From 8073c3026abe6046bced2c0c10290bbfa64101b1 Mon Sep 17 00:00:00 2001 From: aleos Date: Fri, 2 Jun 2023 15:41:49 -0400 Subject: [PATCH 1/2] Adds buy/sell safety check for Market Shops * Adds a buy and sell safety check from the Market Shop type. * Also includes an item validation check when loading items from SQL for Market Shops. Thanks to @mazvi! --- src/map/npc.cpp | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/map/npc.cpp b/src/map/npc.cpp index 2514da97da..225a007241 100644 --- a/src/map/npc.cpp +++ b/src/map/npc.cpp @@ -4124,7 +4124,7 @@ static const char* npc_parse_shop(char* w1, char* w2, char* w3, char* w4, const ShowWarning("npc_parse_shop: Item %s [%u] is being sold for FREE in file '%s', line '%d'.\n", id->name.c_str(), nameid2, filepath, strline(buffer,start-buffer)); } - if( type == NPCTYPE_SHOP && value*0.75 < id->value_sell*1.24 ) { // Exploit possible: you can buy and sell back with profit + if( (type == NPCTYPE_SHOP || type == NPCTYPE_MARKETSHOP) && value*0.75 < id->value_sell*1.24 ) { // Exploit possible: you can buy and sell back with profit ShowWarning("npc_parse_shop: Item %s [%u] discounted buying price (%d->%d) is less than overcharged selling price (%d->%d) at file '%s', line '%d'.\n", id->name.c_str(), nameid2, value, (int)(value*0.75), id->value_sell, (int)(id->value_sell*1.24), filepath, strline(buffer,start-buffer)); } @@ -4924,6 +4924,19 @@ static void npc_market_fromsql(void) { Sql_GetData(mmysql_handle, 3, &data, NULL); list.qty = atoi(data); Sql_GetData(mmysql_handle, 4, &data, NULL); list.flag = atoi(data); + std::shared_ptr id = item_db.find(list.nameid); + + if (id == nullptr) { + ShowWarning("npc_market_fromsql: Invalid sell item in table '%s' (id '%u').\n", market_table, list.nameid); + continue; + } + + if (list.value * 0.75 < id->value_sell * 1.24) { // Exploit possible: you can buy and sell back with profit + ShowWarning("npc_market_fromsql: Item %s [%u] discounted buying price (%d->%d) is less than overcharged selling price (%d->%d) in table '%s'. Assigning to current sell value.\n", + id->name.c_str(), list.nameid, list.value, (int)(list.value * 0.75), id->value_sell, (int)(id->value_sell * 1.24), market_table); + list.value = id->value_sell; + } + RECREATE(market->list, struct npc_item_list, market->count+1); market->list[market->count++] = list; count++; From 5339b455c05cb9f0fccb28bb303cbe8fd0eb38a3 Mon Sep 17 00:00:00 2001 From: aleos Date: Tue, 6 Jun 2023 10:58:49 -0400 Subject: [PATCH 2/2] Fixes Para Market Jewel seller prices --- npc/re/merchants/eden_market.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/npc/re/merchants/eden_market.txt b/npc/re/merchants/eden_market.txt index 7a3a99c1ab..31b9550cb5 100644 --- a/npc/re/merchants/eden_market.txt +++ b/npc/re/merchants/eden_market.txt @@ -63,7 +63,7 @@ function script F_CoolDown { - marketshop para_ref20 FAKE_NPC,984:200000:10,985:200000:100,987:240000:1,988:600000:1,989:1200000:1 -- marketshop para_jew10 FAKE_NPC,969:100000:20,7289:50000:20,7290:50000:20,7291:50000:20,7292:50000:20,7293:50000:20,7294:50000:20,7295:50000:20,7296:50000:20,7297:50000:20 +- marketshop para_jew10 FAKE_NPC,969:1000000:20,7289:500000:20,7290:500000:20,7291:500000:20,7292:500000:20,7293:500000:20,7294:500000:20,7295:500000:20,7296:500000:20,7297:500000:20 - marketshop para_alc10 FAKE_NPC,971:20000:20,972:12000:20,970:12000:20:7136:7000:20,7135:18000:20