• PenguinTD
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I think they have but the exploit probably also generated a new uuid. (I have no idea how they implemented but I believe they can track down all the items. )

    • tal@lemmy.today
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      edit-2
      1 year ago

      I mean, it sounds like this involved trading.

      There should be two types of interactions involving an item.

      First, when the item is initially-created, like at drop time, maybe loot boxes, that sort of thing. That should create a UUID, if the game uses them.

      Second, when an existing item is transferred. But the transfer code shouldn’t involve creating new UUIDs. And the trading code should only be doing item transfers.

      And any code transferring an item should be happening only on the server side, and should be atomic.

      I could maybe understand someone figuring out some way to get an item to be generated twice, like at drop time.

      But duping items when trading means that either probably code authoritative as to world state that shouldn’t be on the client is running on the client, or code that should be atomic isn’t. And for the latter case, I wouldn’t expect the item transfer code to be able to generate new item UUIDs, because it should be running transfer code, not item generation code.