Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: Directly posting to API creates unvalid races #648

Open
1 task done
Truirer opened this issue Aug 3, 2023 · 1 comment · May be fixed by #723
Open
1 task done

[BUG]: Directly posting to API creates unvalid races #648

Truirer opened this issue Aug 3, 2023 · 1 comment · May be fixed by #723
Assignees
@bkbCodes
Labels
bug Something isn't working

Comments

@Truirer
Copy link

Truirer commented Aug 3, 2023

Description

I've encountered a bug in the web application that you can create new finished races to show up in dashboard with same snippet id by posting to 'https://code-racer-eight.vercel.app/race/practice' directly. This allows users to create multiple races by using the same snippet id.

Also system only checks if the cpm is less than or equal 10k and accuracy is less than or equal to 100. Other than that there is no validation to check the cpm and accuracy of races that have been posted. Any post using same headers allows users to create races with fake results. Steps i followed to be able to post any cpm and accuracy ratings:

  1. Copy the valid request from the network panel of devtools by playing a random race.
  2. Find the snippet id by refreshing the page after the snippet is loaded. (It is in the last script tag which contains self.__next_f)
  3. Send request after changing the snippetId value to the new snippet id.

inifinite-race

(optional) What browsers are you seeing the problem on?

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@Truirer Truirer added the bug Something isn't working label Aug 3, 2023
@bkbCodes
Copy link
Contributor

bkbCodes commented Aug 7, 2023

I'll work on this

bkbCodes added a commit to bkbCodes/code-racer that referenced this issue Aug 23, 2023
@bkbCodes
Merge branch 'webdevcody:main' into webdevcody#648-invalid-race-post-…
ae7f22f 
…request
bkbCodes added a commit to bkbCodes/code-racer that referenced this issue Sep 2, 2023
@bkbCodes
Merge branch 'webdevcody:main' into webdevcody#648-invalid-race-post-…
9da08c3 
…request
bkbCodes added a commit to bkbCodes/code-racer that referenced this issue Sep 18, 2023
@bkbCodes
Merge branch 'webdevcody:main' into webdevcody#648-invalid-race-post-…
708bccc 
…request
bkbCodes added a commit to bkbCodes/code-racer that referenced this issue Oct 2, 2023
@bkbCodes
Merge branch 'webdevcody:main' into webdevcody#648-invalid-race-post-…
1d70142 
…request
bkbCodes added a commit to bkbCodes/code-racer that referenced this issue Oct 2, 2023
@bkbCodes
Merge branch 'webdevcody#648-invalid-race-post-request' of https://gi…
e46bad7 
…thub.com/bkbCodes/code-racer into webdevcody#648-invalid-race-post-request
@bkbCodes bkbCodes linked a pull request Oct 5, 2023 that will close this issue
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bkbCodes bkbCodes

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#648 invalid race post request bkbCodes/code-racer
2 participants
@Truirer @bkbCodes