Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unchecked ClientMotionPacket #7219

Open
JoshieGemFinder opened this issue Dec 16, 2024 · 1 comment
Open

Unchecked ClientMotionPacket #7219

JoshieGemFinder opened this issue Dec 16, 2024 · 1 comment
Labels
type: bug Issue where something isn't working

Comments

@JoshieGemFinder
Copy link

Description

ClientMotionPacket does not verify whether or not the player sending it was inside the bounding box of a contraption recently, meaning they could send specific motion data to the server that allows them to bypass player movement checks (i.e. moved wrongly, moved too fast)

Game Log

N/A

Debug Information

No response

@JoshieGemFinder JoshieGemFinder added the type: bug Issue where something isn't working label Dec 16, 2024
@JoshieGemFinder
Copy link
Author

Proposed Solution: Track whether a player has been inside the bounding box of any contraption within the previous ~80 ticks (can be made higher to account for ping, but if you're above 4000ms you're expecting issues anyway). If they haven't been inside a contraption bounding box during that time, client motion packets are discarded.

I propose tracking this with an integer attached to each player that:

  • Decrements each tick it's above 0
  • Is set to 80 every tick (or 10 ticks/is below 70) the player is inside a contraption's AABB
  • If this number is above zero, then they count as having been inside a contraption box.

This won't fix everything (people can make a big contraption encompassing their whole base), but it will prevent people abusing this to speed around the world unimpeded or something.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type: bug Issue where something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant