Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

frameLag should store per (UserId, IP, Fingerprint) #397

Open
isaacl opened this issue Nov 29, 2022 · 1 comment
Open

frameLag should store per (UserId, IP, Fingerprint) #397

isaacl opened this issue Nov 29, 2022 · 1 comment

Comments

@isaacl
Copy link
Member

isaacl commented Nov 29, 2022

Potential exploit:

User can inflate frame lag by connecting a second time using a slower internet connection (i.e. a phone or another browser w/ VPN). They can they use an websocket exploit to inflate lag comp beyond their main tab's ping.

To combat this, frame lag should be stored based on (UserID, IP, Fingerprint) (or some lightweight hash of the three)
@isaacl
Copy link
Member Author

isaacl commented Nov 29, 2022

This is a bit of a mess, because scalachess would have to select a specific framelag based on which connection was submitting the move...

One potential alternative would be to store each connection's avg frame lag, but propagate the min of all connections from a userid to scalachess... However this could cause issues if a casual user played from their slow connection while their computer still had lichess open.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@isaacl