Possible spam + lag spike issue allowing extra skill points to be spent
CleverNucleus opened this issue ยท 1 comments
Origin
Posted from CurseForge.
Description
Apparently if you spam spend skill points and the server has a lag spike you can spend more points than you have.
Likely Cause
Logic that determines if a skill points can be spent is based on client-side value. Client-side value is synced from server when the value changes:
- Client-side value dictates that skill points can be spent.
- Packets are sent from the client to the server requesting skill points to be spent.
- Server checks that player has requirements to spend skill points.
- Server sends client response packet updating value if it changed.
- If server lags, there is an interval where the client has not received update packets and can continue sending server packets requesting skill points spend.
- This has already been thought of during development; therefore, this must be a failure in idempotency implementation.
Status
- Unverified.
- Difficult to test.
- Very likely.
Actionable
Reimplement idempotency logic with more safeguards, hopefully fixes issue.