If an exploiter can change everything which is on the client, and if they know that leaderstats values are stored inside Players.LocalPlayer.leaderstats, couldn’t they just modify those values using injected local scripts? Isn’t this a huge security issue?
3 Likes
No, because the changes made on client doesn’t replicate to server and other players so changes are only visible to the exploiter itself.
Also you shouldn’t be using leaderstats for storing and editing player’s actual data in the first place, it should be only used for showing player data on leaderboard.
3 Likes
They can’t modify it via client unless you are using a Remote to change your leaderstats value
The reference to LocalPlayer isn’t a client-side reference, it just finds the client on the server; furthermore, the leaderstats are created by the server, not client, and changes made on the client won’t replicate to the server.