headless driver in selenium
- HREFs were not preserved and were difficult to access when headless
- As a fix, we removed one selenium driver and replaced it with a temporary email API
Making the code more efficient and consistent
- We initially used wait times (time.sleep()) but due to connection and computer speed, it was very inconsistent and less efficient. We replaced this with checking that the previous task had fully finished before moving on to the next task.
Accomplishments that we are proud of
Achieving an efficiency of 1150 credits per hour, our platform was able to gain 300x the normal amount of credits in a given period.
What we learned
What's next for Breaking The DCP Economy
Sadly, DCP does not support network calls so, therefore, mining for currency such as Bitcoin is not possible yet. This would give the tokens inherent value and make this much more profitable. Also, we recognize that this project is very temporary and we urge DCP to fix these potential vulnerabilities!
Before starting the project, our team told the CEO of Distributed Compute Labs of this potential problem and was given the green light to test the security of their system. We did NOT break their system and made this to help better their understanding of potential security risks.