Best server validation for loot transfer?

With an inventory system for any game it’s important to make sure that loot transfer is secure to make sure that item replication can not be exploited. So the question is, what is the best way to validate item transfer between a player character and a loot box?

Right now my only check is to see if the character is near the loot box (within 10 studs). Normally this would be fine, but for our project it’s important to prevent looting through walls. We have a client-side check for this, but if there isn’t an efficient server check as well, a hacker could just run a remote event if they’re standing within 10 studs, and steal the loot.

Does anyone have any ideas?

My best bet probably would be to make a ray from character’s HumanoidRootPart to the Loot part if you have one, or a position. Then you check if it hits anything, and if it does you reject the call.

Here are few sources which should provide help if you don’t have much experience with Raycasting.

1 Like

To avoid duplcation: Each item should have a unique ID. Keep track of which item IDs have been picked up. If a player tries to pick up an item that has already been picked up, ignore the request. If you’ve already made it appear to the player as if the item was picked up without server side validation (to improve the feeling of responsiveness), signal to the client that their version of their inventory is out of date. You can send along the new inventory information with the same signal.