It was brought to our attention this evening that a critical exploit exists within Tabletop Simulator that would compromise the integrity of the Road to Nationals, were it to go ahead this weekend.
The exploit made it possible to identify with 100% accuracy, the order of cards in BOTH players decks, without alerting spectators, players, or leaving any visible record.
We have been working non stop to to address this in the attempt to find a fix, but we need more time.
We want all players to have a positive and fair game experience, and agreed with Legend Story Studios that we could not, with confidence, meet their integrity standards to run this event as scheduled.
It is with much sadness, we must postpone this event – for your sake. We have considered many options, and agreed this was the best decision. We could not run this tournament knowing this exploit were possible.
We are trying out new ideas to keep the community connected during this period of isolation; we were looking forward to this event being a terrific weekend of Flesh and Blood. We unreservedly apologise to all of you who have worked hard to be ready for this event, and who were so excited to participate.
We are committed to the event proceeding so long as we can give you our assurance that all games will be fair and balanced.
Will the event be refunded?
We are committed to the event going ahead if we can find a fix to the exploit.
If the event cannot be held online via TTS, we will refund all players immediately.
Should you wish for a refund earlier, please contact us.
Couldn't we play anyway; I won't cheat?
We wish that were so.
The exploit was so severe, and so easily executable that we could not guarantee any player’s experience.
Equally, we could not police the games to ensure their validity.
Couldn't judges just audit the tables?
We assessed this option and determined the exploit was so quickly and easily executable that it was non-detectable.
What solutions did you explore?
We first learnt about this at 8pm on Friday-17th April.
We spent the following 4hrs exploring the following options:
- permissions for the table (rejected: host always has permissions)
- API scripting (rejected: cannot distinguish exploit events from standard events)
- hosting games for players (rejected: cannot scale to the size of the event)
- other modifications to the workshop (rejected: could not prevent the behaviour)