Opened 5 years ago

Closed 4 years ago

#4459 closed defect (fixed)

Infinite resources exploit through batch train size NaN batman

Reported by: elexis Owned by:
Priority: Release Blocker Milestone: Alpha 22
Component: UI & Simulation Keywords:
Cc: Patch:

Description (last modified by elexis)

As reported by user1, when typing a non-natural number in the batch size option, first the resources in the top panel are displayed as "NaN" and one can train all units, even if the required resources were not gathered or traded, being able to take advantage from this bug in mutliplayer games.

See also #4448 and

The simulation must prevent that players can send commands breaking the simulation, even if we fixed the GUI as in the other ticket.

Attachments (1)

instant_reveal_cheaters_alpha21.patch (424 bytes ) - added by elexis 5 years ago.
Display an error message in alpha 21 if a player uses this exploit.

Download all attachments as: .zip

Change History (9)

comment:1 by elexis, 5 years ago

Patch at D66

Last edited 5 years ago by elexis (previous) (diff)

by elexis, 5 years ago

Display an error message in alpha 21 if a player uses this exploit.

comment:2 by fatherbushido, 5 years ago

Thanks for that anti-trainer.

comment:3 by elexis, 4 years ago

Description: modified (diff)

comment:4 by elexis, 4 years ago

In 19826:

Prevent players from gaining unlimited resources by setting the batch-train-modifier to a non numeric value.

Differential Revision:
Refs #4459
Reviewed By: fatherbushido (wraitii, leper)

comment:5 by elexis, 4 years ago

In r19831 by fatherbushido:

Limit the bartered amount in the simulation. Advices from mimo. Reviewed by elexis. Refs #4655. Differential Revision: ​

comment:6 by elexis, 4 years ago

Phab:D677 for the last one afaics.

comment:7 by elexis, 4 years ago

In 19836:

Prevent a tribute exploit (gaining infinite resources by sending a tribute of NaN resources to a player).

Differential Revision:
Refs #4459

comment:8 by elexis, 4 years ago

Resolution: fixed
Status: newclosed

All simulation commands should be safe now:

In r19155:

Remove the "quit" simulation command and restrict the "set-shading-color" simulation command to AIs, since they are only useful for AI debugging and counterproductive in multiplayer mode, refs #3551.

Instead, enable AI developers to exit the game from a new AI API command, allowing to batch simulate matches. Refs #2755.

Differential Revision: D65 Reviewed By: leper Consulted: mimo

In r19558:

Prohibit cheats if cheats are disabled, i.e. developer cheats to control enemy units, revealing the map and promoting units too.

Open the developer overlay only if cheats are enabled (which is always the case in singleplayer mode and only the case in multiplayer mode if explicitly enabled). (This doesn't make it harder for developers to "debug", since they previously had to remember to disable the rated game setting too. Also every bug had to be reproduced with the replay either way)

Reverts rP17288 which reverted rP17282 (since as of rP19557, the autostart gamesetup enables cheats too).

Differential Revision: ​ Fixes #3551 Reviewed By: echotangoecho Agreed with Itms and Imarok in the last staff meeting.

Note: See TracTickets for help on using tickets.