Interserver Health Transfer Exploit via NPC Command

[CtrlAiDel]

Describe the bug

Hi everyone, I wanted to give you a bit off information about a glitch that my friend found on my server.

Im gonna copy paste the informations that I sent to Paper / velocity, they then refered me to you guys.: My friend found a glitch in between worlds using velocity.

So in my pvp world, a bedrock user is eating a gapples, and talking to a NPC that send the command /server main.

The player gets teleported with all their hearts (yellow one too.) I wasn't able to confirm it, but I couldn't see the effect logo at the upper corner so maybe the effect didn't transfer, only the health.

The glitch can't be reproduced on Java.

PS: I have fixed my issue by removing gapples from PVP, it's all fine with me, just wanted to explain it to y'all!

Good night! -We

To Reproduce

-Bedrock user connected on java server with geyser floodgate velocity paper. -Bedrock user eat a gapples and quickly proceeds to the next step -Talks to an NPC with the cmd /server main so velocity transfert the player to a new server.

Observe that the player has the "yellow heart" and probably not the effect, on the second server, the one he didn't eat, and had no gapples in. It could save a player from death in a good situation without a too-long delay...

Expected behaviour

The player, when using a teleporting NPC, or using the command /server main from velocity, should not be able to carry the health boost from a gapples to another server

Screenshots / Videos

No response

Server Version and Plugins

No response

Geyser Dump

https://dump.geysermc.org/HJxKID13xC5AQXVsp27fmGgk7CDiC9Ea

Geyser Version

version 2.2.0-SNAPSHOT (git-master-35a8e15) (Java: 1.20, Bedrock: 1.19.80/1.19.81 - 1.20.10)

Minecraft: Bedrock Edition Device/Version

Probably a console, but I couldn't tell, my friend is not connected live

Additional Context

The glitch can't be reproduced on Java.

[Camotoy]

While this is still a bug on our end, it's very very very very likely only visual. We don't modify server mechanics.

[CtrlAiDel]

@Camotoy I can confirm to you that the health is really being transferred.

From what I have seen, when the player hit me ...my yellow heart is gettings lower.

I have made a test with the player killing me and, he had to hit me about 15 times with barehand, and I saw the health bar getting lower, from the yellow part first, and then the red part.

This seems like a confirmed issue, about the health problem :) I haven't tested the effects, but these don't seem to be activated.

BTW: I have reproduced it with Bedrock Windows edition

[CtrlAiDel]

BTW; this is the discord response I received from you guys:

[Camotoy]

Yeah, that would still be visual and our cache of the attributes; it doesn't modify the attributes on the server. And if it actually does modify the server, then it would be a larger error affecting Java players too, at least in some edge case or by hacked clients. I push back so hard because I know we don't directly modify health, attributes or entity metadata on the server. We just relay whatever the Java server tells us. I would also try running the /server command manually to see if removing the NPC from the equation still replicates the issue.

[CtrlAiDel]

I don't mind it .. i'll just remove the gapples. It was just to informed you.

Feel free closing it. Good evening!

[onebeastchris]

Could you test the build found under Checks in this PR? https://github.com/GeyserMC/Geyser/pull/4278 It should resolve this issue aswell.

[CtrlAiDel]

Could you test the build found under Checks in this PR? #4278 It should resolve this issue aswell.

Do i still have to test it out or its already done?

Thanks

[onebeastchris]

I've tested it on a local setup, but maybe it doesn't work in your setup - would just be good to confirm that it's fixed.

[CtrlAiDel]

Ill try that tonight thanks

On Tue, Nov 7, 2023, 10:41 AM chris @.***> wrote:

I've tested it on a local setup, but maybe it doesn't work in your setup - would just be good to confirm that it's fixed.

— Reply to this email directly, view it on GitHub https://github.com/GeyserMC/Geyser/issues/4096#issuecomment-1798935486, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJSRIETJVNAORCZFQY74ICDYDJJCTAVCNFSM6AAAAAA4GUOR4WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJYHEZTKNBYGY . You are receiving this because you authored the thread.Message ID: @.***>