search

ThalesGroup / kessler-game

Kessler is a simulation environment loosely modeled after our internal project PsiBee and the external project Fuzzy Asteroids. The game has ships that shoot bullets at asteroids to gain score. Ships can collide with asteroids and other ships and lose lives.
https://github.com/ThalesGroup/kessler-game
Apache License 2.0
8 stars 5 forks source link

Gamestate Dictionary Tampering #63

Closed Jie-F closed 2 months ago

Jie-F commented 3 months ago

This is a mostly theoretical issue, but one that I really did run into accidentally and was confused about.

In the game loop, each frame the game puts together a game_state dictionary and passes it to team1's controller, and then team2's controller. This passes a reference to the dictionary and not a copy, so team1's controller can inadvertently or even maliciously modify the gamestate, such that team2 gets a tampered version of the game state.

Even an accidental change can cause major issues for team2. But malicious changes could involve malforming the dictionary such that team2 runs into exceptions when trying to access gamestate elements, deleting asteroids from the list of asteroids, putting asteroids where there are none.

To fix this, we can create the gamestate dict twice, and pass each copy to a different team. Alternatively we can create the dictionary once and deepcopy it, but it's probably faster to just create the dictionary twice.

Perhaps this isn't a critical issue to fix, and might not even be worth fixing due to the slight performance penalty. But it's worth documenting and mentioning this anyway in case it ever comes up.

TimArnettThales commented 3 months ago

Great catch, will investigate for how to handle in the future. May be fixed at the same time as handling other agent/game interface changes for things like async, etc.