Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is 23,148,855,308,184,500 a magic number, or sheer chance?

News reports such as this one indicate that the above number may have arisen as a programming bug.

A man in the United States popped out to his local petrol station to buy a pack of cigarettes - only to find his card charged $23,148,855,308,184,500.

That is $23 quadrillion (£14 quadrillion) - many times the US national debt.*

In hex it's $523DC2E199EBB4 which doesn't appear terribly interesting at first sight.

Anyone have any thoughts about what programming error would have caused this?

like image 328
Roddy Avatar asked Jul 15 '09 19:07

Roddy


People also ask

What is considered a magic number?

What's a magic number? A magic number is a number in the code that seems arbitrary and has no context or meaning. This is considered an anti-pattern because it makes code difficult to understand and maintain. One of the most important aspects of code quality is how it conveys intention.

What is magic number used for?

In programming, a magic number is a constant value used to identify a file format, protocol or error code. In many file formats, the first few bytes identify the file; for example, "PK" in ZIP files and the hex values "F8 D8" in JPEG files.

Why should magic numbers be avoided in C?

While avoiding magic numbers is a simple concept, it will increase the readability and refactorability of your code, thus improving its cleanliness.


2 Answers

Add the cents to the number and you get 2314885530818450000, which in hexadecimal is 2020 2020 2020 1250.

Do you see the pattern? The first six bytes have been overwritten by spaces (hex 20, dec 32).

like image 123
Guffa Avatar answered Oct 23 '22 16:10

Guffa


Hold on a second; there’s something fishy going on.

While the space-padded explanation certainly seems good, it may be (at least partly) specious.

VISA said that there were “fewer than 13,000” customers affected by the snafu with the Visa Buxx pre-paid cards. I’ve found news on several so far. Josh Muszynski in New Hampshire, Jason Bryan in Tennessee, Ron Seale in Texas, Karen Taylor’s teenage son in Bethel, and a teenage girl, Elizabeth Lewis in Owatonna .

The thing is that all of them have the exact same charge: $23,148,855,308,184,500.00. If the problem was the space-padding, then how is it that all of them had the exact same $0x1250 ($46.88) charge? Two of them had purchased cigarettes at gas stations, another two had paid at restaurants, Lewis bought eggs and milk, the last one at a drug store. Do all these varied items happen to cost the same? $46.88 for a restaurant bill seems okay, but for a pack of cigarettes? for milk and eggs‽

The space-padding error makes sense, except it does not account for the 0x1250 constant. Why is it that all of them ended up with 0x2020 2020 2020 1250 instead of 0x2020 2020 2020 2020 or different numbers in the last WORD?

Hmmm, if only 13,000 customers were affected, it may be that somehow that exact, specific charge triggered the error. In that case, it is more than just a field error. If it was just the text field being interpreted as a 64-bit integer, then why didn’t other amounts cause it, thus affecting everyone, not just <13,000. Still, how is it that 13,000 people could have just happened to charge the exact same amount in the same week?

They say it’s a “temporary programming error”, and it may well be, but could it be a hacking thing? In that case, it probably would be a magic-number. In fact, it may be a combination of both: some hacker putting a 0x1250 automatic charge, that got combined with the space-padding error, causing one or both errors to be detected.

The Register thinks that the answer is indeed the padded-field error, but does not expand on why they are all the same, although one of the comments mentions the number possibly being rounded to the nearest $100 (unlikely since banks and banking software explicitly go to lengths to ensure precision).

(There is also a report of a similar, earlier error.)


Jason Bryant’s bill:

Jason Bryant’s bill

Elizabeth Lewis’s bill:

Elizabeth Lewis’s bill

Ron Seale’s bill:

Ron Seale’s bill

Josh Muszynski’s bill:

Josh Muszynski’s bill

like image 32
Synetech Avatar answered Oct 23 '22 16:10

Synetech