A Very Poor rated avatar (452,293 triangles) is being loaded as a fallback avatar on Windows with Safety Shield, even with max download size = 0 MB and Very Poor avatars blocked
available in future release
WubTheCaptain
I've noticed Jaywasreal (usr_a68050b3-ddc8-46b5-9353-f4b7680ea723) was wearing a Very Poor rated private Avatar 'avtr_2c03efc2-cf7a-44a7-8416-87d68a3b3919' (Jays priv choco) with
452,293 triangles (Very Poor) as a fallback avatar
, while everyone else with a Poor or Below performance rank avatar was blocked (fallback/impostor). These kind of fallbacks (> 70,000 triangles) should be typically impossible, because custom fallbacks require to be "Good" rated performance rank on all supported platforms (excluding components that will be removed when over the limit). Loading this Very Poor rated fallback persisted even on rejoining the world.Video
(15,1 MB): https://files.catbox.moe/vqlj0s.mp42025.12.20 01:49:16 Debug - [AssetBundleDownloadManager] Download for avatar (Worn:0 Friend:0 Shown:0 Near:0) (53.5 MB) started 8 seconds and completed 11 seconds after queueing.
2025.12.20 01:49:16 Debug - [AssetBundleDownloadManager] Average download speed: 1392478 bytes per second
2025.12.20 01:49:16 Debug - [AssetBundleDownloadManager] [341] Unpacking Avatar (Jays priv choco by Jaywasreal)
2025.12.20 01:49:17 Warning - [Behaviour] Avatar has 1 colliders. These will add an additional performance cost when active and no mirrors/cameras are active.
2025.12.20 01:49:17 Debug - [Behaviour] CacheComponents: ParticleSystems 63, AudioSources 25
2025.12.20 01:49:17 Debug - Found SDK3 avatar descriptor.
2025.12.20 01:49:17 Debug - [Behaviour] Using custom gesture mask from base layer
2025.12.20 01:49:17 Debug - [Behaviour] Using default fx mask (all muscles disabled, all transforms enabled)
2025.12.20 01:49:17 Warning - Recovered 142 Network IDs from Avatar
2025.12.20 01:49:17 Debug - [Behaviour] Avatar is Ready, Initializing
2025.12.20 01:49:17 Debug - Measure Human Avatar Avatar isRemeasure:False
2025.12.20 01:49:17 Debug - [Behaviour] Initialize ThreePoint Avatar VRCPlayer[Remote] 56 False 7
In error logs, there is no AssetBundleDownloadManager manager error for Avatar 'avtr_2c03efc2-cf7a-44a7-8416-87d68a3b3919' (Jays priv choco). But the other avatars are being blocked for AssetBundleBadPerformance.
When Jaywasreal's Avatar 'Jays priv choco' was shown (not Safety Shield), alpenmilchschokolade (avtr_c9a20362-6680-49f7-b7e0-fb4815791a14) was loaded (Very Poor 591,031 triangles). (The logs get confusing to read.) This gets blocked by AssetBundleBadPerformance when Very Poor was blocked, but then Jays priv choco was loaded.
2025.12.20 02:13:30 Debug - [ModerationManager] Jaywasreal avatar is enabled
2025.12.20 02:13:30 Debug - [Behaviour] Switching Jaywasreal to avatar alpenmilchschokolade
The mobile version of this avatar is a 0 polygons avatar (Excellent). Neither 'alpenmilchschokolade' nor 'Jays priv choco' has impostors generated.
The VRChat client should probably also validate the fallback avatars meet the requirements (Good rated or better) in addition to server-side processing. Maybe Avatar 'avtr_2c03efc2-cf7a-44a7-8416-87d68a3b3919' needs to be sent back to server processing/security checks?
Log In
WubTheCaptain
A very poor fallback avatar on Windows with no Android upload (or "Pending") by CuteyDeer, 144,780 triangles.
avtr_83ff863c-7ee2-462f-b62e-9f37249982b3
2026.03.18 00:39:41 Warning - Avatar was blocked by local perf limits: 9
2026.03.18 00:39:41 Error - [AssetBundleDownloadManager] Avatar 'avtr_4c7aa56e-a4c8-4061-ae0a-691edfd4ef34' did not pass initial checks and won't be downloaded: AssetBundleBadPerformance
2026.03.18 00:39:41 Debug - [AssetBundleDownloadManager] Starting download of 34 MB, 0 still queued.
2026.03.18 00:39:42 Debug - Measure Human Avatar Avatar isRemeasure:True
2026.03.18 00:39:44 Debug - [AssetBundleDownloadManager] Download for avatar (Worn:0 Friend:0 Shown:0 Near:1) (34.1 MB) started 0 seconds and completed 3 seconds after queueing.
2026.03.18 00:39:44 Debug - [AssetBundleDownloadManager] Average download speed: 543293 bytes per second
2026.03.18 00:39:44 Debug - [AssetBundleDownloadManager] [196] Unpacking Avatar (Dummy by CuteyDeer)
WubTheCaptain
This has also occurred inversed for reasons unknown so far. Good on Windows, Very Poor on Android, a fallback avatar.
Fallback Avatar⁄Quest (
avtr_c47bfd00-f615-44bd-ab80-bfccf3cd3a60
) by Grizzley - it's a green haired Koyuki avatar.2026.03.08 22:40:18 Debug - [AssetBundleDownloadManager] Starting download of unknown MB, 0 still queued.
2026.03.08 22:40:18 Warning - Avatar was blocked by local perf limits: 9
2026.03.08 22:40:18 Error - [AssetBundleDownloadManager] Avatar 'avtr_d70d282c-34a7-4c07-9aa7-9603adc99c8c' did not pass initial checks and won't be downloaded: AssetBundleBadPerformance
2026.03.08 22:40:19 Debug - [AssetBundleDownloadManager] Starting download of 1 MB, 0 still queued.
2026.03.08 22:40:19 Debug - [AssetBundleDownloadManager] Download for avatar (Worn:0 Friend:0 Shown:0 Near:0) (1.3 MB) started 0 seconds and completed 0 seconds after queueing.
2026.03.08 22:40:19 Debug - [AssetBundleDownloadManager] Average download speed: 762411 bytes per second
2026.03.08 22:40:19 Debug - [AssetBundleDownloadManager] [615] Unpacking Avatar (Fallback Avatar⁄Quest by Grizzleу)
(
avtr_d70d282c-34a7-4c07-9aa7-9603adc99c8c
is Manuka_2․0 by Grizzleу.)I couldn't catch a screenshot before its uploader left the instance.
2026.03.08 22:46:24 Debug - [Behaviour] OnPlayerLeft Grizzleу (usr_c0f4e2ba-520f-40bd-bc6f-0bd730aa990b)
WubTheCaptain
WubTheCaptain
RaveLilly HRM (avtr_36c9e9b8-59bf-4c07-8d1a-2273d719310a) by @FirecatStudios
This post was marked as
available in future release
This post was marked as
tracked
This post was marked as
available in future release
WubTheCaptain
There's another private avatar, Runa_fallback (avtr_bede6f3d-25c5-4fc1-8b1d-f4b3a98d9efa) by C0D3 M4513R, that's a "Poor" fallback due to texture memory. C0D3 M4513R explained that the avatar was formerly ranked "Good", before avatar performance ranking was recalculated to account for material swaps (VRChat 2025.3.1 or VRChat 2025.3.2), thus the fallback flag has been grandfathered from "Good" to "Poor".
Runa_fallback is a slightly different issue than OP, but these seemingly impossible fallbacks are in the wild for different reasons. What's common for this and OP: The fallback flag isn't removed from these avatars, when recalculated.
2026.01.16 23:44:12 Warning - Avatar was blocked by local perf limits: 9
2026.01.16 23:44:12 Error - [AssetBundleDownloadManager] Avatar 'avtr_da5d4235-af95-49d5-a1c5-ac2ed78462ce' did not pass initial checks and won't be downloaded: AssetBundleBadPerformance
2026.01.16 23:44:12 Debug - VRC.Udon.Common.DeserializationResult
2026.01.16 23:44:12 Debug - VRC.Udon.Common.DeserializationResult
2026.01.16 23:44:13 Debug - [AssetBundleDownloadManager] Starting download of 27 MB, 0 still queued.
2026.01.16 23:44:13 Debug - [AssetBundleDownloadManager] [193] Unpacking Avatar (Runa_fallback by C0D3 M4513R)
2026.01.16 23:44:13 Debug - VRC.Udon.Common.DeserializationResult
2026.01.16 23:44:13 Debug - VRC.Udon.Common.DeserializationResult
2026.01.16 23:44:13 Debug - [Behaviour] CacheComponents: ParticleSystems 0, AudioSources 0
2026.01.16 23:44:13 Debug - Found SDK3 avatar descriptor.
2026.01.16 23:44:13 Debug - [Behaviour] Using default gesture mask (hands)
2026.01.16 23:44:13 Debug - [Behaviour] Using default fx mask (all muscles disabled, all transforms enabled)
2026.01.16 23:44:13 Error - [Behaviour] Avatar Expression Parameter 'IsLocal' duplicate definition, New definition will be ignored and original type 'Bool' will be used.
2026.01.16 23:44:13 Warning - Recovered 8 Network IDs from Avatar
2026.01.16 23:44:13 Debug - [Behaviour] Avatar is Ready, Initializing
2026.01.16 23:44:13 Debug - Measure Human Avatar Avatar isRemeasure:False
2026.01.16 23:44:13 Debug - [Behaviour] Initialize ThreePoint Avatar VRCPlayer[Remote] 61 False 7
WubTheCaptain
C0D3 M4513R I'm tagging you so you get a notification on Canny, and thanks for sharing the issue description.
Dexvoid
marked this post as
tracked
Shinyflvres
Addition:
By making more research:
This issue affects VRC SDK 3.10.X down to 3.4.X and probably lower versions.
Another way to reproduce this issue is:
- Open VRC 3.8.X
- Create a Very Poor Avatar
- Create a Clone of the Avatar and remove all meshes
- Upload the "Excellent" Non Mesh Version to Mobile/Quest and set Fallback Tag
- Set Blueprint from Excellent Avatar to Very Poor version
- Click Upload.
50/50% Chance that it will now set your Very Poor Avatar as a fallback.
Tried it 3 Times in a row and worked "fine".
I will do more research later an provide more details and a easy-to-follow Video.
// EDIT
We made an Test in a Friends Group Instance a few hours ago. To make clear how important it is to fix this issue:
You are able to create a crasher avatar using Audio Sources, Animator Combinations and Particle Effects that hold Realtime Point Lights. With some "Sketchy" Methods you are able to spawm those with a Very Poor Fallback. With the test we made i was able to crash 21 Persons in an Private Friends instance that all had blocked my avatar.
Thus; People that may abuse this "Exploit" are able to crash instances even if the avatars are blocked by default (Depends also on shield levels).'
ALSO IMPORTANT:
Jaywasreal is a friend of us and did not intentionally cause this Fallback Exploit. it was found by accident. Just making sure he does not get banned at this point.
WubTheCaptain
Load More
→