cculianu
commented
5 years ago Hmm. After re-reading the way I wrote the timeout logic it appears this is not possible. I just forgot how I implemented it!
The timer is not that low-level a thing -- it actually only resets when the protocol is making progress (by monitoring the 'logger' that the Round() class writes to -- and it only ever logs when progress is made).
This is a non-issue. Closing.
The problem: 2 players conspiring can stall all the other clients forever in a pool by not advancing the shuffle to the next phase.
Why and how: The clients only enforce a 1 minute activity timeout time. Network activity resets the timer each time. So player 2 can send the same packets over and over again (they just overwrite the old ones in the client's data structures for the phase) while player 1 doesn't do anything and sits there not advancing the phase. Players 3,4, and 5 are now stuck forever in that phase and they will never time out because they keep seeing network traffic.
The solution: Put a per-phase time limit in place so this can't happen. If a phase doesn't advance in 2 minutes -- assume shenanigans and abort the connection.