From 7440b63b2e9588b0e895f7229b2d7a7cb408b016 Mon Sep 17 00:00:00 2001 From: n8n-gitea Date: Wed, 10 Jun 2026 21:48:29 +0200 Subject: [PATCH] fix: reject negative amounts in spendRawMana, spendElementMana, addRawMana, addElementMana, and unlockElement to prevent mana exploit --- docs/circular-deps.txt | 2 +- docs/dependency-graph.json | 2 +- src/lib/game/stores/manaStore.ts | 6 +++++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/circular-deps.txt b/docs/circular-deps.txt index 158d04d..f446072 100644 --- a/docs/circular-deps.txt +++ b/docs/circular-deps.txt @@ -1,5 +1,5 @@ # Circular Dependencies -Generated: 2026-06-10T11:13:04.646Z +Generated: 2026-06-10T18:50:03.343Z Found: 3 circular chain(s) — these MUST be fixed before modifying involved files. 1. 1) stores/golem-combat-actions.ts > stores/golem-combat-helpers.ts diff --git a/docs/dependency-graph.json b/docs/dependency-graph.json index e51140d..5009036 100644 --- a/docs/dependency-graph.json +++ b/docs/dependency-graph.json @@ -1,6 +1,6 @@ { "_meta": { - "generated": "2026-06-10T11:13:02.589Z", + "generated": "2026-06-10T18:50:01.087Z", "description": "Import dependency graph for src/lib/game. Keys are files, values are arrays of files they import.", "usage": "To find what a file affects, search for its path in the VALUES. To find what a file depends on, look at its KEY entry." }, diff --git a/src/lib/game/stores/manaStore.ts b/src/lib/game/stores/manaStore.ts index 8e71332..9b3c6b5 100755 --- a/src/lib/game/stores/manaStore.ts +++ b/src/lib/game/stores/manaStore.ts @@ -76,6 +76,7 @@ export const useManaStore = create()( }, addRawMana: (amount: number, maxMana: number) => { + if (amount < 0) return; set((state) => ({ rawMana: Math.min(state.rawMana + amount, maxMana), totalManaGathered: state.totalManaGathered + amount, @@ -84,7 +85,7 @@ export const useManaStore = create()( spendRawMana: (amount: number) => { const state = get(); - if (state.rawMana < amount) return false; + if (amount < 0 || state.rawMana < amount) return false; set({ rawMana: state.rawMana - amount }); return true; }, @@ -102,6 +103,7 @@ export const useManaStore = create()( unlockElement: (element: string, cost: number) => { const state = get(); + if (cost < 0) return fail(ErrorCode.INVALID_INPUT, `Unlock cost cannot be negative`); if (state.elements[element]?.unlocked) return fail(ErrorCode.INVALID_INPUT, `Element ${element} is already unlocked`); if (state.rawMana < cost) return fail(ErrorCode.INSUFFICIENT_MANA, `Need ${cost} raw mana, have ${state.rawMana}`); @@ -116,6 +118,7 @@ export const useManaStore = create()( }, addElementMana: (element: string, amount: number, max: number) => { + if (amount < 0) return; set((state) => { const elem = state.elements[element]; if (!elem) return state; @@ -129,6 +132,7 @@ export const useManaStore = create()( const state = get(); const elem = state.elements[element]; if (!elem) return fail(ErrorCode.INVALID_ELEMENT, `Element ${element} does not exist`); + if (amount < 0) return fail(ErrorCode.INVALID_INPUT, `Cannot spend negative mana`); if (elem.current < amount) return fail(ErrorCode.INSUFFICIENT_MANA, `Need ${amount} ${element} mana, have ${elem.current}`); set({ elements: { ...state.elements, [element]: { ...elem, current: elem.current - amount } } });