Description

ClientMotionPacket does not verify whether or not the player sending it was inside the bounding box of a contraption recently, meaning they could send specific motion data to the server that allows them to bypass player movement checks (i.e. moved wrongly, moved too fast)

Game Log

N/A

Debug Information

No response

Proposed Solution: Track whether a player has been inside the bounding box of any contraption within the previous ~80 ticks (can be made higher to account for ping, but if you're above 4000ms you're expecting issues anyway). If they haven't been inside a contraption bounding box during that time, client motion packets are discarded.

I propose tracking this with an integer attached to each player that:

• Decrements each tick it's above 0
• Is set to 80 every tick (or 10 ticks/is below 70) the player is inside a contraption's AABB
• If this number is above zero, then they count as having been inside a contraption box.

This won't fix everything (people can make a big contraption encompassing their whole base), but it will prevent people abusing this to speed around the world unimpeded or something.