Forgot your password?
typodupeerror
The Almighty Buck Games

Integer Overflow Bug Leads To Diablo III Gold Duping 160

Posted by Soulskill
from the many-foreheads-were-slapped dept.
Nerval's Lobster writes "Online economies come with their own issues. Case in point is the Auction House for Diablo III, a massively multiplayer game in which players can pay for items in either in-game gold or real-world dollars. Thanks to a bug in the game's latest patch, players could generate massive amounts of virtual gold with little effort, which threatened to throw the in-game economy seriously out of whack. Diablo series publisher Blizzard took corrective steps, but the bug has already attracted a fair share of buzz on gaming and tech-news forums. 'We're still in the process of auditing Auction House and gold trade transactions,' read Blizzard's note on the Battle.net forums. 'We realize this is an inconvenience for many of our players, and we sincerely apologize for the interruption of the service. We hope to have everything back up as soon as possible.' Blizzard was unable to offer an ETA for when the Auction House would come back. 'We'll continue to provide updates in this thread as they become available.' Diablo's gold issue brings up (however tangentially) some broader issues with virtual currencies, namely the bugs and workarounds that can throw an entire micro-economy out of whack. But then again, 'real world' markets have their own software-related problems: witness Wall Street's periodic 'flash crashes' (caused, many believe, by the rise of ultra-high-speed computer trading)." It seems likely the gold duping was due to a simple integer overflow bug. A late change added to the patch allowed users to sell gold on the Real Money Auction House in stacks of 10 million rather than stacks of 1 million. On the RMAH, there exists both a cap ($250) and a floor ($0.25) for the value of auctions. With stacks of 1 million and a floor of $0.25, a seller could only enter 1 billion gold (1,000 stacks) while staying under the $250 cap. When the gold stack size increased, the value of gold dropped significantly. At $0.39 per 10 million, a user could enter values of up to 6.4 billion gold at a time. Unfortunately, the RMAH wasn't designed to handle gold numbers above 2^31, or 2,147,483,648 gold. Creating the auction wouldn't remove enough gold, but canceling it would return the full amount.
This discussion has been archived. No new comments can be posted.

Integer Overflow Bug Leads To Diablo III Gold Duping

Comments Filter:
  • by Anonymous Coward on Wednesday May 08, 2013 @06:18PM (#43669697)

    tat puters' is hard.

  • by Revek (133289) on Wednesday May 08, 2013 @06:19PM (#43669711) Homepage

    I remember the day when you could strip the gear off anyone playing a multiplayer game with the trainer. I usually used it on jerks who came in collecting ears. If someone came in you could quickly look at their inventory and if they had several ears you could clear out their inventory and gear. They wouldn't know visually until they tried to hit you at which time they would be completely naked. It was really fun when they re-spawned and came back to loot their body and you started dropping some of the ears they collected on the ground.

  • by TubeSteak (669689) on Wednesday May 08, 2013 @06:21PM (#43669729) Journal

    So, what have we learned?

    That 2^31 gold ought to be enough for anybody?

  • by Anonymous Coward on Wednesday May 08, 2013 @06:28PM (#43669813)

    What a beginner's mistake. I wonder what the rationale was for not using a 64-bit integer; "It's wasteful!"

  • by BenJeremy (181303) on Wednesday May 08, 2013 @07:42PM (#43670523)

    I discovered a bug with the gold in Pirates! while watching somebody play on my roommate's Mac (we were stationed in Okinawa on Camp Kinser)... he went into port with damage, and while he did not have enough money, it offered to repair his damaged ships for more money than he had.

    Needless to say, the underflow was done to a UINT16 used to track gold (in 10-gold increments), so you'd end up with around 655350 gold after the transaction. That kept your crews happy, and let you buy lots of things.

    I also enjoyed the mental image of 1200 pirates hanging off a sloop after I sold off my fleet.

    We put in ungodly hours into that game.

  • by Jesus_666 (702802) on Wednesday May 08, 2013 @07:56PM (#43670639)

    So, what have we learned?

    To always use 64-bit numbers, duh.

  • Re:Confused (Score:4, Funny)

    by ShakaUVM (157947) on Thursday May 09, 2013 @04:53AM (#43672935) Homepage Journal

    Baldur's Gate stored various things as unsigned shorts, IIRC.

    There was a monster called the nishruu that would drain charges off your magic items. So after one combat, I found I now had a charged magic item with 32,000-ish charges on it.

    Since the gold value of magic items was proportional to the number of charges remaining, I sold it and never needed to worry about money again in the game.

  • and then when the IRS drops in and says it's income then all kinds of other laws drop in.

    The epic hilarity starts if they decide that you'll probably have to account for different sorts of loot in different ways... Did you get the Helm of Epic Bashing while you were wandering around and slaying monsters(self employed), while doing a quest for the Mysterious Feckless Questgiver NPC(Independent Contractor), or should it be reflected in the W-2 that the Ratslayer's Guild submitted to cover your work as an employee with them?

    You should probably also get an opinion from your tax lawyer on whether the depletion of the charges stored in your Staff of Fireball is simply part of the depreciation of that capital good, or whether charges are just a business expense like copier paper or potions of stamina...

"Pull the trigger and you're garbage." -- Lady Blue

Working...