Are local script values send to server modules exploitable?

You can write your topic however you want, but you need to answer these questions:

  1. What do you want to achieve? I want to know if the script below is exploitable and what can i do to fix it

  2. What is the issue? I’m trying to give the player a wood if he hits a tree

  3. What solutions have you tried so far? Can’t find any


hit is the “Tree” part. I was wondering if the player variable is exploitable and scripters could change the player name.

If you can require the module from a local script it means it’s running on the client environment. That means that the changes the GivePlayerItem function makes aren’t being replicated to the server unless remotes are evolved within that function call.

So pretty much it’s pointless to argue if this is exploitable or not because it’s fully client-sided(like an exploiter loading random things) and has no impact on the server/isn’t being replicated(unless you have remotes set up for this that the function uses to communicate with the server).

1 Like

Yep, the above reply sums it all up.
If this is on a LocalScript, it means that clients can manipulate this as much as they want.
What you want to do instead is to run this on the server instead, and thus exploiters will not be able to manipulate the player argument or the hit argument.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.