Oops: Diablo 3 Patch 1.0.8 Introduces Duping Exploit

How Did This Happen?

While many jaded players have been sarcastically calling back to comments made by Blizzard that Diablo 3′s persistent internet connection requirement was intended to prevent duping, they do raise a valid point. How did this happen?

We aren’t likely to ever receive an official answer from Blizzard, but we may already have it.

Patch 1.0.8 was tested extensively on the Public Test Realm — however, the PTR does not feature a Real Money Auction House, which was the source of the exploit. We do know that 1.0.8 included one relevant modification to the Auction House:

  • The stack size for gold sales on the auction house has been increased from 1 million to 10 million

We also know that this feature was removed when the patch launched in Europe and Asia, after its North American launch. Lylirra wrote:

“This will not affect the patch maintenance schedules for Europe or Asia. As we believe we’ve been able to fix the dupe, patch 1.0.8 will still be released in both of these regions as normal. However, please note that we have temporarily reverted the stack size for gold on the real-money Auction House from 10,000,000 to 1,000,000. There’s an active bug that’s preventing gold stack sizes from displaying correctly, so we’ve reversed that one change until we can fix it. (This will also be the case for the Americas once the Auction House is marked live.)”

Given the information available, one Redditor presents a convincing theory: a simple coding error. Known by programmers as an “integer overflow,” those in the field report this as a “common error.”

The Redditor examined video of the dupe being performed and recognized the following:

  • A sum of gold was put up for sale on the Real Money Auction House. In this case, the total was 6 billion gold.
  • When the auction is posted, only 1,705,032,704 gold showed up.
  • The difference between these two numbers is 4,294,967,296.
  • 4,294,967,296 divided by two is 2,147,483,648.
  • 2,147,483,647 is the maximum value that can be stored in an Int32 structure.

The Redditor explains:

“Simply put, their RMAH gold selling code wasn’t written to handle numbers over 2,147,483,647 properly, and the result was duplicate gold being added to people’s stashes.”

In this video, we see the exploiter has a total of 13,238,820,879 gold before canceling his auction, and 17,533,788,175 after canceling it. The difference between those two numbers equals 4,294,967,296 — our magic number. So what happened? Once a total of 2,147,483,648 gold entered the system, the system broke, stored that number somewhere, and began counting anew. Once it reached 2,147,483,648 again, it broke once more, added that total to storage, and began counting once more. Once it reached 1,705,032,704, it was done counting, and that was the sum displayed in the auction.

Effectively, this is Blizzard’s Y2K. The coders never thought that such large sums of gold would be transacted through the Auction House and didn’t bother preparing for the possibility. Oops.

Of course, this is just speculation. But the math adds up.

Where Do We Stand?

At this point in Diablo 3′s life, it’s unfortunate that the biggest headlines continue to be scandals. The consequences of Blizzard’s decision to not roll back servers will soon be seen, and how severe of an effect these consequences have on the game will come to light in the coming months. For the sake of whatever future this game may have, let’s hope for the best.


Read more of CJ Miozzi’s work here, and follow him and Game Front on Twitter: @rhykker and @gamefrontcom.

Join the Conversation   

* required field

By submitting a comment here you grant GameFront a perpetual license to reproduce your words and name/web site in attribution. Inappropriate or irrelevant comments will be removed at an admin's discretion.

3 Comments on Oops: Diablo 3 Patch 1.0.8 Introduces Duping Exploit

Row

On May 9, 2013 at 12:03 pm

Players from the Hardcore mode were spared, since the duping method required usage of the RMAH. This also implies that in order to dupe, players needed to have RMAH access set up, and have over 4G gold to get started. Combined with the fact that duping was only possible in a time window outside prime time, it’s quite likely that not that many players did it (not many relative to the entire active player base).
But yeah, like Jay Wilson would say, they took their gold, and…

Kevin

On May 9, 2013 at 3:46 pm

When it comes to eco exploits, even if it is just 1 or 2% of players who did it, that can have serious rammifcations on the economy if they do it on a certain scale.

Why you really need to be careful about this stuff. At least the game is mostly loot based in its economy, so that mitigates some of the damage. If it is more market based, these small exploits can destroy economies. Why Eve has gotten so good at making sure their economy runs smoothly.

Heru

On May 9, 2013 at 9:33 pm

People are still playing this steaming pile?