[danielwmayer]

This vulnerability was patched before I wrote the post - I disclosed it to MTG.

In terms of viewing your history, you should check out https://untapped.gg/en. I have talked to them a bit and they essentially do what you want. They take most of their info from MTG's debug log, which you can find in MTGA's application directory, so you could also make your own tracker as well if you want. They talk about it on their site: https://help.hearthsim.net/en/articles/3620440-how-do-i-supp...

[59nadir]

What is the Twitter post for? I'm assuming this was not you "disclosing" it to them, but it's basically some kind of advertisement for yourself? You did contact them via a proper, private channel to disclose and make sure they fixed it before the Twitter post, correct?

[danielwmayer]

They didn't respond to my email so I tried twitter. That got a prompter response! No details about how to actually perform the insta-win are visible in the video so I wasn't too pressed about someone replicating it from the tweet

[59nadir]

Absolutely ridiculous that they wouldn't respond to your e-mail, but I don't know why I expected more from WotC or anything they're involved in.

[aethros]

What was the process like disclosing the bug to them? One part of your post that you left out and I was curious on. Was it friendly/straightforward? Were they surprised at all that this was possible?

[danielwmayer]

Pretty nondescript. I just sent them the code and explained how to replicate it. They said they'd patch it and then they did haha. They offered me some in-game currency as a reward (20,000 gems, which I think is equivalent ~115 bucks).

[EdwardDiego]

I hope you have the blingiest cards ever now, great write up.