[Crash] Unchecked msg.currentKills numeric operation in addKill handler

[coderabbitai]

Summary

Services server produces NaN when msg.currentKills is undefined, corrupting streak data.

Affected Code

server-services/start-services.js:398

userData.streak = Math.max(msg.currentKills, userData.streak || 0);
// NaN if msg.currentKills undefined

Vulnerability

If client sends {"cmd":"addKill"} without currentKills field.

Impact

• User streak corruption (becomes NaN)
• Database integrity issue

Proof of Concept

{"cmd":"addKill","session":"valid_session"}

Recommended Fix

const currentKills = parseInt(msg.currentKills) || 0;
userData.streak = Math.max(currentKills, userData.streak || 0);

References

• PR: New Blocks & Ported fancyMuzzle flash #43