For example account: "haigame4744"
Submit sm_find_match and get battle_queue_id: sl_9dc7d70313fe57fcbdecb2b59d408df8
Send battle_queue_id: "sl_9dc7d70313fe57fcbdecb2b59d408df8" to the database
https://api2.splinterlands.com/battle/status?id=
From 1 of the 2 links above, get value
opponent: "sl_c95d69e6389a586d8483c2588fc10170"
- Send "opponent" into the database and compare if 2 accounts have "battle_queue_id" = "opponent".
From there, they will identify 2 accounts in the same bot farm or bot app that are matching in the battle. They will calculate which account wins will be more profitable and do trading-win
Example: "anpht" is a bot farm do trading-win
Check hiveblocks these accs from (Picture Screenshot 1) "haigame4744","haigame2520","gamecoin5702","gamecoin2005","haigame4904",...
They send sm_token_transfer to "anpht" (Picture Screenshot 2)
Solution: Delete or hide "opponent" like "opponent_player": "???", it will not be possible to identify the 2 accounts in the battle with the same bot farm or bot app
Will I get a reward for finding this vulnerability?
Thank you