Modifying outbound requests to the leaderboard


#1

Simple modification of the outbound request upon completion allows for leaderboard manipulation. See: https://exploitzeroday.com/system/4/

It seems like you'd need to do server-side simulation to "check" solutions (the data appears to already be sent to do that).


#2

Thanks for this; it's been entered into our issue tracker.

We do indeed do server-side simulation to check solutions. Your exploit suggests that it's not working right, so that's something we definitely need to fix.


#3

This has, I believe, been fixed in 0.2.5. Please let us know if you discover another way to falsify solutions or durations. Note that the final duration for a solution that shows in the leaderboard now may not always match the client-reported duration.


#4

All that remains for leaderboard optimization isn't really outside the spirit of the game:
{"data":"0:0.00|2:0.00|1:0.601","is_canon":false,"duration":2899,"solver":14,"system":4}

(Why yes, since you took my "1" away from me I have instead claimed the perfectly optimal solution.)

Could be amusing to write a script that took a correct solution and optimized it with a binary search of the elapsed time between packets firing. smile

Also an interesting thing about ordering with regards to collisions with a single cell in the grid. Note that both of the first two fire "simultaneously," would reach the same node simultaneously, and yet the "second" one passes through. I would call that correct, it's just interesting.


#5

@percent20, yeah, there's no really feasible way to distinguish reliably between an optimal human speedrun and a tool-assisted speedrun. Solution duration probably won't count for much once we have more systems in place, but it's a fun way to compete for now. In more complex systems, hopefully the order of actions will be as important as your speed on the mouse.

And yeah, there's a proper ordering of the packet collisions, although I don't recommend you rely on it long-term. Our simulation methods may change without warning and may not be consistent with regard to simultaneity. We're not currently planning to invalidate old solutions, but be aware of that if you pursue automated solving.


#6

I also feel like the theme of the game almost encourages this sort of behavior. I love the idea of you modifying the simulation in ways that invalidate old solutions–system fixed the vulnerability! (Your solver was too precise.)


#7