consider the following:

[lua]

concommand.Add(“dropmoney”, function(p,*,*,s)

local amount = tonumber(s);

if(amount <= 0) then return; end

if(p:GetMoney() < amount) then return; end

```
p:SetMoney(p:GetMoney() - amount);
CreateMoneyEntity(amount):SetPos(p:GetEyeTrace().HitPos));
```

end);

[/lua]

This is completely exploitable and can be abused to make your money “NaN”

How?

*in console*

```
dropmoney nan
```

Why would this cause it?

Explanation:

In Lua 5.2 and above they remove a feature, tonumber"nan" and tonumber"inf". These would respectively return the result of 0/0 and math.huge.

NaN (0/0) will return false for EVERY comparison, even against itself…

```
] m> tostring(0/0), 0/0 == 0/0
"nan" false
```

This is dangerous.

math.huge, also known as tonumber"inf" is also relatively dangerous. Not as much so as nan, but it’s still something you might want to check for.

a function to check if the number is finite:

[lua]

local function IsFinite(num)

return not (num ~= num or num == math.huge or num == -math.huge);

end

[/lua]

using this to fix our code above…

[lua]

concommand.Add(“dropmoney”, function(p,*,*,s)

local amount = tonumber(s);

if(not IsFinite(amount)) then return; end

if(amount <= 0) then return; end

if(p:GetMoney() < amount) then return; end

```
p:SetMoney(p:GetMoney() - amount);
CreateMoneyEntity(amount):SetPos(p:GetEyeTrace().HitPos));
```

end);

[/lua]

I also advise you to NEVER make a string into a number, like concommands or net.WriteString a numeric-string. Always use net.WriteLong, net.WriteInt, net.WriteUInt, net.WriteDouble, etc. when possible!