Diablo III Economy Broken by an Integer Overflow Bug
The thoughts and opinions expressed are those of the writer and not Gamasutra or its parent company.
Diablo III, Blizzardâ€™s highly-awaitedÂ online-only Action RPG released almost a year ago to the day, has had its share of technical difficulties. FromÂ Error 37Â to lag spikes that can cause hundreds of hours to go to waste, Blizzard has spent the past year improving the game backend to betterÂ accommodateÂ the millions of active players.
Diablo III is also noted for its economy, with an emphasis on a region-wide auction house where players can trade one-in-a-million items for millions and billions of gold. (inflation is crazy). Additionally, Diablo III emphasized the use of a Real World Auction House, where players can sell gold or items for real world cash.
Today was the launch ofÂ Patch 1.0.8, a patch which promised improvements to character progression. After spending a few weeks on a Public Test Realm, where playersÂ volunteeredÂ to tested the patch to ensure that there were no game-breaking exploits, the patch released successfully.
Except for one patch note that was added last minute and not tested in the PTR. And itâ€™s a patch note that broke the economy to tiny pieces.
The patch notes from the final build contained this change:
The stack size for gold sales on the auction house has been increased from 1 million to 10 million.
Normally, on the Real Money Auction House, the player can only sell money in 1 million gold increments. In 1.0.8, the player can sell it in 10 million increments. So, what happens when the player tries putting an absurd amount of money on the Auction House?
Reddit user tyroproÂ has a nice explanation:
The gold â€śdupeâ€ť involved creating a RMAH auction for billions of gold while staying under the $250 limit. The example I saw in a video was 6 billion gold (600 x 10,000,000 at $0.39 per stack, for $234). When they posted this auction only ~1.7 billion appeared to be for sale, with the rest â€śmissingâ€ť until they sent it to their stash and ended up with more than they started with. The exact numbers from a duping video:
Create RMAH auction for: 6,000,000,000 gold Auction shows up as: 1,705,032,704 gold This much is missing! 4,294,967,296 gold The missing amount, divided by 2: 2,147,483,648 gold
2,147,483,648 (or 231)Â is the maximum value you can store in an int32 in programming. Iâ€™m no programmer, but I took one class in high school and was taught about the limits of different variable types. See:http://stackoverflow.com/questions/94591/what-is-the-maximum-value-for-a-int32
Simply put, their RMAH gold selling code wasnâ€™t written to handle numbers over 2,147,483,648 properly, and the result was duplicate gold being added to peopleâ€™s stashes.
4,294,967,296 is also 232, or the bound on anÂ unsigned integer, which would be an interesting implementation choice on Blizzardâ€™s part.
And so, the dupers created these 6-billion-gold auctions which only appears to sell as 1.7 billion (and therefore only had 1.7 billion deducted from the current balance), canceled them, and were fully refunded the 6 billion for a net profit of the difference (4.2 billion). RepeatÂ ad nauseum.
A popular game streamer showed off the exploit. Other streamers followed. It was easilyÂ reproducibleÂ andÂ everyone knew how to reproduce it.
Yes, thatâ€™s 420Â billionÂ gold.
After buying up all the duped items in the Auction House, the items were then sold on the Real Money Auction House. For real money. And people bought them.
This is the definition of a worst-case scenario for Diablo III. All because of an untested patch note. What could Blizzard do? Performing a roll-back would wipe all progress obtained by players for the patch day, which would result in a lot of bad PR. But leaving the economy as-is will devalue all items in the game (and Diablo III is all about getting items).
In the end, BlizzardÂ has not done a roll-back, but insteadÂ banned anyone who duped, andÂ refundedÂ anyone who spent real money. The bug was temporarily fixed by reverting the patch note which caused the entire mess.
Let this be a lesson on what happens when you include an untested change at the last minute. You could break an entire economy.