Rinart73 Posted September 15, 2018 Share Posted September 15, 2018 Update: Version 0.23 - bug is still there Version: 0.17.1 (maybe even older) - 0.18.3 Turret Factory script doesn't check ingredient amount that was passed by the client. This allows to build turrets with any ingredient amount (0 = you will only pay credits, 1000 = super-powerful turret). How to reproduce [*]"data\scripts\entity\merchants\turretfactory.lua" - Lines 69 to 238 change amount to 0 on client-side [*]Try to build a turret How to fix "data\scripts\entity\merchants\turretfactory.lua" - Line 859: -- Replace this: ingredient.amount = other.amount -- With this: ingredient.amount = math.min(ingredient.amount + ingredient.investable, math.max(ingredient.minimum, other.amount)) Link to comment Share on other sites More sharing options...
Hammelpilaw Posted September 16, 2018 Share Posted September 16, 2018 Thanks for that. Also it is still possible to build exotic and legendary turrets by exploit. To reproduce add this to line 404: rarityCombo:addEntry("Exotic"%_t) rarityCombo:addEntry("Legendary"%_t) The server will just use rarity from client witout checking if that rarity is buildable. Fix is easy: Line 842: if rarity.value > RarityType.Exceptional then return end Ok you could just reset a too high rarity to Exceptional, but that would falsify possible client ingredients, so I skipped exploiters here. Link to comment Share on other sites More sharing options...
Rinart73 Posted April 21, 2019 Author Share Posted April 21, 2019 Version 0.21.4 - Bug is still there - server function doesn't check ingredients amount received from client. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now