Open in app

Sign in

Write

Sign in

Stake.com Mines — hackable?

Apoorvpandey
3 min readJun 19, 2024

--

Sequence diagram of Mines@Stake.com

In 2024, you might have come across this very popular game called Mines on website Stake. Viewing some colleagues play this, my mind instantly raced to figure out how could I create such an application. This led me down the rabbit hole to discover how these games really operate.

In this article I intend to view this from a purely technical standpoint and analyze how the request-response architecture of this game works.

Setting up the ground work

There are a few points you need to be aware of,

  • User can set the betting amount, and the number of mines that they want to play with
  • Taking this information we need to create the board configuration, i.e. where to place the mines
  • We need to decide how to process the interactions between the game and user

Client side vs Server side architecture

CASE 1 — Client driven processing: Lets say we handle the board generation and interaction management on the client side. What we are essentially doing is:

  • We will create a 2D array in JS.
  • Then assign the NxN matrix with 0 and 1, 1 being mine and 0 being safe tile
  • Now as the user selects the tile, they’ll instantly know if the hit a mine or a diamond

So far so good?

Well this comes with a major security drawback, at any point of time the user/ client side browser is responsible for winning and losing of the player, and this could be easily manipulated

Getting into architecture of the actual game

The game operates on backend driven architecture removing the security issue entirely, lets discuss in detail

I will take about two states the game could be in while being played:

Selected tile is not a mine

As you see I have selected the tile with index 7, the client sends a request to server notifying that the user has tapped on the tile with index 7

The server responds with the following message, it validates if the mine at index 7 was a mine or not and asks the client to continue the game forward.

Selected tile is a mine

On my third try I was able to select a tile which was a mine, so far I have selected three tiles with index 7,16 and 18

The server asks the client to stop the session immediately and sends back the configuration of the entire board as you can see in the response below

Conclusion

Due to the server side nature of the transactions someone could not possibly fake a scenario. The board configuration is only revealed when the player hits a mine, else its stored on the backend at all times.

Please note, I don’t promote playing this game.

Thanks!

Programming
Analysis
Architecture
Backend Development

--

--

Apoorvpandey
Apoorvpandey

Written by Apoorvpandey

64 Followers
30 Following

Flutter | Python

Responses (2)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams