Diablo III Economy Broken by an Integer Overflow Bug

written in Bugs Gaming

Diablo III, Blizzard’s highly-awaited online-only Action RPG released almost a year ago to the day, has had its share of technical difficulties. From Error 37 to lag spikes that can cause hundreds of hours to go to waste, Blizzard has spent the past year improving the game backend to better accommidate the millions of active players.

Diablo III is also noted for its economy, with an emphasis on a region-wide auction house where players can trade one-in-a-million items for millions and billions of gold. (inflation is crazy). Additionally, Diablo III emphasized the use of a Real World Auction House, where players can sell gold or items for real world cash.

Today was the launch of Patch 1.0.8, a patch which promised improvements to character progression. After spending a few weeks on a Public Test Realm, where players volunteered to tested the patch to ensure that there were game-breaking exploits, the patch released successfully.

Except for one patch note that was added last minute and not tested in the PTR. And it’s a patch note that broke the economy to tiny pieces.

The patch notes from the final build contained this change:

The stack size for gold sales on the auction house has been increased from 1 million to 10 million.

Normally, on the Real Money Auction House, the player can only sell money in 1 million gold increments. In 1.0.8, the player can sell it in 10 million increments. So, what happens when the player tries putting an absurd amount of money on the Auction House?

Reddit user tyropro has a nice explanation:

The gold “dupe” involved creating a RMAH auction for billions of gold while staying under the $250 limit. The example I saw in a video was 6 billion gold (600 x 10,000,000 at $0.39 per stack, for $234). When they posted this auction only ~1.7 billion appeared to be for sale, with the rest “missing” until they sent it to their stash and ended up with more than they started with. The exact numbers from a duping video:

Create RMAH auction for:            6,000,000,000 gold
Auction shows up as:                1,705,032,704 gold
This much is missing!               4,294,967,296 gold
The missing amount, divided by 2:   2,147,483,648 gold

2,147,483,648 (or 231) is the maximum value you can store in an int32 in programming. I’m no programmer, but I took one class in high school and was taught about the limits of different variable types. See:

Simply put, their RMAH gold selling code wasn’t written to handle numbers over 2,147,483,648 properly, and the result was duplicate gold being added to people’s stashes.

4,294,967,296 is also 232, or the bound on an unsigned integer, which would be an interesting implementation choice on Blizzard’s part.

And so, the dupers created these 6-billion-gold auctions which only appears to sell as 1.7 billion (and therefore only had 1.7 billion deducted from the current balance), canceled them, and were fully refunded the 6 billion for a net profit of the difference (4.2 billion). Repeat ad nauseum.

A popular game streamer showed off the exploit. Other streamers followed. It was easily reproducible and everyone knew how to reproduce it.

Hilarity ensued.

diablo31

Yes, that’s 420 billion gold.

After buying up all the duped items in the Auction House, the items were then sold on the Real Money Auction House. For real money. And people bought them.

This is the definition of a worst-case scenario for Diablo III. All because of an untested patch note. What could Blizzard do? Performing a roll-back would wipe all progress obtained by players for the patch day, which would result in a lot of bad PR. But leaving the economy as-is will devalue all items in the game (and Diablo III is all about getting items).

In the end, Blizzard has not done a roll-back, but instead banned anyone who duped, and refunded anyone who spent real money. The bug was temporarily fixed by reverting the patch note which caused the entire mess.

Let this be a lesson on what happens when you include an untested change at the last minute. You could break an entire economy. Eh, no big deal.

about me

Max Woolf is a Software QA Engineer living and working in the San Francisco Bay Area for over 2 years. He graduated from Carnegie Mellon University in 2012 with a degree in Business Administration, concentrating in Computing and Information Technology.

In his spare time, Max uses Python to gather data from public APIs and ggplot2 to make pretty charts from that data. Max also comments on technology blogs rather frequently.

You can learn more about Max here.