Author Topic: Another Turret Factory exploit - build turrets with 0 ingredients (with FIX)  (Read 681 times)

Rinart73

  • Sr. Member
  • ****
  • Status:
    Offline
    Posts:
    323
  • Discord: Rinart73#7304
    • View Profile
Update: Version 0.23 - bug is still there

Version: 0.17.1 (maybe even older) - 0.18.3

Turret Factory script doesn't check ingredient amount that was passed by the client. This allows to build turrets with any ingredient amount (0 = you will only pay credits, 1000 = super-powerful turret).

How to reproduce
  • "data\scripts\entity\merchants\turretfactory.lua" - Lines 69 to 238  change amount to 0 on client-side
  • Try to build a turret

How to fix
"data\scripts\entity\merchants\turretfactory.lua" - Line 859:
Code: [Select]
-- Replace this: ingredient.amount = other.amount
-- With this:
ingredient.amount = math.min(ingredient.amount + ingredient.investable, math.max(ingredient.minimum, other.amount))
« Last Edit: May 29, 2019, 06:55:18 AM by Rinart73 »



Hammelpilaw

  • Hero Member
  • *****
  • Status:
    Offline
    Posts:
    543
    • View Profile
    • Scrap Yard - Avofactory
Thanks for that. Also it is still possible to build exotic and legendary turrets by exploit.

To reproduce add this to line 404:

Code: [Select]
rarityCombo:addEntry("Exotic"%_t)
rarityCombo:addEntry("Legendary"%_t)

The server will just use rarity from client witout checking if that rarity is buildable. Fix is easy:

Line 842:
Code: [Select]
if rarity.value > RarityType.Exceptional then
    return
end

Ok you could just reset a too high rarity to Exceptional, but that would falsify possible client ingredients, so I skipped exploiters here.
Scrap Yard Galaxy
My mods and tools
My Workshop

If you find a bug in my mods please contact me.



Rinart73

  • Sr. Member
  • ****
  • Status:
    Offline
    Posts:
    323
  • Discord: Rinart73#7304
    • View Profile
Version 0.21.4 - Bug is still there - server function doesn't check ingredients amount received from client.