Robbing the guild bank
by Amanda Miller 
Nov 22nd 2007 at 5:20PM
Currently, withdrawal limits are not reset when a character joins a new guild. Whatever a character's old guild status was carries over. In this way, officers are leaving guilds, joining new ones, and gaining officer access to the new guild's bank tabs. After withdrawing most of the loot, the character transfers servers or mails off the loot and deletes his toon. The guild logs report "Unknown" as the culprit.
In theory, any character could start their own guild, or get invited as an officer to a new guild (this is common when children start guilds), just to exploit this problem.
The only fix is for the guild master to manually reset the new recruit's guild bank permissions immediately upon invite. While there will always be potential for abuse when pooling resources, at bare minimum, we should be able to protect our investments from outside forces.
Filed under: Items, Bugs, Guilds, Blizzard, News items
Reader Comments (Page 1 of 2)
PeeWee Jan 28th 2008 8:06AM
It's so nice that this bug isn't being hotfixed. Like they did with the non-bug of Ghost wolves-taming.
Tridus Nov 22nd 2007 6:01PM
Kudos to WI for getting this information out there. People need to know how to prevent this.
On another note, this is a colossal failure on Blizzard's part. Even a half-trained monkey knows how to do basic permission handling better then this.
Noname Nov 22nd 2007 7:19PM
Blizzard better off refunds to all the guilds who got screwed by this. Shame on Blizzard for letting this bug getting past the PTR.
Delta Nov 22nd 2007 6:32PM
I wouldn't say they failed, but that is quite the bug, considering one's permissions should be reset upon quitting and joining a new guild. I would have thought that unless the guild was giving low levels bank access, being a new recruit you would not have bank access.
Perhaps what they should do is disallow the lowest rank of guilds to access the bank by default, and the GM would have to elevate a new person up to the next level or whatever level for bank access.
Scott Nov 22nd 2007 6:35PM
Wow.
Just scored 2,000g with this. Thanks.
Furien Nov 22nd 2007 6:39PM
@3 Your mother would be proud.
hpavc Nov 22nd 2007 6:40PM
Yeah obviously an addon giving the functionality 'move all from guild bank slots' would be easy to write. The inability to see this was poor.
At least banks didn't come out in 2.0 whatever.
crusherkid Nov 22nd 2007 8:40PM
im gonna exploit this!
dekulink Nov 22nd 2007 8:04PM
Erk- this could show a lot of people how they could make some quick cash.
Maybe you could just say "Make sure you reset everyone's bank rules when they join." It would keeo the idiots away from the banks, at least : /
supermint Nov 22nd 2007 8:21PM
Well noname, perhaps you should have reported it?? They would have fixed it if they knew about it.
René Nov 22nd 2007 8:53PM
Well it clearly is a bug, and exploiting bugs leads to bans. One can only hope that the the bans regarding this issue will be permanent ones.
Morrigän Nov 22nd 2007 9:14PM
Blizz can track everything, they COULD ban the entire account for such exploit if they really wanted to. Just a handful of bans until people stop thinking about that.
But we all know they're gonna blame us.
Rook Nov 23rd 2007 2:47AM
Why is it taking so long to patch this bug? It sounds like a one line fix that could be rapidly implemented tested and rolled out in the earliest maintenance cycle.
This is a god send for gold scammers to heist resources and affect lots of players.
brett Nov 23rd 2007 3:36AM
anyone who allows new guild recruits unfettered access to the guild bank deserves to get taken for all their worth.
as a side not to those effected, can I get keys to your house and a schedule of when you will be out of town please?
evestraw Nov 23rd 2007 3:41AM
hi i am the bank alt of X
can you invite me to guild so i can make some deposits?
Easterling Nov 23rd 2007 4:49AM
Is this entry somewhat ill advised ? - as it explains clearly how to get away with robbing a bank!!!
apop Nov 23rd 2007 4:59AM
Learn to read idiots, it's not the access they are given by the new guild but the previous guild. Hence why it's a bug, if this post was about people allowing new recruits full access then there would be no problem on blizzard's behalf.
dacamper Nov 23rd 2007 7:03AM
Thanks for this info, will help us protect our guild bank. Looks like from the description, the guild bank privileges are stored per-character on the server, and NOT per rank then looked up using the toon's rank when bank access is needed. This is very poor security design for sure... fer shame blizz!
ubergrendle Nov 23rd 2007 9:04AM
I sometimes wonder who runs their Q/A shop. Very simple bugs get into the wild, this would qualify as a negative unit test case for user/application permissioning...seriously its Q/A 101. Blizz catches alot of flack for things that isn't their responsibility/could not be forseen, but this is a dead simple bug that shouldn't have even made it to the PTR in the first place, let alone production!
Dark Nov 23rd 2007 12:25PM
There is also a different bug with the logging of transactions. Last night I moved some stuff around in our bank on one character, then logged in with a different character to donate some gold. When I checked the log, all of my previous transactions from the other character were attributed to a completely different person in the guild. That kind of makes the logging system pointless if I'm trying to track down potential abuse.
Also... is it me, or is the log way too short? I see transactions covering about a page's worth, and I *know* there have been more transactions than that. Last gripe... the log should go back at least a couple of weeks.