Major exploits found in Dookey Dash


  • Some exploits have been found in the much hyped Dookey Dash.
  • The exploits were favorable for gamers as well as hackers.
  • Yuga Labs need to be more attentive towards matters such as mouse movement manipulations.

Today NFT News previously reported how Bored Ape Yacht Club was resolving domain Dookey Dash issues. But now as the play-to-earn game has reached its end, are the issues fixed completely? 

Well, certain exploits are found and deserve a discussion to find out what needs to be enhanced. 

To begin with, some easy exploits could have favored players with some benefits. These exploits included changing in-game chunks’ appearances. With the addition of just 5 lines to the code, making the player invisible was a possibility. 

Digging in further, the obstacles could have been made transparent to enable players to find out what lies on the other side, something extremely helpful when it comes to wood as well as propeller hurdles. 

Moving on, removing fog from the game was a possibility as well. This was helpful to see what hurdles were in the line to bother soon. Last but not the least, trash could have been made invisible to curb interruptions. 

Was it possible for Yuga Labs to identify such ‘easy-mode’ tweaks? Understanding the anti-cheating system is the way to find the answer to this. Yuga Labs records the mouse movements of a user and then sends it back to their servers.

This particular data together with a random seed and time elapsed enables Yuga Labs to replay runs and ensure that the shared score matches the replayed score. If the user crashes sooner or there’s a mismatch, the below given screen appears. 

This is how users can be prevented from controlling the rate at which hurdles or collectibles appear though two forms of exploits are still possible. These are appearance tweaks and mouse movement manipulation.

Overall, manipulation of mouse movements is definitely a possible loophole. It could be said that Yuga checked mouse movements just to confirm runs. A team of hackers would have put together a great bot and exploited the game within a few days only. 

Obfuscating the client files prior to the launch is a move towards improvements. Though it was done a few days back but it was too late by that time. If it was done on time, a day or two would have been added to the reverse engineering process.

Letting the backend govern the randomness of hurdles or collectible spawns is another suggestion.