[MATHS ENGINE BUG] Exploits related

Bug Reports Engine Bugs
,
#1 
print(tonumber("NAN")) 
print(tonumber("Nan"))
print(tonumber("nAn"))
print(tonumber("naN"))
print(tonumber("NAn"))
print(tonumber("nAN"))
print(tonumber("nan"))

NaN - Not a Number, yet those are treated as numbers. Exploits using these to circumvent checks in-game.

Expected behavior

print(tonumber("NAN")) 
print(tonumber("Nan"))
print(tonumber("nAn"))
print(tonumber("naN"))
print(tonumber("NAn"))
print(tonumber("nAN"))
print(tonumber("nan"))

All of them should return nil

2 Likes
#2

This is intended behaviour, NaN is a number in Lua. If this is causing problems for you, check that n ~= n where n is the number that is being inputted. NaN is not equal to anything, not even itself.

3 Likes
#3

Pretty sure this is intentional, as even though its called ‘not a number’ it still is a number. Doing tonumber("inf") also produces a number which is intentional.

If you need to check if a value is nan to prevent spoofing you can do the following:

local example = (0 / 0)

if (example ~= example) then
    print(`{example} is NaN`)
end
2 Likes
#4

Use Rules Rules.RealNumber(Value) which passes only if the value is a finite number (not NaN or infinity).

#5

…or instead of having to use an entire library for this, the OP can just do

if a ~= a then
   print("Is NaN")
end
1 Like
#6 
Network:ConnectEvent(RemoteEvents.UpdateSettings, function(Player, Name, Value, Percent)

	end, Rules.Set(Rules.ClassName("Player"), Rules.String, Rules.Optional(Rules.Union(Rules.Number, Rules.Boolean)), Rules.InRangeInclusive(0, 1)))

RemoteEvent.OnServerEvent:Connect(function(Player, Name, Value, Percent)
    if typeof(Name) ~= "string" then
        warn("Invalid 'Name': expected string, got", typeof(Name))
        return
    end

    if typeof(Value) ~= "string" and typeof(Value) ~= "number" and typeof(Value) ~= "boolean" then
        warn("Invalid 'Value': expected string, number, or boolean, got", typeof(Value))
        return
    end

    if typeof(Percent) ~= "number" or Percent < 0 or Percent > 1 then
        warn("Invalid 'Percent': expected a number between 0 and 1, got", Percent)
        return
    end

    print(Player.Name .. " updated settings with Name: " .. Name .. ", Value: " .. tostring(Value) .. ", Percent: " .. Percent)
end)
#7

Thank you for reaching out.

While this might be surprising, Luau numbers can contain an infinity or a NaN values and these are their textual representations.
This behavior is intentional and existing code relies on it.

2 Likes