|
| 1 | +# Exploits |
| 2 | + |
| 3 | +If you are filing an issue report you believe to be an exploit, please file it |
| 4 | +in the [Exploit Forum](https://www.paradisestation.org/forum/179-exploit-reports/). |
| 5 | + |
| 6 | +If you are unsure what an exploit is, read on. |
| 7 | + |
| 8 | +## Definition |
| 9 | + |
| 10 | +_Exploits_ refer to ways for players to: |
| 11 | + |
| 12 | +- gain an unintended or unexpectedly disproportionate mechanical advantage over |
| 13 | + other players or some aspect of the game, |
| 14 | +- degrade or perversely affect the stability and performance of the game server, |
| 15 | +- or damage or destroy any of the services, infrastructure, or data used to run |
| 16 | + Paradise and its associated tooling |
| 17 | + |
| 18 | +This definition is not exhaustive or exclusive. Ultimately issue managers, |
| 19 | +maintainers, and headcoders are responsible for determining if an issue is an |
| 20 | +exploit. |
| 21 | + |
| 22 | +Exploits are reported in a different venue than ordinary bugs or other game |
| 23 | +issues because the possibility exists that other players can reproduce the |
| 24 | +behavior and propagate knowledge of the advantage or destructive activity to |
| 25 | +themselves and others. |
| 26 | + |
| 27 | +## Examples |
| 28 | + |
| 29 | +Some examples of a mechanical exploit might be: |
| 30 | + |
| 31 | +1. A player finds an item that, when inserted into an autolathe, returns more |
| 32 | + materials than it requires to print the item from the autolathe. In this way, by |
| 33 | + constantly recycling and printing the same item, they are able to create an |
| 34 | + unbounded amount of material for free. This is an exploit because it subverts |
| 35 | + the intended design of the autolathe, which is that things should cost |
| 36 | + consistent resources and should never lead to runaway amounts of materials |
| 37 | + that would normally have to be mined or found elsewhere. |
| 38 | + |
| 39 | +2. A player finds that when holding a certain jetpack and wearing a certain |
| 40 | + suit, that they move faster in space than they would otherwise. This is an |
| 41 | + exploit because it makes them faster when they didn't actually do so in a way |
| 42 | + the game intended. Note that whether or not there's a fair counter for this |
| 43 | + behavior is irrelevant. |
| 44 | + |
| 45 | +Some examples of a server exploit might be: |
| 46 | + |
| 47 | +1. A player finds a command that, while only intended for admins, does not |
| 48 | + perform a permissions check, leading to the ability for non-admins to execute |
| 49 | + the command and potentially change player records or change the course of a |
| 50 | + game not meant for non-admins to be able to do. This is an exploit because it |
| 51 | + bypasses the permissions system, giving ordinary players privileged access to |
| 52 | + game behavior. |
| 53 | + |
| 54 | +2. A player finds that when upgrading a certain machine that produces output, |
| 55 | + the creation of so many of a certain kind of object causes server lag for all |
| 56 | + players. This is an exploit because while the player may not have been |
| 57 | + performing any malicious actions, a coding error causes performance issues in |
| 58 | + an otherwise unremarkable situation, meaning the player can lag the server |
| 59 | + and hurt the experience for players simply by performing the same otherwise |
| 60 | + mundane action repeatedly. |
| 61 | + |
| 62 | +An example of an infrastructure exploit might be: |
| 63 | + |
| 64 | +1. A player finds that an API call to Parastats causes degraded service as the |
| 65 | + API server attempts to fill the request, and them performs that call |
| 66 | + repeatedly for no reason other than to cause performance issues for other |
| 67 | + people attempting to access the server. |
0 commit comments