TOSIOS icon indicating copy to clipboard operation
TOSIOS copied to clipboard

Published 20 hours ago verified publisher icon halftheopposite

Movement speed client hacking

Open gnibeda opened this issue 2 years ago • 1 comments

Due to how movement implemented on client and server, there is possibility to hack movement speed by sending additional messages to the server. You can change client code adding loop to increase movement speed 20x times:

        // Send the action to the server
        for (let i = 0; i < 20; i++) {
          this.onActionSend(action);

          // Save the action for reconciliation        
          this.moveActions.push(action);
        }

Code can be simply moddified in chrome browser during runtime in devtools.

gnibeda avatar Mar 25 '22 19:03 gnibeda

Hi @gnibeda, thanks for pointing this out!

This is indeed a problem with the current architecture. A way to solve it would be to force a maximum number of movement actions per second or a minimum delay between actions and drop out the others. Since we are doing client-side prediction, we would also need to make sure they are dropped/ignored on the client as well.

I'll keep this issue open as a next to do.

halftheopposite avatar Apr 02 '22 16:04 halftheopposite