Any advice on handling guns?

So I need a bit of help on how I should properly handle gun functionality for best performance to security. I have read up on a lot of other posts asking for similar advice but the answers were very broad and never really provided a concrete method. I have implemented a lot of what they were saying but I can’t help but feel like I’m still missing something.

Obviously the main concern here is how to avoid exploiters without sacrificing too much performance while also making it fair for the shooter and the receiver. My current method is as follows:

1. Client handles click detection and general visuals/audio
2. Client calculates a Raycast to ensure you’re hitting a player target
3. Client provides the server a few pieces of information:
   -Initial bullet position
   -Instance provided by the Raycast
   -Position provided by the Raycast
4. Server double checks to ensure provided instance is indeed a character
5. Server does these checks to make sure the shot was legit:
   -Makes sure the gun is equipped
   -Makes sure the gun has enough bullets
   -Checks to see if the provided initial bullet position is roughly within 5 studs of the guns barrel
   -Checks to see if the provided Instance is roughly within 5 studs of the Raycast’s target position (*)
   -Checks to see if the guns firing rate isn’t on cooldown
6. If all above conditions are met then deal damage and return that information back to the client

(*) The part I’m mainly concerned about is the provided instance and position values were provided by the client, meaning that this information can easily be altered via exploits allowing them to hit targets from anywhere (at least to my knowledge). The current solution I can think of is to just do another Raycast check on the server, but a lot of the posts I read up on believe that Raycasts on the server are slow and might undermine the user experience of the gun.

If anyone has a better/quicker method of making these checks or if there are some checks that I’m missing please let me know, or maybe my current method is completely wrong and if so, please enlighten me!

The current method is for a single fire pistol but I do plan on making automatic weapons in the future, so any information on how to handle rapid fire guns would also be really appreciated. Unless, of course, the methods for single fire and rapid fire are the same which would make this much easier!

TL;DR: What is the best method for security without sacrificing too much performance/user experience when making guns? My main concern is I might be forced to do a second Raycast check on the server but people believe server Raycasts are slow and might hurt performance, any advice on how to best balance this?

My current idea is to have a raycast on the server, because raycasts are quite optimized.

Raycast from one character to the enemy.

The exploiter would not be able to spoof the location of the initial position or the hit position, so long as the checks are done on the server. I would recommend raycasting on the server, but I don’t know how that affects performance. Where I could see a problem is number 5 with checking distance because of the size of the hit part. If the hit part had a size of more than 5 studs the server would incorrectly assume the shot was invalid.

Looks like no matter what doing a check on the server would be the most optimal take on this problem. As for the studs check you are absolutely correct, however, a players character never usually exceeds a size of 5 studs so chances are the part you hit should always be within range of your shot even if you hit the most outer regions of a body part.

But of course if I’m going to have to perform a raycast on the server anyway I probably don’t need to bother with this check.