Chalk Infinite Course Election Coins Bug Analysis

Disclaimer: This document is intended solely for technical discussion and educational purposes. The reader is advised against attempting to reproduce the bug. The author disclaims all responsibility for any adverse effects that may arise from using this information.

Procedures

• Download Postman and Postman Interceptor Chrome Extension
• Open course selection page, remove all your existing courses, then select courses you desire. Fill appropriate amount of coins for each course, ensuring that there are minimum 99 coins (or your desired value) after filling all the courses.

• Open Postman Intercept extension and start capturing.

Click "Start Capture"

• Submit courses. Then stop the capture.

• Open Postman and select "Requests" Tab.

• Find the POST request with URL ended in $batch

• In the request detail tab, select Body tab. Using ⌘F/Ctrl-F to open search panel and look for keyword coins.

• Change the value of coins to 99, or your desired value (must within the range of your remaining coins)

• Send the request. Response should show "Success"

• Now go back to the webpage and refresh. You should see new courses are created with new values.

• Remove the courses with old values. You may notice that the newly added 99 coins course is actually removed from the list. However, there is no need to panic as the removed course will be displayed correctly after refreshing the page.

Previous courses with 1 coin are correctly removed

• (Optional) To make sure your courses are updated, open Chrome Dev Tools and select Network panel. Select Fetch/XMR filter. Find the request ending with query . You should see the coins are 99.

Info: If you send multiple requests, the corresponding number of course will be shown. However, this action is not recommended because it might result in unexpected behavior.