Security issues and bugs

omti · September 21, 2019, 10:22pm

Hello there.
I have been regularly playing clash of code as Im enjoying these short coding sessions and also I find that Im learning useful techniques and concepts(regex, some security, networking, …) thanks to contributors making good questions.

Im meeting different bugs and potential security issues. List of anomalies detected: *The code editor screen became white(this havent happened for a while),
*The unit tests were reporting error, while code was correct. Sending the solution to the server the server accepted the solution.
*Before the game start I get hung up on the timer screen, and have to reload the session so I get into the challenge screen.
*My timer(before clash and ingame) is delayed from serverside timer occasionally.
*I don`t see other players in the timer screen occasionally.

Also not directly bugs or suspicions detected:

*Selection of challenges sometimes is strange, and the same very easy challenge is given in a quick succession.
*Possible spoofing of the scoring algorithm. One possible method is transferring/leeching scores(as score is calculated based on other players playing the challenge), I don`t know if other options are possible.

BenjaminUrquhart · September 21, 2019, 11:48pm

Not sure about this. Never seen it before in 1k+ clashes.

The validators are different from the tests. The tests probably check something the validator doesn’t. This can be remedied by leaving a comment on the associated contribution or editing the clash yourself if you have the permission.

CG has been having weird server issues lately. It’s happened before, just wait for them to fix it again. It never hurts to do something other than clash though

I believe these are also related to the server issues.

The difficulty of a clash is dependent on the skill levels of the players (determined by your ranking iirc). If you have a lot of unskilled clashers in your lobby, the more likely easy puzzles will be selected. Also, recently accepted contributions tend to be given out a lot in order to assess their difficulty.

Clash of Code scores are determined via the TrueSkill ranking algorithm. It decays over time. I don’t know all the details about this one, perhaps someone else can elaborate.

Hope this helps!