#4459 closed defect (fixed)

Infinite resources exploit through batch train size NaN batman

Reported by: elexis Owned by:
Priority: Release Blocker Milestone: Alpha 22
Component: UI & Simulation Keywords:
Cc: Patch:

Description (last modified by elexis)

As reported by user1, when typing a non-natural number in the batch size option, first the resources in the top panel are displayed as "NaN" and one can train all units, even if the required resources were not gathered or traded, being able to take advantage from this bug in mutliplayer games.

See also #4448 and https://wildfiregames.com/forum/index.php?/topic/21559-unlimited-resources-and-batch-anomaly/&_fromLogin=1

The simulation must prevent that players can send commands breaking the simulation, even if we fixed the GUI as in the other ticket.

Attachments (1)

instant_reveal_cheaters_alpha21.patch (424 bytes) - added by elexis 17 months ago.
Display an error message in alpha 21 if a player uses this exploit.

Download all attachments as: .zip

Change History (9)

comment:1 Changed 17 months ago by elexis

Patch at D66

Last edited 17 months ago by elexis (previous) (diff)

Changed 17 months ago by elexis

Display an error message in alpha 21 if a player uses this exploit.

comment:2 Changed 17 months ago by fatherbushido

Thanks for that anti-trainer.

comment:3 Changed 13 months ago by elexis

Description: modified (diff)

comment:4 Changed 12 months ago by elexis

In 19826:

Prevent players from gaining unlimited resources by setting the batch-train-modifier to a non numeric value.

Differential Revision: https://code.wildfiregames.com/D66
Refs #4459
Reviewed By: fatherbushido (wraitii, leper)

comment:5 Changed 12 months ago by elexis

In r19831 by fatherbushido:

Limit the bartered amount in the simulation. Advices from mimo. Reviewed by elexis. Refs #4655. Differential Revision: ​https://code.wildfiregames.com/D381

comment:6 Changed 12 months ago by elexis

Phab:D677 for the last one afaics.

comment:7 Changed 12 months ago by elexis

In 19836:

Prevent a tribute exploit (gaining infinite resources by sending a tribute of NaN resources to a player).

Differential Revision: https://code.wildfiregames.com/D677
Refs #4459

comment:8 Changed 12 months ago by elexis

Resolution: fixed
Status: newclosed

All simulation commands should be safe now:

In r19155:

Remove the "quit" simulation command and restrict the "set-shading-color" simulation command to AIs, since they are only useful for AI debugging and counterproductive in multiplayer mode, refs #3551.

Instead, enable AI developers to exit the game from a new AI API command, allowing to batch simulate matches. Refs #2755.

Differential Revision: D65 Reviewed By: leper Consulted: mimo


In r19558:

Prohibit cheats if cheats are disabled, i.e. developer cheats to control enemy units, revealing the map and promoting units too.

Open the developer overlay only if cheats are enabled (which is always the case in singleplayer mode and only the case in multiplayer mode if explicitly enabled). (This doesn't make it harder for developers to "debug", since they previously had to remember to disable the rated game setting too. Also every bug had to be reproduced with the replay either way)

Reverts rP17288 which reverted rP17282 (since as of rP19557, the autostart gamesetup enables cheats too).

Differential Revision: ​https://code.wildfiregames.com/D455 Fixes #3551 Reviewed By: echotangoecho Agreed with Itms and Imarok in the last staff meeting.

Note: See TracTickets for help on using tickets.