I’m not sure if this is the right topic to post since I’m quite new to the forums but anyone who uses the Nitenity Studios Donation Board, know this model is exploitable. I reviewed the module and it has no protection on the SetData action and an exploiter can easily change the ListSize and Datastore number to manage the leaderboard, they can also fill in any data that doesn’t fit the arguments or make the ListSize greater than 100 to break the leaderboard. I tested in client sided console in studio and I was able to change the listsize and datastore number very easily with the following script:
local Data = {ListSize = 3, Datastore = 44}
local Boards = game.Workspace:WaitForChild("Boards")
local Retriever = Boards:WaitForChild("SettingsHandler"):WaitForChild("Retriever")
Retriever:InvokeServer('SetData', Data)
Exploiters can ruin a donation leaderboard by executing any code like this, I hope the creator of this model reads this since it’s hard to contact users easily.
I did not use exploits to test this, once again I used the client sided console in Roblox Studio.
Update: this issue has been fixed by contacting the developer of the model
