Version Information

Forge version: 35.1.37
Psi version: 1.16-91

Description

I've found an exploit that allows for ludicrously powerful spells and works by getting the square root of a negative number (which obviously results in NaN) and injecting it into certain trick parameters for varied effects. The two tricks I've found to be of use are add motion and blink. Add motion results in the immobilization of all affected mobs or players until something affects their velocity other than gravity or their own attempts to move. Blink results in mobs going poof and players being stuck in a crash loop. I didn't include this crash log because it just doesn't really seem necessary, but if you need it, just let me know and I'll go load up a dummy world to crash myself in.

Further Information

Link to crash log: N/A
Steps to reproduce:

1. Create this spell https://imgur.com/9TRUs80
2. Cast it near mobs

What I expected to happen:
Either a runtime error message telling me I can't pass NaN into a trick or the constant wrapper replacing NaN with 0 automatically.

What happened instead:
The mobs get sent to the shadow realm.

What the fuck

Fixed... at least in regards with the constant wrapper, should still be possible to exploit something like this with vector construct but that's a job for future me (or Dudblockman)