Upgradable SellChest v1.2

Critical Bug Fixes & Improvements

Fixed Issues:

1. Critical: Upgrade System Reset Bug

• Issue: Upgrading a SellChest would reset the upgrade level back to 1
• Cause: Conflict between manual value setting and automatic synchronization system
• Fix: Completely refactored upgrade logic to use single source of truth (UpgradeManager)
• Impact: All three upgrade types now work correctly (Item Amount, Sell Frequency, Sell Percentage)

2. Database Type Inconsistency

• Issue: totalItemsSold was being saved as Integer despite database using BIGINT
• Cause: Wrong type casting in DatabaseManager
• Fix: Changed from stmt.setInt() to stmt.setLong() for proper Long handling
• Impact: Prevents data overflow for large quantities of sold items

3. Potential NullPointerException in UpgradeManager

• Issue: Could crash when accessing empty upgrade configurations
• Cause: Missing null/empty checks in getLevelData() and getMaxLevel()
• Fix: Added proper validation before accessing TreeMap keys
• Impact: Improved plugin stability and error handling

4. GUI Display Inconsistency

• Issue: Upgrade GUI showed incorrect prices and max levels
• Cause: GUI was using deprecated ConfigManager instead of UpgradeManager
• Fix: Updated all GUI display methods to use UpgradeManager
• Impact: GUI now displays accurate upgrade information

Technical Improvements:

• Removed legacy ConfigManager dependencies from upgrade system
• Improved code consistency across all upgrade-related operations
• Enhanced type safety in database operations
• Better null safety throughout the codebase

Files Modified:

Code:

• UpgradeGUI.java - Complete upgrade system refactor
• UpgradeManager.java - Added null safety checks
• DatabaseManager.java - Fixed type casting for statistics

Compatibility:

• No configuration changes required
• Fully backward compatible with existing data
• No API changes

Recommendation:
Update immediately if you're experiencing upgrade reset issues. This update fixes critical bugs that could affect server economy balance.

Critical Security Fixes​

1. Item Duplication Exploit Prevention​

• Location: UpgradeGUI.java
• Issue: Race condition allowing multiple players to pickup the same SellChest simultaneously, duplicating items and statistics
• Fix: Added synchronized blocks and state verification to prevent concurrent pickup operations
• Impact: Prevents 2-3x item duplication exploits

2. Economy Transaction Rollback System​

• Location: SellChestManager.java
• Issue: Items removed from chest but money not deposited if economy plugin crashes mid-transaction
• Fix: Implemented inventory backup and automatic rollback on economy transaction failure
• Impact: Prevents money/item loss during server lag or economy plugin failures

3. NullPointerException Crash Fix​

• Location: SellChestManager.java
• Issue: Crash when EconomyShopGUI integration returns null items map
• Fix: Added null checks for sellPrices.getItems() method
• Impact: Prevents denial-of-service through plugin crashes

High Priority Fixes​

4. Integer Overflow Protection​

• Locations: SellChest.java, DatabaseManager.java, ChestPlaceListener.java, ChestBreakListener.java, UpgradeGUI.java
• Issue: totalItemsSold using int type would overflow after 2.1 billion items, causing data corruption
• Fix: Changed to long type (supports up to 9 quintillion items), including database migration
• Impact: Prevents statistics corruption and database errors on high-volume servers

5. Owner Verification System (Anti-Tampering)​

• Location: SellChestManager.java
• Issue: Players could manually edit YAML files to change chest ownership and steal earnings
• Fix: Implemented checksum verification for owner UUID and location on data load
• Impact: Prevents ownership manipulation and unauthorized money farming

6. Race Condition in Dirty Chests​

• Location: SellChestManager.java
• Issue: Non-atomic operations on dirtyChests set could cause data loss during async saves
• Fix: Added synchronized block around check-clear operations
• Impact: Prevents data loss during high-frequency chest updates

7. ConcurrentModificationException Prevention​

• Location: SellChestManager.java
• Issue: DoubleChest holder changes during iteration causing crashes
• Fix: Added exception handling and safe update patterns for DoubleChest operations
• Impact: Prevents crashes when players interact with double chests during sales

Medium Priority Fixes​

8. Double-Click Exploit Protection​

• Location: UpgradeGUI.java
• Issue: Rapid clicking on upgrade buttons could withdraw money multiple times
• Fix: Added 500ms cooldown between upgrade attempts per player
• Impact: Prevents economy exploit through rapid clicking

9. Memory Leak Fix (Holograms)​

• Location: HologramManager.java, HologramUpdateTask.java
• Issue: Dead hologram entities not removed from memory cache, causing gradual memory exhaustion
• Fix: Implemented cleanupDeadHolograms() method running every 60 seconds
• Impact: Prevents long-term memory leaks on busy servers

10. Configuration Validation​

• Location: ConfigManager.java
• Issue: Negative upgrade costs in config would cause free or money-generating upgrades
• Fix: Added validation to reject negative cost values with warnings
• Impact: Prevents config-based economy exploits

11. Protection Plugin Integration​

• Location: ChestPlaceListener.java
• Issue: Text displays and data saved even when protection plugins (WorldGuard, GriefPrevention) cancelled placement
• Fix: Added event.isCancelled() check and increased event priority to HIGH
• Impact: Fixes ghost SellChests in protected regions

Technical Details​

Files Modified: 10
Security Issues Fixed: 11
Performance Improvements: 3
Database Schema Changes: 1 (INT → BIGINT migration for totalItemsSold)

Breaking Changes​

• Database schema updated: total_items_sold column migrated from INT to BIGINT (automatic)
• YAML format updated: Added _checksum field for integrity verification
• Old save files will be automatically migrated on first load

Testing Recommendations​

1. Test chest pickup with multiple players simultaneously
2. Verify transaction rollback during economy plugin lag
3. Test with protection plugins (WorldGuard, GriefPrevention, Lands)
4. Monitor memory usage for hologram cleanup effectiveness
5. Verify config validation with negative values