10000000000000.000 for one pixel bought via market



  • I've seen a strange bug happened. Somehow one pixel has been bought for 10000000000000.000. My code is failsafe about expensive orders and I didn't have enough credits anyways. But somehow this happened.

    0_1625645296454_cb010ef5-687b-406e-92f0-d23685ba18e5-image.png

    Edit: Maybe the attacker did offer cheap pixels and then changed the price. If the timing is right, maybe it's possible to pass all validation with the cheap price and have the expensive price during execution. It's just an idea. In this case either change the id if the price changes or block all deals for one tick.

    Oh and of course please undo this order, because my code never ever dealt an order with that price.

    Edit 2: I do a Game.notify for every deal. In my mail is 9 times "BOUGHT pixel for 1000 x 1".

    ☹


  • This happened to me as well, three times with three different prices. Lost a lot of credits because of this, and I did triple check the code to see if it could have been a bug on my end: it isn't. Disabled all Game.market.deal for now until this bug is confirmed to be fixed.

    The resources should've been bought for 1 or 10 credits, that's what I got in my mail. I checked and saw three massive deductions in my credits which is technically impossible as they would have to be changed during the tick.


  • Dev Team

    We're investigating the issue. Everybody who lost their credits because of this issue, please contact the official support.

    UPD: The fix is deployed.

    UPD2: All credits stolen from all players due to this issue are recovered.

    👍


  • Good to hear it is fixed! I've sent a ticket through the official support and will wait patiently. Have a great day!

    Edit: sold a few pixels manually and got the credits back, thank you very much!



  • @xenofix I would have gotten away with it too if it wasn't for your meddling forum posts!!!

    I'm sorry for what I did and I'm glad they were able to get your credits back. I've been playing the game for a week or so and I'm surprised no one had found this issue before. Or maybe people aren't assholes trying to find exploits. Anyways, it was a fun experience and I'm glad the damage I caused was reverted. I wasn't trying to ruin the game for everyone. I've since been banned, of course.