Open JoshieGemFinder opened 1 month ago
So I see 2 issues here:
In this case, I feel like I should also note that Thaumcraft does re-calculate the complexity of a focus server-side (see TileFocalManipulator::startCraft
and TileFocalManipulator::generateFocus
), the issue is that it'll still proceed with the craft even if the complexity limit is exceeded.
This means that someone would still be limited by the amount of vis per cast and the amount of time it'll take for the focal manipulator to finish (they'd still be able reach unreasonable amounts of damage within those limitations, just maybe not as absurd as billions on the default 1.75x)
Unsure how to set this out because of the uniqueness of the situation.
This bug (assuming that this is in fact a bug) doesn't have an impact on gameplay on the default config with normal constraints on the player. However, if the config is changed or the player modifies the base Thaumcraft mod, it can become a major issue on servers.
Summary The multiplier for the Elemental Augment is applied for each instance of an effect. That is, if you had five fire focus effects on a foci, the multiplier you'd get would be
elementalModifierPositiveFactor^5
. By default this multiplier is only1.75
and isn't a massive problem. At maximum you can get ~50 damage out of this with just the elemental augment (which is a lot, don't get me wrong, but you've also got no complexity wiggle room and are likely stuck with the touch medium).Where does this become a problem? The issue only arises if the positive factor is increased in the config (for example, if it were increased to 5, you'd be doing thousands of damage with the same foci) or if the player modifies Thaumcraft 6.
If a bad actor were to modify their client Thaumcraft installation, then they are able to completely bypass the complexity restrictions on foci, even on servers (as server-side Thaumcraft does no sanity checks on the contents of a foci).
This means bad actors can create foci with any medium they want with as many effects as they want, allowing them to scale up to millions or billions of damage.
This poses a serious risk to servers using Thaumic Augmentation, as a single player could gain the ability to instantly kill any other player on the server, with no reasonable way for victims to fight back.