Amazon’s multiplayer colonialism simulation New World recently revealed an invulnerability vulnerability. Although the vulnerability has been fixed, it made players invulnerable to being killed when they moved the New World window. The exploit was discovered to be “client authoritative” by New World, meaning it trusted the client’s version over the server’s. This was a major flaw. Reddit posts and popular Twitter threads suggested that this was the root cause of New World’s problems (one thread from last week has since been removed).
Amazon replied to the claims on Friday by stating that New World was not “client authoritative”. Luxendra, community manager, stated that the New World simulation is “entirely web-based”. The client’s inputs are fully animated on the server. Only after animation is completed can the information be sent back.

Luxendra says that “we don’t cut corners or approximate this,” and that “we do all the physics details for such actions.” The client will adjust the visual display to match the result of the server’s decision after receiving the outcome. While there are client-side tricks that we employ to “stretch” the animation while the client waits for the server’s answer, the final outcome is always determined solely by the server’s answer.

Lagging players’ rubberbanding is a clear indication that the server holds authority. Why didn’t the server prevent the invulnerability exploit from happening? According to Amazon, it was due to a bug.

“We did have an issue,” the post states. “In which, given certain circumstances, we had to wait server side for input from clients before processing through to results.” This was combined with an intentional weapon effect, which allows for short invulnerability. It created a situation in which players could reach an invulnerable status and make the client unresponsive. The client does not have any say in the damage done. Both damage that the player causes and damage that the player takes are calculated server-side based on physics simulation and game rules. We regret that this was an issue due to our server-based simulation. The bug was corrected in code within minutes of learning about it. We then tested the changes to ensure that nothing was unintended. The fix was published immediately thereafter.

New World has been having a difficult time lately. Amazon had to implement a fix for the problem where players could post links and images in chat. This could cause crashes and also has problems with bots hoarding crafting materials. It is still very popular and ranks among the top three Steam games in terms of daily concurrent players. About 8% of New World players had reached maximum level at the last check.

Leave a Reply