With all of the hot discussion about exploits, I want to propose a system that would let us have 100% secured player movement, just like in other games like Fortnite, Overwatch, Cs:GO, COD etc.
To do this, we need complete control of the flow of the simulation of humanoids and physics.
My proposal is that we get given the tools to be able to pause the physics simulation, and be able to move the simulation along manually by calling :Step() on it to wind it forwards the standard 4 milliseconds, and be able to do that as many times in a frame as we require (even if it’s expensive).
This would also require that any Humanoids inside of the simulation process their logic each :Step() as well.
A proposed usage of this system would be as follows:
-
The server owns all of the players humanoids (or other controllers), with the server having full network ownership of these objects.
-
Each client has a locally cloned copy of only their character
-
Each frame on the client (heartbeat), the client winds their local simulation forward 1 :Step(), making their humanoid or controller move forward based on user input. This input would also be sent to the server.
-
The server would apply this same input to its own authoritative player controller, and call 1 :Step() itself. This would all be replicated to all players as per usual, as the actual authoritative state of the world.
-
The tricky bit: If the client disagrees with the server about where things should be, the client has to “roll back” to where the server says things were, and then quickly “resimulate” to catch up to where it was, by replaying the remaining unconfirmed inputs. This is the piece that requires us to be able to fast forward the physics simulation with :Step() multiple times on a single frame.
-
If it all works correctly, players can move around freely and responsively, but all movement belongs to the server and is server authoritative.
(I am glossing over a lot of details here, but this is the core of the algorithm)
Conclusion
If we had this, we would be able to implement completely secured player movement inside of roblox, even when using custom controllers or not even using humanoids. This would go a long way to address the vast majority of game ruining hacks present on the platform.