search

TheCodex6824 / ThaumicAugmentation

A Thaumcraft addon for Minecraft 1.12 that tries to add new content that would fit in with the base mod.
https://minecraft.curseforge.com/projects/thaumic-augmentation
GNU Lesser General Public License v3.0
41 stars 30 forks source link

Exponential damage scaling with elemental augments #377

Open JoshieGemFinder opened 1 month ago

JoshieGemFinder commented 1 month ago

Unsure how to set this out because of the uniqueness of the situation.
This bug (assuming that this is in fact a bug) doesn't have an impact on gameplay on the default config with normal constraints on the player. However, if the config is changed or the player modifies the base Thaumcraft mod, it can become a major issue on servers.

Summary The multiplier for the Elemental Augment is applied for each instance of an effect. That is, if you had five fire focus effects on a foci, the multiplier you'd get would be elementalModifierPositiveFactor^5. By default this multiplier is only 1.75 and isn't a massive problem. At maximum you can get ~50 damage out of this with just the elemental augment (which is a lot, don't get me wrong, but you've also got no complexity wiggle room and are likely stuck with the touch medium).

Where does this become a problem? The issue only arises if the positive factor is increased in the config (for example, if it were increased to 5, you'd be doing thousands of damage with the same foci) or if the player modifies Thaumcraft 6.
If a bad actor were to modify their client Thaumcraft installation, then they are able to completely bypass the complexity restrictions on foci, even on servers (as server-side Thaumcraft does no sanity checks on the contents of a foci).
This means bad actors can create foci with any medium they want with as many effects as they want, allowing them to scale up to millions or billions of damage.
This poses a serious risk to servers using Thaumic Augmentation, as a single player could gain the ability to instantly kill any other player on the server, with no reasonable way for victims to fight back.

TheCodex6824 commented 1 month ago

So I see 2 issues here:

  1. Incorrect scaling of the elemental modifier - I see the problem here. Looks like it was like that since the beginning - I think the intention was to scale each of the effects, but that's not how the power works, so it ended up being exponential.
  2. Thaumcraft not validating foci - I'm going to be fixing this ASAP in a fix mod I'm working on. I originally wanted to let it stabilize a bit longer instead of just tossing it out there, but this is pretty bad.
JoshieGemFinder commented 1 month ago

In this case, I feel like I should also note that Thaumcraft does re-calculate the complexity of a focus server-side (see TileFocalManipulator::startCraft and TileFocalManipulator::generateFocus), the issue is that it'll still proceed with the craft even if the complexity limit is exceeded.

This means that someone would still be limited by the amount of vis per cast and the amount of time it'll take for the focal manipulator to finish (they'd still be able reach unreasonable amounts of damage within those limitations, just maybe not as absurd as billions on the default 1.75x)