For example, can an exploiter use DEX edit to edit a stat value and have it replicate to the server? I do know with objects parented under their character model they have some control over it; such as being able to delete scripts and other items parented under their character. I am wondering if that is also the case with the player folder?
They can change it but the changes don’t replicate to the server.
4 Likes
No, even if they edit values under their player object, it will not replicate to the server. It will be only visible on the client’s side.
2 Likes
No, an exploiter cannot modify their leaderboard stats - for example - and have that replicate to the server. If they’d want their stats update to replicate, they’d need to do that by using exposed RemoteEvents. This is why it’s important to santatize your RemoteEvents.
The only things that normally replicate to the game server are physics data, such as teleporting, walkspeed, collisions, etc or information that you allow to replicate from RemoteEvents or otherwise. Keep in mind that exceptions can occur and have done so in the past, such as string values in the player instance itself.
Exploiters can modify their own character as they own network ownership of it, thus allowing them to delete parts inside their character or even parent accessories to workspace - as this is a legacy feature but has no purpose anymore.
5 Likes