TileKill permission check is Easily Bypassed

Pryaxis / TShock

☕️⚡️TShock provides Terraria servers with server-side characters, anti-cheat, and community management tools.

GNU General Public License v3.0

2.43k stars 382 forks source link

TileKill permission check is Easily Bypassed #1590

Closed Ristellise closed 6 years ago

Ristellise commented 6 years ago

TShock version: TShock v4.3.25 for Terraria 1.3.5.3
TShock build number (if known): N/A

Reproduction steps (if applicable)?

Install TerrariaPatcher
Patch Terraria
Enter into tshock server with axe and pick in hand
Level the terrain in a few hours.

Any stack traces or error messages (if known)?

Video (Thanks to hakusaro for uploading.)

Trees? What Trees?

hakusaro commented 6 years ago

This absolutely needs to be fixed as soon as possible.

Ristellise commented 6 years ago

If you continue to break blocks quickly for too long, you will eventually get disabled by server. However, the server takes too long to realise your breaking blocks far too quickly.

Source for the TerrariaPatcher Plugin

hakusaro commented 6 years ago

After discussion with @ivanbiljan, this is going to be left to a plugin to implement a fix for or mitigation against. My current suggestion is to set tile kill thresholds on a per axe/per weapon basis, and combine that with range checks to mitigate these types of tile kills. A tile kill threshold per set of tools or a tile kill threshold that's more tailored to how a user interacts with the game is a better way to go than relying on TShock to continually keep its thresholds up to date.