(i am aware there are topics with similar names, but this topic is different)
Recently, I’ve noticed that i have to tell the server something from the client, So i use RemoteEvents, Theres no issue with this, But i’ve heard that firing one too much can cause some pretty bad lag.
As well as exploiters being able to spam them, therefore crashing the server.
Anyways, Lets say I’m making a shop, Everytime the player buys something, It tells the server, What would happen if 50 players were all trying to buy tons of things very quickly? Wouldn’t it lag a lot?
Or if a tool is supposed to have an ability, So you press something like “X” for the ability, You’d have to use a RemoteEvent, But what if many players were spamming the ability?
But in my case, Im making an emote system, Everytime you press G, It uses a RemoteEvent to tell the server, I’m worried, because if tons of players were emoting and then unemoting, it could lag the server (yes i have cooldowns for these, but they are on the client and can probably be removed via exploits)
Im just confused why it would lag so hard (it hasn’t for this emote system, but thats because i only test it by myself)
The problem comes with the fact that a remote event can trigger a function on the server. This is negligible for small functions like changing a couple of numbers for the most part. If however, it does something large and compute intensive, it can be a problem if you don’t do some rate limiting and filtering on the server. If someone spams something like world generation 45 times a second, that certainly could break a game.
Reducing network traffic in general is always advisable too, but your stated case should be well within reasonable network traffic.
You can just have a simple debounce, and store a table of players that fired the event. This way, you can keep track of people who have fired the event. I usually do this by having a folder and using the debris service. The debris service allows you to remove an object after a certain amount of time WITHOUT yeilding the current script.
I usually have a folder and store player names in it as string values. I use debris service like the following:
local debris = game:GetService("Debris")
debris:AddItem(playerStringValueInstance, 1)
This will remove the stringValue after 1 second. I usually have a script serverside that checks if the player is in the folder, if they are, then I return false. There is probably a better way of doing this, but I thought of doing it this way a while back.
Yeah. Pretty much. If you think that calling the function it’s connected to several hundred times in a for loop would cause the server to get bogged down by your code, you should limit the rates and/or filter what can call it. Otherwise you can probably ignore it in terms of lag.
No, My emotes are not basic and just play an animation (i am aware animations are replicated to the server, but i would like for it to sync with effects and such), They all have music, And sometimes props, Which have to be server-sided, In general, Its better for it to be on the server in case i wanna add special effects for certain emotes
I have already added a debounce on the client, I will add one on the server. (I don’t know why i thought remote events would lag the server even if they did nothing)
The main takeaway here lies in the basic principles of making any game- never trust the client.
As previously stated, receiving remotes alone does not cause an increase in server usage. However, If those signals are connected to expensive functions with no protection then this can lead to an increase in server usage because those functions can be called without limitation. It is also important to note that there should be client sided rate limitation that’s reflected through your interface (this will ensure regular users do not exceed reasonable limits), AND server side limitation. The server side limitation will likely not be used, but in the case you have users who bypass the client limitations by means of exploiting, it is good to have.
You can think of this like a “DDoS attack”. Obviously this is not actually a DDoS, but it follows the same structure in terms of how the exploiter attacks your game. They’re basically going to flood your servers by bypassing as many limitations as they can, and hope to crash or break something. One of the best way to prevent this is also by protecting the server (alongside other methods that aren’t really applicable to roblox games)
TLDR: Put limitations on remotes on the client and server (making sure client limitations are reflected through user interface so it doesn’t appear requests are just dropped), and have the server verify the validity of any data that is passed through the remote.
Edit: With regard to this specific OP, there should be no need to update the server with the state of the character. The client holds network ownership of the character and almost all updates to the physical state of the character can be made locally.