Server-authoritative damage validation + death broadcast#20
Open
constripacity wants to merge 1 commit into
Open
Server-authoritative damage validation + death broadcast#20constripacity wants to merge 1 commit into
constripacity wants to merge 1 commit into
Conversation
Combat was unplayable and trivially cheatable: the server logged damage (case 2) and death (case 3) but never relayed them, so no one took damage or died, and a hand-written client could claim any damage value. Now the server owns combat: - validates every damage event before it counts -- rejects damage above MAX_DAMAGE (200), self-damage, unknown players, non-positive values (logged as [ANTICHEAT] REJECTED ...); - relays only validated damage to the victim (protocol 2 / argument 4), so real combat works; - broadcasts death (protocol 2 / argument 5) and tallies kills/deaths. No client change required -- the client already handles arguments 4 and 5. Defeats a protocol-level cheat (spoofed 99999 one-shots) that client integrity / EAC cannot, since the attacker never runs the game binary. Scope (v1): damage authority. Follow-ups: server-owned HP (stops god-mode-by-ignoring-damage), per-weapon caps, distance/LoS + fire-rate checks, real auth, and the one-packet-per-read framing fix. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Combat was both broken and trivially cheatable. The server logged damage (
case 2) and death (case 3) but never relayed them, so:99999) and the server believed it.Fix the server now owns combat
damage > MAX_DAMAGE(200), self-damage, unknown players, non-positive values. Rejections log as[ANTICHEAT] REJECTED ...and the victim never takes the hit.protocol 2 / argument 4) → real combat works.protocol 2 / argument 5) and tallies kills/deaths.No client change required the client already handles arguments 4 and 5 (
DamageReceived,PlayerDied).Why it matters
This defeats a protocol-level cheat (spoofed one-shots) that client integrity / EAC cannot stop, because the attacker never runs the game binary. Verified live: a PoC sending
99999got 8/8 hits rejected; the real player survived; legitimate player-vs-player combat works and kills register.Scope (v1) + follow-ups
This PR is damage authority. Deliberately out of scope (TODO in code):
ProcessPacketone-packet-per-read framing fix (coalesced packets parse as garbage; currently dropped harmlessly as 0-damage).