Item duplication using slot transfer while shulker box breaks

NOTE: This issue might be a duplicate of other private issues. Please check this bug report and see if there are any similar reports.

TL;DR: An item duplication in 1.17.1 is publicly disclosed on YouTube, GitHub, etc and is unpatched yet.

The Bug

A client, using a client-side mod, can duplicate any* items on a vanilla server. (*. Shulker box cannot be duplicated because it cannot be nested inside another one.) This is tested on the vanilla 1.17.1 server (as demonstrated in multiple public videos) and 21w44a integrated server.

Exploitation

Exploitation requires a shulker box block to be broken while a player transfers an item in the shulker box out of the box. When successful, the item should be both inside the dropped box item, and somewhere inside player's inventory. Most known exploitations perform this via modded clients, since clients can break a block while a HUD is open. It should technically be possible to perform this without client-side mods using precise timing and pistons to break the block.

The source code for the "dupe mod" has already been public (by third party) for 1.5 months: https://github.com/Coderx-Gamer/shulker-dupe

There are multiple videos explaining/abusing the bug:

• https://www.youtube.com/watch?v=I9Ob0xDnL3g
• https://www.youtube.com/watch?v=6vgZ_bOH0qw
• https://www.youtube.com/watch?v=PGJrCsWTxkI
• https://www.youtube.com/watch?v=ozkmxYk_v3M
• https://www.youtube.com/watch?v=mOajDte8zJM
• https://www.youtube.com/watch?v=-sND0NpXFNc (1.18.1, 3:06-)
• https://www.youtube.com/watch?v=pfmAhMRr9Vg (1.18.1)
• https://www.youtube.com/watch?v=m2M0fptpvqc (1.18.1)

Root Cause

There is a little margin during A) when a shulker box block contents are inserted to shulker box item entity as part of the drops and B) the player HUD for shulker box is forcibly closed by the server. During this time, if you have the shulker box HUD open and perform some slot transfers (e.g. moving the stack from shulker box to hotbar), the item stack can co-exist inside the shulker box item and the destination of the stack (e.g. hotbar).

By using a mod to 1) break block while a HUD is open and 2) send the slot transfer packet just as the block breaks, this bug becomes really easy to exploit.

Fix

ShulkerBoxBlock should clear its inventory inside the loot table callback. Yarn 1.17 mapping:

  public List<ItemStack> getDroppedStacks(BlockState state, LootContext.Builder builder) {
    BlockEntity lv = (BlockEntity)builder.getNullable(LootContextParameters.BLOCK_ENTITY);
    if (lv instanceof ShulkerBoxBlockEntity) {
      ShulkerBoxBlockEntity lv2 = (ShulkerBoxBlockEntity)lv;
      builder = builder.putDrop(CONTENTS, (arg2, consumer) -> {
            for (int i = 0; i < arg.size(); i++)
              consumer.accept(arg.getStack(i)); 
          });
          /* should call lv2.clear(); here */
    } 
    return super.getDroppedStacks(state, builder);
  }

Credits

Thanks to Coderx-Gamer for providing the mod used for exploitation.