search

freeboardgames / FreeBoardGames.org

FOSS platform for publishing boardgame.io games
https://www.FreeBoardGames.org
GNU Affero General Public License v3.0
252 stars 93 forks source link

Bombs and Bunnys - Potential cheating issue #768

Closed b-hub closed 3 years ago

b-hub commented 3 years ago

Describe the bug User is able to find out the value of face down cards. Prior to making a valid move.

To Reproduce Requires further investigating. @Spooky-0 would it be possible to get the steps?

Expected behavior A user can only know the value of a face down card after they have made a valid move.

Additional context This issue was created in response to @Spooky-0's comment on #767 after a different issue was raised - #763 The comment was:

Btw one more issue - but I'm not sure if it is actually an issue: once when playing I had to turn cards up. But exactly then I had some internet issue. So I was able to turn over cards and see their value - bomb orbunny. I refreshed my browser and it was like nothing had happened - the cards were turned back. This is obviously a problem since players could easily cheat. Did you use the Hiden Game state machanic from boardgames.io? If not, it's very easy to implement. The only thing that might be a bit weird ist the game tests since there the tester (player1 for example) might not have access to the values.

Let me know if this is indeed the case and we can work on fixing it together

Spooky-0 commented 3 years ago

I looked at the code and it seems that indeed the secret state is not used.

https://boardgame.io/documentation/#/secret-state

Implementing this should fix the issue. I'll try to do it this weekend.

vdfdev commented 3 years ago

Fixed by #769