MantisBT - Zandronum
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000490Zandronum[All Projects] Bugpublic2011-06-09 19:192018-09-30 22:49
ReporterDusk 
Assigned ToTorr Samaho 
PriorityhighSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0000490: Spamming "summon bfgball" intensively can be exploited to lag the server
DescriptionOn behalf of Decay:

If someone makes a bind that spams a "summon bfgball", they emulate lag and purposefully lag online in games, making them harder to hit and impossible to predict. The console gets flooded by "sv_cheats must be true to enable this command". Here is a demo where I asked Mobius to demostrate it.

Demo_skiptonextmap should be used once upon starting the demo.

The bind would be Bind (anything) "summon bfgball; summon bfgball; summon bfgball; summon bfgball; (etc)"
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Fileszip bugdemo.zip (706,290) 2011-06-09 19:19
/tracker/file_download.php?file_id=365&type=bug
Issue History
Date ModifiedUsernameFieldChange
2011-06-09 19:19DuskNew Issue
2011-06-09 19:19DuskFile Added: bugdemo.zip
2011-06-13 11:24Torr SamahoNote Added: 0001785
2011-06-13 11:24Torr SamahoStatusnew => feedback
2011-06-13 18:58RazgrizNote Added: 0001794
2011-06-13 21:35Torr SamahoNote Added: 0001795
2011-06-13 23:38DecayNote Added: 0001796
2011-06-14 06:50Torr SamahoNote Added: 0001798
2011-06-14 07:29Torr SamahoAssigned To => Torr Samaho
2011-06-14 07:29Torr SamahoStatusfeedback => assigned
2011-06-14 07:29Torr SamahoStatusassigned => feedback
2011-06-14 20:39Torr SamahoNote Added: 0001800
2011-06-14 21:55MobiusNote Added: 0001801
2011-06-14 21:57MobiusNote Edited: 0001801bug_revision_view_page.php?bugnote_id=1801#r922
2011-06-14 21:59MobiusNote View State: 0001801: private
2011-06-14 22:04MobiusNote View State: 0001801: public
2011-06-15 02:31unknownnaAssigned ToTorr Samaho =>
2011-06-15 02:31unknownnaStatusfeedback => confirmed
2011-06-15 03:07unknownnaAssigned To => Torr Samaho
2011-06-15 03:07unknownnaStatusconfirmed => assigned
2011-06-22 18:50XenaeroNote Added: 0001809
2011-06-22 18:52XenaeroNote Edited: 0001809bug_revision_view_page.php?bugnote_id=1809#r924
2012-01-07 01:42vegetaNote Added: 0002336
2012-01-16 13:18DuskNote Added: 0002461
2012-01-16 13:19DuskNote Edited: 0002461bug_revision_view_page.php?bugnote_id=2461#r1243
2012-01-16 13:44Torr SamahoNote Added: 0002462
2012-01-16 13:45Torr SamahoStatusassigned => feedback
2012-01-16 19:18vegetaNote Added: 0002468
2012-01-16 19:32Torr SamahoNote Added: 0002469
2012-01-28 19:59QentNote Added: 0002543
2012-01-28 19:59QentNote Edited: 0002543bug_revision_view_page.php?bugnote_id=2543#r1271
2012-02-09 03:28Torr SamahoNote Added: 0002581
2012-02-09 03:29Torr SamahoStatusfeedback => resolved
2012-02-09 03:29Torr SamahoResolutionopen => fixed
2012-06-09 13:22Torr SamahoCategoryGeneral => Bug
2018-09-30 22:49Blzut3Statusresolved => closed

Notes
(0001785)
Torr Samaho   
2011-06-13 11:24   
I don't see how making yourself lag gives you an advantage. And even if it did, there are numerous unfixable ways how you can make yourself lag.
(0001794)
Razgriz   
2011-06-13 18:58   
The advantage is directly in the description; "they emulate lag and purposefully lag online in games, making them harder to hit and impossible to predict." This is fairly easy to abuse, and it would be dumb to keep it around considering if you get a bunch of people to do this, it makes playing unreasonable. Yeah you can hide behind the reason that there's many ways to make yourself lag and give players an advantage but why keep them around when you can fix it?
(0001795)
Torr Samaho   
2011-06-13 21:35   
> "they emulate lag and purposefully lag online in games, making them harder to hit and impossible to predict."

While you lag you almost completely lose control over your own movement, don't you? So I still don't see how this really is an advantage.

> when you can fix it?

Did you notice that I said "there are numerous unfixable ways"? Unfixable because they are outside of Skulltag. I could happily give you an example for this, but if you are right and people abuse lagging to get an advantage, I guess you really don't want me to mention give such examples in public.

So, how do you propose this to be resolved?
(0001796)
Decay   
2011-06-13 23:38   
The issue is pretty much for any cheat you can do this. The only possible fix I can offer is somehow allowing a server to recognize the console getting flooded by the command, and subsequently kicking the user, similar to user info change flooding. Either that or something like the chat mute, where if any cheat is activated x amount of times within a time span of x it halts the action.

>While you lag you almost completely lose control over your own movement, don't you? So I still don't see how this really is an advantage.

No, you still have perfect control of your movement, which is what makes it something awful.
(0001798)
Torr Samaho   
2011-06-14 06:50   
> No, you still have perfect control of your movement, which is what makes it something awful.

Ok, this sounds awful. I assumed that the flooding also causes you to lag locally. Please post the exact details including the full bind definitions necessary to reproduce this. If you mark the note as private, only the devs will be able to see it.
(0001800)
Torr Samaho   
2011-06-14 20:39   
Independently of what I may find out when investigating the causes: Exploiting bugs to get an advantage is a banable offense. People who are caught using this should be warned and temporarily banned if they don't stop abusing this.
(0001801)
Mobius   
2011-06-14 21:55   
(edited on: 2011-06-14 21:57)
>No, you still have perfect control of your movement, which is what makes it something awful.

Not necessarily true. You have limited control because your side of the pov is reading like an actual packet loss error. So you'll be stationary for a brief period before you are moving about through the lag, so it would be teleporting on your own end as well. You can still move about just most of the ground covered is guess work, and this is provided you aren't intercepted by the enemy player because your hitbox is still readily vulnerable as before.

There are instances if I don't tap my bind enough that I might not have moved much at all or end up in places I didn't fully predict. It's still a terribly exploitable bug though, and can be used effectively with some mastery to it (as seen in the demo).
(0001809)
Xenaero   
2011-06-22 18:50   
(edited on: 2011-06-22 18:52)
I would like to point out that losing control over your movement is certainly not an issue in the most common case of this occuring: Capture the Flag.

If this is true and you have a loss of control over your movement it is rendered moot as there have been instances of offensive players (flag runners) using it.

Typically, you don't need a great deal of control to run in a straight line, but the exploit of this allows them in some cases to 'warp' from one place in this line to another, making them not only significantly harder to impossible to hit but in some cases even faster than if they were normally running. Not even to mention seeing as this is actually controllable, they just stop lagging if they need to move in a way the lag wouldn't let them, then resume.

This incurred lag doesn't seem to come with a disadvantage as when their player 'pauses' it's so brief that there's no real way a human could react to the erratic position and perceptive speed changes, which is what makes it so effective and prevalent.
(0002336)
vegeta   
2012-01-07 01:42   
This only cause lag if cheats are disabled. If cheats are enabled it's actually a pretty cool shot and cause no lag to anyone.
(0002461)
Dusk   
2012-01-16 13:18   
(edited on: 2012-01-16 13:19)
I'd guess the best way would be to disable the sv_cheats error message and simply go no-op when summon or other cheats are attempted to be used online. Obviously when sv_cheats is true the situation is different.
(0002462)
Torr Samaho   
2012-01-16 13:44   
I still think that it's pointless to make a band-aid for this, since there are enough ways to generate lag that are completely outside of Skulltag's control. But since a band-aid for the message is pretty easy, I did it nevertheless. Please test if this prevents the lagging.
(0002468)
vegeta   
2012-01-16 19:18   
Not sure if it's going to be removed even for cheat servers, but if so, can it be kept for single player? I love to fool around with this (except I use summon rocket instead).
(0002469)
Torr Samaho   
2012-01-16 19:32   
I only prevented Skulltag from printing the "sv_cheats must be true to enable this command." message too often. So you can still use the summon command exactly as before.
(0002543)
Qent   
2012-01-28 19:59   
We had a little trouble reproducing this. The main visible effect was an enormous FPS drop on the cheater's side. The skipping was noticeable to other clients, but it did not appear reliably.

The exact commands used were
alias sttest "summon bfgball;summon bfgball;summon bfgball;summon bfgball;summon bfgball;summon bfgball;summon bfgball;summon bfgball;summon bfgball;summon bfgball;summon bfgball;summon bfgball;summon bfgball;summon bfgball;summon bfgball;summon bfgball"

alias +sttestspam "alias sttestspam \"sttest;wait;%0\";sttestspam"

alias -sttestspam "alias sttestspam \"\""

bind e +sttestspam


In the test build, there was no FPS drop or noticeable skipping.
(0002581)
Torr Samaho   
2012-02-09 03:28   
Thanks for checking!