Paper: Item Duplication

Works best on servers that have a low TPS. As an example at 1 TPS duplicating happens virtually every try.

There are a lot of things that go wrong when you have a lot TPS. Try solving that first.

this is a duplicate of #481 and is already fixed

I was able to duplicate this using no plugins with a vanilla client at 10 TPS.

TPS reading: http://nerd.guru/screenshots/javaw_2016-11-20_17-53-28.png
Video Of Duplication: https://www.youtube.com/watch?v=2bXHcqAP09M&edit=vd

@LeafHacker - If it's a duplicate what version was it patched in. I was up to date until like 15 minutes ago and I'm on 924 :P

Is this an issue on Spigot, or was this caused by paperspigot in the first place? Would like to know.

If you're having a hard time reproducing this can I get pointed to the section of code that handles disconnects and player file saving please?

Resolving this issue has been proven to be quite a hassle, the provided fix by spigot that would resolve this issue appears to only make it easier.

Interesting. Can you point me toward the section of code you're referencing?

I know nothing about the paper project, but I do program for a living.

Dupe still works with paper 933

Same video:
https://www.youtube.com/watch?v=zJYmMkhbbGY

How to reproduce:

1. Get WorldEdit (or any means to lower TPS)
2. Make a large selection around Y255 (~5 chunks should be more than enough to bring down your TPS)
3. //replace air water,lava
4. Repeat https://www.youtube.com/watch?v=zJYmMkhbbGY

On client N1 prepare the item you wish to duplicate.
Connect to the server using client N2.
As the server is about to disconnect you from client N1 RAPID CLICK drop button
Reconnect with client N1 and you may have duplicated the item.

Sounds like this may be related to GH-488

Zbob750 what makes you think it's related? This doesn't have anything to do with chests. I'd think it'd have more to do with the fact that player save files aren't registering the drop before being loaded up by client #2.

Looks like it's been reported here: https://bugs.mojang.com/browse/MC-63 and someone has made a temp patch plugin (untested, use at your own peril): https://github.com/ataranlen/NoDroppingOffline/releases

I said it may be related, not that it is.
Chests are containers, player inventories are containers. There's a lot of shared code there.

If someone can verify the linked plugin fixes the issue, that's a pretty simple thing to add as a mitigating step, until someone fixes the root issue.

Integrating said plugin into paper is a really hacky solution IMO

I'm not thrilled about it either, if you're aware of a better solution feel free to submit a PR @Chnkr

Can do 👍 will look into something tomorrow.

https://github.com/PaperMC/Paper/pull/517

Update your servers, Paper now follows most every other game server software out there by not processing packets from players who already disconnected, which should resolve the issue.

Unfortunately it does not appear patched on version 959. The plugin does not seem to work either. Same exact reproduction procedures.

Not re-opening this issue without multiple confirmations from multiple parties.

I am unable to replicate

Appears to still work- I run a survival anarchy server called 2b2t and am running latest build from git.

Confirmed working on 2b2t.net

At this point, PRs welcome. I don't have time to look into this any further right now.

I wrote a plugin to temporarily stop this until someone comes up with a better way.

https://github.com/NerdGuruDevelopers/NoDupe

Confirmed working on 9b9t.

@NerdGuruDevelopers that is a terrible way to stop it, because it'll still work with that plugin, the entire dupe relies on the fact that your inventory is serialized too late / too early.

It also relies on users being able to disconnect by users knowing when exactly they'll be kicked. Like I said temporary patch until someone figures out a better way to stop it.

No, it does not. There are so much more ways you can execute this duplication glitch, none of the provided patches or plugins resolve the issue, and as of right now it still works in Vanilla, Spigot & Paperspigot.

Mojang knows about it, but it's highly unlikely that this will be patched anytime soon.

I can confirm this issue still persists in 1.11.2 using Paper 992, NoCheatPlus 1046 and ProtocolLib 345. Do we have any progress on a fix? An entire server is duping and I cannot find a way to stop it.

Wurst clients cause an "Interacted with Self" disconnect message that can be caught on a bungeecord level, You can use a ServerKickEvent listener to deal with the offending players, I haven't seen that disconnect message by vanilla means yet. Its not a fool proof solution, but it should at least catch the bad dupers.

This doesn't have anything to do with hacked clients @NachtRaben as it is being done on Vanilla clients by simply following the OPs method. That kick dupe you mention is still fixed AFAIK.

Another "bandaid" for the issue is to simply return on interacting with self instead of kicking, teleport the player to the correct location instead of kicking for flying, and such until players cannot reliably get themselves kicked.

I've pulled @AlfieC 's PR. See if this is still possible with build 997+

Both @prplz and I have tested this extensively and have so far been unable to replicate with my PR - but when we revert to the one without the PR, we can get it usually 50% of the time (when we run the server at 1-2tps).

going to mark this closed then. Please reopen a new ticket if it can be done again.

Can confirm patch seems to solve it.