Open in app

Sign in

Write

Sign in

Unexpected Kitty Fleas

Practice safe siring, everyone: there’s a little bug going around.

CryptoKitties
CryptoKitties
4 min readMay 3, 2018

--

Prior to launching CryptoKitties, we ran bug hunts and gifted special “bug cat” CryptoKitties to the hunters who helped out. One of those cats fed hundreds of families.

Unfortunately, we weren’t as immune to bugs as we hoped — but despite our bug hunt closing, our bug hunters continue to be amazing. One of them recently brought a bug in our Siring smart contract to the team’s attention.

Let’s take a look at these Fleas…

When you bid on a Siring Auction while the price is dropping, by the time your bid goes through it will usually cost a little bit less than what you sent.

We intended for this difference to be sent back to you, but it isn’t.

This bug — which we are referring to as Unexpected Kitty Fleas — has affected a very small number of users, and then only in very small amounts.

(This bug only affects Siring. The Sales Auction refunds excess payments as intended.)

Example:

1. Bruce finds a Siring Auction from Nisha’s Kitty, currently priced at 0.002 ETH.

2. Bruce sends 0.01 ETH (plus gas) to cover this transaction:

  • 0.002 for the Siring Auction.
  • 0.008 breeding fee.

3. Due to network congestion, it takes a few minutes for the transaction to be approved. During this time, the Siring Auction cost continues to drop, reaching 0.00195. The ETH that Bruce sent is distributed like this:

  • 0.00188 (0.00195 -3.75%) to Nisha, as intended.
  • 0.00007 (3.75%) to CryptoKitties, as intended.
  • 0.008 breeding fee, as intended.
  • 0.0005 is refunded to the KittyCore contract instead of to Bruce. This is unintended.

Spilt milk and smart contracts

We are dealing with our Unexpected Kitty Fleas in three ways:

  • Anyone who overpaid by more than 0.01 ETH has already had their overpayment refunded.
  • Players who overpaid by less than 0.01 ETH total have an average overpayment of about US$0.05. This is less than the gas fees associated with processing a refund; however, we will refund anyone who requests it.
  • IN ADDITION, we have donated the entirety of the total overpayment to Kitties for a Cause (who is donating their proceeds to the Seattle Children’s Hospital).

What should I do if I’m affected?

Anyone who overpaid more than 0.01 ETH has been automatically refunded.

Anyone who overpaid less than 0.01 ETH (an average refund of US$0.05) will be refunded upon request.

Why don’t you just fix the issue?

We could fix Unexpected Kitty Fleas by making a change to a single line of solidity code. However, if we push the fix through, all Siring Auctions would need to be cancelled and reposted (that’s over 40,000 auctions), and our users wouldn’t be able to sire their cats for 12+ hours.

Simply put: it makes more sense for us to issue refunds at a loss AND donate the entirety of the overpayment to charity than it does to fix such a minor issue (and disrupt a key part of the game for nearly a full day).

How did you find out about the issue?

A player named freakitty (i.e. Eddie Lee, a security analyst with over 1,600 cats) noticed the bug and informed our team. He was awarded a Gen 0 for his trouble. Eddie may also write a technical post explaining the issue — if so, you can expect us to let you know about it when it goes live.

On a side note, Eddie is known in the community for creating a tool for CryptoKitties top breeders. As with all unofficial tools — even those from the coolest of cats in the community—cat-veat emptor (i.e. use at your own risk)!

So what’s the plan from here?

We will (and will continue to) automatically refund any users who overpay by more than 0.01 ETH as a result of Unexpected Kitty Fleas. This includes any future player who passes the 0.01 ETH threshold with their account within a calendar month.

Moving forward, players who overpay less than 0.01 ETH can submit a refund request within 30 days of their overpayment. We will not donate their money to charity until this window has closed (more details below).

We will donate any overpayments, minus refunds, after the refund claim window closes for a month. We will not send January overpayments until 30 days after the end of January. Once the refund claim window closes, we send refunds and then send the remainder from January to charity.

Bugs
Blockchain
Smart Contracts

--

--

CryptoKitties
CryptoKitties

Published in CryptoKitties

1.1K Followers

Collect and breed digital cats with CryptoKitties, the world's most successful blockchain game: https://www.cryptokitties.co/

CryptoKitties
CryptoKitties

Written by CryptoKitties

2K Followers

Collect and breed digital cats with CryptoKitties, the world’s most successful blockchain game — built on the Ethereum network.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams