Closed W0rty closed 1 year ago
There is a race condition when users, playing in team buy an hint.
If two users from the same team buy an hint at the same time, the point removed will be double.
Here is a python script that reproduce the issue :
import requests from multiprocessing import Process def send_req(req_sess): print(req_sess.post("http://localhost:3001/api/user/buyHint",json={"challengeId":"645817f3589006900bacc956","hintId":"9649"}).json()) def connect(username,password,req_sess): req_sess.post("http://localhost:3001/api/login",json={"username":username,"password":password}) s1 = requests.Session() s2 = requests.Session() s3 = requests.Session() s4 = requests.Session() connect("aaaa","aaaaaaaa",s1) connect("bbbb","bbbbbbbb",s2) connect("cccc","cccccccc",s3) connect("dddd","dddddddd",s4) pool = [] thread = Process(target=send_req,args=(s1,)) pool.append(thread) thread = Process(target=send_req,args=(s2,)) pool.append(thread) thread = Process(target=send_req,args=(s3,)) pool.append(thread) thread = Process(target=send_req,args=(s4,)) pool.append(thread) for p in pool: p.start()
Maybe add (like for the flags) an array that contains the id of the team that he's buying a hint might be a great idea.
fixed
RaxoCoding
commented
1 year ago RaxoCoding
commented
1 year ago
There is a race condition when users, playing in team buy an hint.
If two users from the same team buy an hint at the same time, the point removed will be double.
Here is a python script that reproduce the issue :
Maybe add (like for the flags) an array that contains the id of the team that he's buying a hint might be a great idea.