Incorrect Input Handling Allows Users to Exploit Betting Pool with Negative Bet Amounts #1
Description
Issue Description:
Currently, in the web-browser project of our horse racing game, players can bet money on a given horse in the game. However, there is a critical flaw in the input handling system that allows users to exploit the betting pool by entering negative numbers in the bet amount input field. This behavior leads to unintended consequences, as regardless of the actual outcome of the race, the user receives money even if they lose the bet. Furthermore, negative bet amounts are being credited to the betting pool, resulting in an imbalance and unfair distribution of rewards.
Steps to Reproduce:
- Navigate to the horse racing game.
- Select a horse to place a bet on.
- In the bet amount input field, enter a negative number (e.g., "-100").
Expected Behavior:
Entering a negative number in the bet amount input field should be disallowed, and an appropriate error message should be displayed to the user, informing them that only positive values are allowed for betting.
Actual Behavior:
Currently, the input handling system does not prevent users from entering negative numbers in the bet amount input field. Instead, it treats the negative value as a valid bet, and users are credited with the negative amount if they lose the bet. This loophole allows users to exploit the betting pool, leading to financial imbalances within the game.
Suggested Solution:
- Implement input validation for the bet amount field to disallow negative numbers and other invalid inputs.
- Display a clear error message to users when they attempt to enter a negative value or an invalid bet amount, guiding them to enter a positive amount for betting.
Additional Notes:
It's essential to thoroughly test the updated input handling system to ensure that it correctly prevents negative values and any other potential exploit scenarios. Additionally, consider validating the bet amount on both the frontend and backend to prevent any potential manipulation of client-side validation. By addressing this issue promptly, we can ensure fair gameplay and maintain the integrity of the betting pool in our horse racing game.