Inside Track Entropy Derby Timelock Encryption Bypass Vulnerability

A vulnerability in the Inside Track / Entropy Derby horse-racing betting engine allows bettors to bypass the intended delays of a VDF-based timelock encryption system. This issue is present in the 'TimeLockEncryptor' component, specifically in the 'src/timelock_encryption.cpp' file, within the 'f8de0ce' commit. Before the vulnerability was patched, bettors could pre-compute their VDF outputs and include them in their encrypted bet tickets, enabling the betting operator to decrypt the tickets immediately using fast proof verification, rather than the intended time-consuming VDF evaluation. This flaw undermines the fairness of the betting process, as it allows the house to gain early insight into bet details and manipulate race outcomes.

Impact

Exploitation of this vulnerability allows a betting operator to instantly decrypt and access the contents of encrypted bet tickets, including details such as horse selections and stake amounts. This premature access enables the operator to place counter-bets, manipulate payout odds, and selectively participate in races based on early betting patterns, thereby completely undermining the game's fairness.

Reproduction

To reproduce this vulnerability, first, encrypt a bet using the 'TimeLockEncryptor' which will automatically evaluate the VDF and include the output in the ciphertext. Then, without waiting for the betting window to close, replay the encrypted ticket to the 'decrypt' function of the 'TimeLockEncryptor'. This process will bypass the intended VDF evaluation delay, allowing for immediate decryption and access to the bet details.

Remediation

The vulnerability has been temporarily patched by removing the VDF output and proof from the 'TimeLockedCiphertext' struct and modifying the 'decrypt' function to perform a full VDF evaluation, reinstating the sequential delay. However, this fix is inefficient as it requires both the bettor and the house to compute the same VDF puzzle redundantly. A recommended long-term solution is to implement a race-level timelock architecture that uses a global VDF puzzle to manage encryption and decryption, thereby maintaining security without redundant computations.