zEssentials icon indicating copy to clipboard operation
zEssentials copied to clipboard
verified publisher icon Maxlego08

Vault economy implementation is not designed to the Vault specification and always returns SUCCESS from transaction state

Open WiIIiam278 opened this issue 9 months ago • 0 comments

Terms

  • [x] I'm using the very latest version of zEssentials and its dependencies (zMenu and PlaceholdersAPI).
  • [x] I am sure this is a bug and it is not caused by a misconfiguration or by another plugin.
  • [x] I've looked for already existing issues on the Issue Tracker and haven't found any.
  • [x] I already searched on the plugin wiki to know if a solution is already known.
  • [x] I already searched on the discord to check if anyone already has a solution for this.
  • [x] I tested this with just zEssentials and its dependencies and with a vanilla client of the same version as the Server.
  • [x] I enabled the debug mode in config.yml and sql debug

Discord Username (optional)

william278

Server Version

1.21.4

Server Software

Paper 1.21.4-214-main@894631f (2025-03-21T17:21:46Z) for Minecraft 1.21.4

zEssentials Version

v1.0.1.9 (but also present in commit a020934)

zMenu Version

v1.0.3.8

What happened?

Your implementation of Vault's Economy API in VaultEconomy.class is not compliant with Vault's specification as it does not correctly return the TransactionState, which should return whether - as per the user's configuration - a transaction could successfully occur.

This is due to this implementing withdrawal methods always returning EconomyResponse.ResponseType.SUCCESSwith the reason "Yeah its work (i guess its async withdraw so idk maybe) !"

Your guess is wrong. This causes plugins that expect the economy plugin to properly return the correct transaction result state to assume the player's balance was successfully deducted even when it was not. For example, any plugin that lets you pay for things that doesn't perform (which it shouldn't need to do in order to support negative balances where the user has configured this in their economy plugin.

https://github.com/Maxlego08/zEssentials/blob/master/Hooks/Vault/src/main/java/fr/maxlego08/essentials/hooks/VaultEconomy.java#L136-L155

What you should be doing is first check the player's balance (has(...)) in these methods, and if the user does not have sufficient balance based on the min economy balance setting, return the EconomyResponse.ResponseType.FAILED transaction state.

Steps to reproduce the issue

Use a plugin which respectfully listens to transaction state responses when withdrawing a player's balance. Observe that it will allow players to withdraw beyond their minimum balance without updating it unless they manually implement minimum balance checks, which won't respect the zEssentials min setting

Full Server Log

N/A

Error (optional)

Other files, you can drag and drop them here to upload. (optional)

No response

Screenshots/Videos (you can drag and drop files or paste links)

No response

WiIIiam278 avatar Mar 23 '25 13:03 WiIIiam278