A sword code review

xaoix00 · July 25, 2020, 4:52pm

Hi, I recently made a sword, and I want to ask you: Is this anti-exploitable?

Here’s the script I made for this(Its not a local script):

local state = script.Parent.State
local damage = 33.5
script.Parent.Activated:Connect(function() --Detects when tool is activated, plays animation and changes the state value
	if state.Value == "Holding" then
		state.Value = "Cooldown"
		script.Parent.Parent.Humanoid:LoadAnimation(script.Parent.Animation):Play()
		wait(0.2)
		state.Value = "Swing"
		wait(1.2)
		state.Value = "Holding"
	end
end)

script.Parent.BladeHitbox.Touched:Connect(function(hit)
	if hit.Parent:FindFirstChild("Humanoid") then
		if state.Value == "Swing" then
			state.Value = "Cooldown"
			hit.Parent.Humanoid:TakeDamage(damage) -- Take damage to player who touched it
-- Rest of the script is a damage indicator that shows on player's head when hit. --
			local part = Instance.new("Part") 
			part.Transparency = 1
			part.Parent = workspace
			part.CanCollide = false
			part.Anchored = true
			part.Position = hit.Parent.Head.Position
			local showDamage = game.ServerStorage.BillboardGui:Clone()
			showDamage.Parent = part
			local damageText = Instance.new("TextLabel")
			damageText.Parent = showDamage
			damageText.Text = damage
			damageText.TextScaled = true
			damageText.Size = UDim2.new(1,0,1,0)
			damageText.BackgroundTransparency = 1
			damageText.TextStrokeTransparency = 0
			damageText.TextColor3 = Color3.fromRGB(255,0,0)
			wait(0.5)
			for i = 0,40,1 do --  A for loop; this is the fade effect for damage indicator
				showDamage.ExtentsOffset = showDamage.ExtentsOffset + Vector3.new(0,0.025,0)
				damageText.TextTransparency = damageText.TextStrokeTransparency + 0.025
				damageText.TextStrokeTransparency = damageText.TextStrokeTransparency + 0.025
				wait(0.05)
			end
			wait(0.1)
			part:Destroy()
		end
	end
end)

SourceFedd · July 25, 2020, 5:16pm

Most anti-exploits (client sided) are practically useless unless they detect the exploit when it injects since they are all so easy to bypass nowdays. You should focus on protecting remotes / server anti-cheats instead of the client (Not saying leaving the client unprotected is a good idea, just saying that the server is more important and you shouldn’t trust the client with anything)

posatta · July 25, 2020, 5:17pm

This might be an important bit to read:

(It’s not a client sided anti-exploit at all.)

At the same time, though, this is still exploitable. Physics stuff relating to the client’s character is usually given to the client for responsiveness, (waiting five seconds to move or having your Tool drag along behind you would be awful) so Touched events will fire even if it’s not touching on the server. This means something like a hitbox expander would be effective against this code.

xaoix00 · July 25, 2020, 5:30pm

What if code will only run if I check the size wasn’t changed on the client? That would be possible?

posatta · July 25, 2020, 5:30pm

Checking if the size wasn’t changed on the client is pointless, since they can just disable the LocalScript that checks.

xaoix00 · July 25, 2020, 5:31pm

Right… What about remote events?

posatta · July 25, 2020, 5:32pm

RemoteEvents still rely on the client to pass accurate information… I’m not sure how that helps much. Doing something on the server (like checking the distance between the swinger and the hit) could work, but brings up issues with laggy players.

xaoix00 · July 25, 2020, 5:34pm

Should this work with :DistanceFromCharacter() function?

xaoix00 · July 25, 2020, 5:36pm

Well thanks for solving the problem, I’ll try to make this work