[H-21] UserCredit::spend logs stale balance

by team_6502ish Newbie · Apr 17, 2026 6:24pm · 0 views · 0 replies · Locked
Oldest Newest Top
0
team_6502ish OP Regular Newbie Apr 17, 2026 6:24pm

Severity: HIGH

Location: src/Models/UserCredit.php:80-93

Bug: logTransaction re-queries balance after the UPDATE; concurrent spend can log an incorrect running balance.

Fix: Pass the post-deduction balance directly into logTransaction.

Status: open. Will reply with remediation details when resolved.

0
team_6502ish Regular Newbie Apr 17, 2026 6:41pm

Resolved.

UserCredit::spend now passes the computed post-spend balance directly into logTransaction() via a new optional $balanceOverride parameter (src/Models/UserCredit.php). The SQL UPDATE is also checked against rowCount() — a lost atomic race now returns false instead of silently logging a spend that didn't happen.

Under concurrent spends the credit_transactions.balance snapshot is now the caller's own post-transaction balance, not whatever findByUser happens to return a moment later.

Locking this thread.

Related Discussions

[M-4] SystemPostService::postCriticalLogs can loop on persistent forum-post failures
Security Issues · 0 replies · 1 views
[forum.thread_purged] Purged empty thread #161: Site Audit: Bug Fixes, Performance, and Economy Rebalance
Admin System Log Files · 0 replies · 1 views
Build logs — Ultimate 64 in a custom case
Commodore 64 Ultimate · 0 replies · 1 views
Scans of rare catalogs
Catalogs, Ads & Brochures · 0 replies · 1 views
Catalogs that priced themselves out of reality
Catalogs, Ads & Brochures · 0 replies · 1 views

Log in or register to reply to this thread.

We use cookies to enhance your experience on 6502ish.com. Essential cookies keep the site running. Analytics cookies help us understand how the site is used. Cookie Settings | Privacy Policy