chaos-coder icon indicating copy to clipboard operation
chaos-coder copied to clipboard

Published 20 hours ago verified publisher icon aj47

Infinite coins

Open LeoValdi64 opened this issue 8 months ago • 1 comments

I think it's how they process the information. Several requests are sent to supabase to check how many coins they have, and then when the coins are spent, a request is made to supabase to tell it how many are left. Well, if all those requests and responses are captured and the number of coins is modified, the result is that you can have infinite coins. It's actually very complicated to find this bug, and I don't think it can be fixed unless you change how requests are handled. Since technically you don't have a backend, you have to send all the data through the frontend.

This is the application where the user's credits are verified. If any changes are made, they are only reflected in the interface. Image

This is the application where the user's credits are verified. If changes are made, they are only reflected in the interface. Image

This is the dangerous request, because it tells supabase how many credits I have, and that's what I can move and everything I put in will be put into the database. Image

This is the one that confirms to me that the change was made in the database. Image

And so I permanently have the coins I want. Image

LeoValdi64 avatar Mar 13 '25 18:03 LeoValdi64

Thank you for reporting this @LeoValdi64 !

aj47 avatar Mar 13 '25 18:03 aj47