search

hippich / Bitcoin-Poker-Room

Sources for Bitcoin Poker Room.
http://betco.in
Other
132 stars 87 forks source link

ratholing protection is beatable #49

Closed dooglus closed 13 years ago

dooglus commented 13 years ago

The code attempts to stop me leaving a table with more than the max buy-in then coming back and sitting with less than I left with.

This is good.

But - I can cheat it, by doing the following:

1) leave with more than the buy-in. ratholes[] stores the current time and my stack 2) come back to the table, click to sit 3) the buy-in dialog has my previous stack as the min and max buy-in - I'm expected to buy back in with the amount I previously had 4) cancel the buy-in dialog with the 'x' in the top right 5) leave the table. ratholes[] stores the current time and my new stack of 0 6) come back to the table and buy in for whatever amount you like

I guess the fix is not to update ratholes[] if the stack is zero.

dooglus commented 13 years ago

My fix is probably wrong.

If someone buys in for the max, doubles up, then leaves, their stack will be remembered in ratholes[]. Then when they leave and come back, they'll have to rebuy for the full amount. If they then lose it all and leave, their stack will be zero when they leave, and their ratholes stat won't be updated. So if they come back, they'll be expected to buy in for more than the max buy-in, which they may not even have available any more.

anisoptera commented 13 years ago

We need to determine that they actually bought in to the table before updating ratholes.

anisoptera commented 13 years ago

This ended up being the fix, because it turns out I thought to delete them from ratholes[] when they successfully buy in. So that will never happen - they cleared their "debt" when they bought in.

dooglus commented 13 years ago

Yes, of course.