An invulnerability exploit was recently discovered in Amazon’s massively multiplayer colonialism simulator New World. Though it’s now been patched, the simple trick made players unkillable when they moved the window New World was running in. This started a conversation about whether the exploit worked because New World was “client authoritative”, that it was trusting the game client’s version of reality over that of the server, which would be a significant flaw. Though the initial viral Twitter thread about this has since been deleted, others elaborated on it.
Amazon has now posted on the New World forums to explain that “New World is not client authoritative”. Community manager Luxendra writes, “from a simulation standpoint New World is entirely server based.” Inputs from the client are fully animated on the server, and only after the animation is complete does the information get sent back. “We don’t short cut or roughly compute this,” Luxendra writes, “we do full physics detail for all such actions. Upon receiving the outcome, either hit or miss, the client will adjust its visual display to match what the server has determined. There are some client side tricks we use here to ‘stretch’ the animation while the client is waiting for the server answer, but the outcome is always based only on the server answer.”
The rubberbanding experienced by lagging players certainly suggests that the server has authority. But why didn’t that prevent the invulnerability exploit? Because of a bug apparently, and one that was soon fixed.
“We did have a bug,” the post continues, “in which given certain circumstances we were waiting server side on input from a client before processing through to outcomes. Combined with an intentional weapon effect that allows for brief invulnerability, this created a situation where players could reach an invulnerable state and prolong it by making the client unresponsive, even though the client has no say in damage (both damage the player creates and damage taken by the player are computed server side based on the results of physics simulation plus game rules). This was a particularly bad bug given our server based simulation, and we apologize for that. We corrected the bug in code the same day we learned about it, then tested to make sure nothing unintended came out of those changes, and published the fix immediately after that.”
New World has had a rough time of it lately. Amazon just had to deploy a fix to prevent the issue where players were able to post links and images in chat, which could even cause crashes, and it’s got problems with bots hogging crafting materials as well.