Yesterday morning, after a long night of goombling, I decided to have a glance at the source code for roulette, I figured maybe @McCoxmaul made a little mistake that would allow to gain an edge in my goombling. Little did I know, I was about to discover a way to get free, unlimited dramacoin.
How it works
Your dramacoin is updated by checking how much dramacoin you had before, and then setting your current dramacoin to that number minus what you just spent. This would work fine, except that you can make multiple deductions at the same time using multiple threads (say your phone and pc, or two chrome tabs) . By spending twice simultaneously both threads update the value relative to the same starting balance, and since the second thread isn't aware that the balance has just been updated, it overwrites that update, meaning you just spent the same dramacoin twice.
The timing is relatively easy to pull off as python is notoriously slow so the gap between checking the balance and updating it was quite wide, so I was able to exploit this by just clicking "bet" at the same time from two devices.
@TwoLargeSnakesMating had this to say:
[It's] not a thread locking issue in particular; moreso just the way Carp got creative with using getattr/setattr on the User objects apparently doesn't create a database transaction, which should act like a mutex how you're suggesting.
Which is basically what I'm saying with some webshit lingo mixed in.
end of nerd shit
As soon as I verified the bug by printing myself 30k dramacoin in roulette I told @Aevann, and then went back to the casino, Carp was gambling too and noticed something was strange. Here are some screenshots of him being r-slurred:
Edit: Turns out Carp didn't find the exploit despite being one of the first to know there's a bug (lol).
Once the rest of the devs got wind of the bug they quickly fixed it without anyone knowing @Schizo
and carp farmed this for millions of dramacoin. Schizo went overboard by making dozens of huge bets simultaneously to farm enough money to make @getogeto the richest dramatard.
@getogeto then started sending huge sums to various users, some of them successfully laundering the money before Sneks pulled the plug. Geto was also was nice enough to give me some reparations as I was rehab awarded but before long people's dramacoin balances started resetting as we were having too much fun.
Some users probably figured it out as well. If you didn't get to greedy I doubt admins will catch you unless they have the gambling history saved and check it against current dramacoin balances.
The bug is currently being fixed while the casino is disabled. What will never be repaired, however, is my psyche after seeing this site's source.
Update: Everyone who spent their GetoBucks on awards now has negative dramacoin 
(except for me suck it poorstrags)
More drama:
never stop gambling
Jump in the discussion.
No email address required.
I actually spend the whole day yesteday doing this shit so i won't be online today
Jump in the discussion.
No email address required.
More options
Context