Plugin doesn't work in a logical sense
rhapidfyre opened this issue · 3 comments
If you use the plugin to use a virtual crypto, the luck/crash chances cause an extreme exploit. One of my players put all of their money into crypto when it crashed to a dollar. Two hours later, it was worth 5 million dollars. He went from a nobody with 200k to a multimillionaire in just a few hours. So the likely fix would be make crypto have a bottom of something like 20 so it can't get that low, which, is exactly what we had it set to but it still dropped to a dollar. The max is set to 80, and one time I went to check it, Crypto was up to 200 dollars. This is all with the vanilla settings.
If you use the real life crypto API, there's a major issue where using a crypto such as LUNA, which is around $90 at the time of this post, that it will randomly shoot up to $500 without any indication as to why, and then drop back down to the $90 mark. My players have been buying crypto at $90, waiting for the $500 to happen, and then becoming millionaires.
So basically by using this plugin, all of my players are now currently milionaires (which has been corrected, but that's a lot of extra work everyday to go check crypto logs and remove people's money).
If my intuition is correct, the spike to $500 isn't random - It happens to coincide with HTTP error 500 which is an error of failing to resolve the destination. It might be possible that when the script is checking the current crypto ticker price, it's returning a 500 because of the host being down, and thus returning error code 500 which is interpreted as QB-Crypto as $500.
I've tried adding a few fixes myself to this but I'm struggling to follow the logic with the plethora of tasks I'm managing. I don't mind fixing this and doing a PR, if I can get some feedback on where the problem may be.
Is there a way to make it so that if value=500 then value=90?
I tried to write it so it would catch any returning value as 404, 500, etc to just use the last known price and it still didn't work. I ended up removing the plugin altogether. The exploit is too problematic. Two of my players are now multi-millionaires.
Custom cryptos outside of the FIAT currencies/non-mainstream crypto do have these kinds of spikes being reported. This is part of the nature of Quantum Randomisation involved in both the API call and the longs and shorts of the exchange. It is better to use a stablecoin or something like Etherium or Bitcoin. I prefer to use math.random method as it is far more predictable for use in a game and also reduces the network calls involved from the serverside.
HTTP Response Code
The API is not returning the HTTP response code in the body of the response and it will never take the HTTP response code and convert it a value that it uses to determine the currency value.
The API expects the response portion of the body to look like this:
{
"LUNA": 90
}
Math.random configuration
I have been running my server with the following config file and have had no surge millionaires.
RefreshTimer = 60, -- In minutes.
-- Crashes or luck
ChanceOfCrashOrLuck = 2, -- This is in % (1-100)
Crash = {20,80}, -- Min / Max
Luck = {20,45}, -- Min / Max
-- If not not Chance of crash or luck, then this shit
ChanceOfDown = 30, -- If out of 100 hits less or equal to
ChanceOfUp = 60, -- If out of 100 is greater or equal to
CasualDown = {1,10}, -- Min / Max (If it goes down)
CasualUp = {1,10}, -- Min / Max (If it goes up)
The RefreshTimer, the ChanceOfCrashOrLuck, the CasualDown and CasualUp are the biggest determining factors to avoid an exploit in this script.
I'm going to close this issue as we are unable to cater for the problems associated with real-time Crypto Exchange APIs and the solutions listed above will make this resource less exploitable for your playerbase.