Jump to content

Gaming COIL


Recommended Posts

If you were to attack COIL with the intention of extracting as much XRP from them as possible, what would you do?

The obvious attack is "pay your own site".  That's not creative (and it's not very profitable, either - cue some hacker VC going "doesn't scale!  next!")...

Another attempt - which actually led to something cool - was installing multiple instances of donate.js on the same web page.  Turns out, they were either ready for that one or it just so happened that dynamics led to the stream being split, roughly in half, between the two pymt pointers in the 2 instances of donate.js - which opened up the "huh, this could be used for revenue sharing / revenue splitting" - maybe to charity? - ideas...

But... any other approaches come to mind?  Donate.js is open source.. There are some things in there that one can ... manipulate..  The browser extensions, don't think can get at those without debugging (and maybe not even then)...

Just FYI - my intentions are good - I'm just trying to entertain myself and play tiger team and see what happens.  In general, I think Coil is pretty secure, right now, since they've got the activation codes necessary for sign-ups and then CC's (another bottleneck) required, even after the activation code to get into the beta - but... since Coil adoption is growing - and since people are starting to get a little hacky with it - I'm curious to see if we can come up with any exploits.

Anyone want to play?

Link to comment
Share on other sites

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

  • Create New...