Hello, I am trying to create a script for a game I am working on and I need to make an engine upgrade and suspension for a-chassis the issue is that a-chassis is client sided so an exploiter would be able to change everything and I don’t know what else to do and how I would stop it. i currently have it like this Tune.Horsepower = script.Parent.Customization.EngineUpgrade.Value if you have any idea please let me know!
1 Like
In my opinion the best way to do this, (I believe you’re talking about a upgrade system for the engine/suspension) is to validate purchases and vehicles on the server.
Every time a player spawns a vehicle or enters a vehicle, wtv… Why not validate it on the server?
Check if the player has the upgrade, check if the player has enough money to get the upgrade, check if the player owns the upgrade on the vehicle, etc…
As for the the value, indeed it’s very vulnerable and exploitable.
You might can move it on the server somehow, not that familiar with a-chassis.
Hope this helps!
1 Like
I mean i could but the issue with that is even if i check it when they spawn in i can’t actually check if they change the values on the client unless i hide a script in the player that will send a remote event to the server but the issue with that they can just delete the remote event
1 Like
In my opinion, I believe you’re worrying to much about this.
Clients can only change things from THERE side including UI, instances, etc… but it’s not replicating to other clients.
UNLESS, the client uses a remote event/function to exploit wtv event/function connected to. Which is why validating those events/functions are important.
If the client removes the remote event, a vehicle has to be replicated on both sides of the game, server/all clients, so there is a POINT where inevitably it will need to validate the position of the vehicle on the server to other clients.
Then why not multipurpose your localscripts?
A client cannot edit a localscript already defined in game, if you add a remoteevent for that, which makes the vehicle actually work alongside the remotevent it uses to validate, combining these things, means the exploiter will just lose either way.
OR, you can even detect on the client from that script with all that stuff in it, when the remotevent is deleted and if it ever is, just delete the vehicle on the client or kick the client.
BUT, imo this worry of exploiters is very real, but as your game moves along, that’s how you know what’s vulnerable and not, who knows this may not even be as vulnerable as you think.
A game is suppose to be developed not made in 5 months and marked as complete. You’re a developer, develop your game as it moves along. 
Hey man. Odd question, but are you for hire? I was just wondering if you’d be open to help with this customization and maybe future stuff while earning money. Lmk.
1 Like
Sadly, I am not, I’m pretty busy as is, thank you for the offer though! 
1 Like