I am making some powers for my game.
I was originally going to have their cooldown happen locally with just a simple variable storing a timer.
My worry is, can exploiters modify this value so that their powers will instantly come off cooldown?
I can do this on the server but it’s just more hassle with syncing timers across client and server.
Yes, they have access to the debug library which allows them to edit any variables or functions or variables in functions in a local script basically
Yes it can be a security risk but just do a simple time check on the server to see the time since the last remote, and if the time is a BIT less than your cool down than something is sus.
You can send your server script and I can add the time checker if you need.
exploiters can not only change variables but can change the whole script. My advice: never trust the client. Try use the server for that sort of stuff
Have cooldowns on both the client and the server. Each environment respectively should keep a cooldown and not allow any action to occur if the cooldown hasn’t yet been lifted. It shouldn’t be one or the other and legitimate players may experience input lag if you just do it from the server.
The client’s cooldown should be for visual purposes and determining when it’s okay to commit the action while the server’s cooldown is for determining when it’s okay to replicate effects to other clients or handle something critical like damage. This way even if an exploiter removes their cooldown it doesn’t negatively affect anyone else because the server doesn’t budge.