Oops: Diablo 3 Patch 1.0.8 Introduces Duping Exploit
How Did This Happen?
While many jaded players have been sarcastically calling back to comments made by Blizzard that Diablo 3′s persistent internet connection requirement was intended to prevent duping, they do raise a valid point. How did this happen?
We aren’t likely to ever receive an official answer from Blizzard, but we may already have it.
Patch 1.0.8 was tested extensively on the Public Test Realm — however, the PTR does not feature a Real Money Auction House, which was the source of the exploit. We do know that 1.0.8 included one relevant modification to the Auction House:
- The stack size for gold sales on the auction house has been increased from 1 million to 10 million
We also know that this feature was removed when the patch launched in Europe and Asia, after its North American launch. Lylirra wrote:
“This will not affect the patch maintenance schedules for Europe or Asia. As we believe we’ve been able to fix the dupe, patch 1.0.8 will still be released in both of these regions as normal. However, please note that we have temporarily reverted the stack size for gold on the real-money Auction House from 10,000,000 to 1,000,000. There’s an active bug that’s preventing gold stack sizes from displaying correctly, so we’ve reversed that one change until we can fix it. (This will also be the case for the Americas once the Auction House is marked live.)”
Given the information available, one Redditor presents a convincing theory: a simple coding error. Known by programmers as an “integer overflow,” those in the field report this as a “common error.”
The Redditor examined video of the dupe being performed and recognized the following:
- A sum of gold was put up for sale on the Real Money Auction House. In this case, the total was 6 billion gold.
- When the auction is posted, only 1,705,032,704 gold showed up.
- The difference between these two numbers is 4,294,967,296.
- 4,294,967,296 divided by two is 2,147,483,648.
- 2,147,483,647 is the maximum value that can be stored in an Int32 structure.
The Redditor explains:
“Simply put, their RMAH gold selling code wasn’t written to handle numbers over 2,147,483,647 properly, and the result was duplicate gold being added to people’s stashes.”
In this video, we see the exploiter has a total of 13,238,820,879 gold before canceling his auction, and 17,533,788,175 after canceling it. The difference between those two numbers equals 4,294,967,296 — our magic number. So what happened? Once a total of 2,147,483,648 gold entered the system, the system broke, stored that number somewhere, and began counting anew. Once it reached 2,147,483,648 again, it broke once more, added that total to storage, and began counting once more. Once it reached 1,705,032,704, it was done counting, and that was the sum displayed in the auction.
Effectively, this is Blizzard’s Y2K. The coders never thought that such large sums of gold would be transacted through the Auction House and didn’t bother preparing for the possibility. Oops.
Of course, this is just speculation. But the math adds up.
Where Do We Stand?
At this point in Diablo 3′s life, it’s unfortunate that the biggest headlines continue to be scandals. The consequences of Blizzard’s decision to not roll back servers will soon be seen, and how severe of an effect these consequences have on the game will come to light in the coming months. For the sake of whatever future this game may have, let’s hope for the best.