this post was submitted on 23 Oct 2023
84 points (97.7% liked)

Games

16800 readers
605 users here now

Video game news oriented community. No NanoUFO is not a bot :)

Posts.

  1. News oriented content (general reviews, previews or retrospectives allowed).
  2. Broad discussion posts (preferably not only about a specific game).
  3. No humor/memes etc..
  4. No affiliate links
  5. No advertising.
  6. No clickbait, editorialized, sensational titles. State the game in question in the title. No all caps.
  7. No self promotion.
  8. No duplicate posts, newer post will be deleted unless there is more discussion in one of the posts.
  9. No politics.

Comments.

  1. No personal attacks.
  2. Obey instance rules.
  3. No low effort comments(one or two words, emoji etc..)
  4. Please use spoiler tags for spoilers.

My goal is just to have a community where people can go and see what new game news is out for the day and comment on it.

Other communities:

Beehaw.org gaming

Lemmy.ml gaming

lemmy.ca pcgaming

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] PenguinTD@lemmy.ca 3 points 1 year ago (1 children)

I think they have but the exploit probably also generated a new uuid. (I have no idea how they implemented but I believe they can track down all the items. )

[โ€“] tal@lemmy.today 3 points 1 year ago* (last edited 1 year ago)

I mean, it sounds like this involved trading.

There should be two types of interactions involving an item.

First, when the item is initially-created, like at drop time, maybe loot boxes, that sort of thing. That should create a UUID, if the game uses them.

Second, when an existing item is transferred. But the transfer code shouldn't involve creating new UUIDs. And the trading code should only be doing item transfers.

And any code transferring an item should be happening only on the server side, and should be atomic.

I could maybe understand someone figuring out some way to get an item to be generated twice, like at drop time.

But duping items when trading means that either probably code authoritative as to world state that shouldn't be on the client is running on the client, or code that should be atomic isn't. And for the latter case, I wouldn't expect the item transfer code to be able to generate new item UUIDs, because it should be running transfer code, not item generation code.