I am making a shift to sprint script do i need to use a removeevent necessarly or could i just set the walkspd in localscript
1 Like
Presuming you are sticking to the Roblox’s default character controller, it is fine to set the walk speed locally (predominantly because of the latency/ping time). Controls ought to be responsive. If you have an anti cheat, it is indeed useful to fire a remote event to let the server know player is sprinting and running faster, to perform checks accordingly (while still modifying walk speed on client side).
HRP.Velocity = HRP.CFrame.LookVector * 200 in a local script? won’t it be vulnerable to exploiters?
You can simply set the WalkSpeed property in a LocalScript to create a shift-to-sprint script. There’s no necessity to use a RemoveEvent or involve server-side scripting for this specific functionality.
1 Like
modifying the player’s velocity in a LocalScript, such as HRP.Velocity = HRP.CFrame.LookVector * 200, can indeed be vulnerable to exploitation. Players with malicious intent can manipulate or override the velocity changes, potentially leading to unfair advantages or exploitative behavior. To ensure a more secure implementation, it’s recommended to handle critical gameplay mechanics, such as player movement and velocity, on the server-side rather than relying solely on the client-side LocalScript. By validating and controlling these actions on the server, you can reduce the risk of exploits and maintain a fair and secure gameplay environment.
I don’t mean to make him walk like that but what I mean is if they could add to the value or change anything.
I believe the OP is talking about humanoid.WalkSpeed. Roblox’s character controller is client-authoritative, which gives players full network ownership and control over their character. The most developers can do is perform location or velocity checks on server, which also cannot be too strict because of increased potential for false positives because of lag spikes.
A (little) more demanding alternative is client-predictive server-authoritative model, which means something Chickynoid (MrChickenRocket, sorry for another share/ping).
So clients have a limited freedom regarding what is directly replicated to the server and others, which includes humanoid and its states, character (and even part but not clothing removal), animation playing and timeline positioning, and so forth.
Humanoid properties, like WalkSpeed, or, for instance, character limbs’ color, are not replicated. Server and others won’t see those changes player makes.
All in all, exploiters can be a real trouble because of the control they have over their character, and with the current default model server can’t do anything but perform sanity checks. On the positive side, such system is very smooth for the player.
EDIT
@nombreincorrectodepn yes, that’s exactly what I’m saying, an exploter can use that line of code either way, and the modification won’t be replicated to the server and other players.
As for the dash, it can be done on server, or it can be performed locally. The former introduces some lag depending on player’s internet connection, and the latter a bit higher vulnerability.
I’ve seen even popular games do local changes because they value non-interruptive and reponsive movement more in combination with exploiter reporting system than slightly more secure approach. If there is a server-sided anti cheat and dash local, server can get notified about the dash to account for it in the verification.
(Side note, Velocity is deprecated in favor of AssemblyLinearVelocity.)
yes i know you are referring to humanoid.WalkSpeed but i want to know if an exploder can change the command i told you right now. basically it is to make a Dash System.
They can change the variable through getgc()
Exploiters have access to pretty much everything in the local script. They can change it. So you need to use remote event already to prevent hackers.
Just do a server check that checks every player’s speed every 30 seconds