• Max's avatar
    fix an exploit · d3ed1071
    Max authored
    with the way the query works, members mentioned multiple times will only receive the money once (database side), but with the way the cache update works, members will receive the money multiple times (cache side)
    This leads to a discrepancy as users will have more money in cache than in the database, which - more or less - can bypass the has_money() check
    d3ed1071
__init__.py 62.9 KB