Commit d3ed1071 authored by Max's avatar Max 💬

fix an exploit

with the way the query works, members mentioned multiple times will only receive the money once (database side), but with the way the cache update works, members will receive the money multiple times (cache side)
This leads to a discrepancy as users will have more money in cache than in the database, which - more or less - can bypass the has_money() check
parent 2cf6f4f0
......@@ -901,6 +901,7 @@ class Guild(commands.Cog):
if not members:
return await ctx.send(_("You can't distribute money to nobody."))
members = set(members) # removes dupes
# int() rounds down as to not go over the money limit
# we need to update the amount after rounding down too to avoid losing money
for_each = int(amount / len(members))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment