Can exploiters edit scripts inside of a tool?

Master_Aaron · August 6, 2020, 10:48pm

The title is pretty self-explanatory. I want to know if an exploiter can edit scripts inside of an area where the client can reach like the Workspace or ReplicatedStorage and those edits they make be replicated to the server.

FerbZides · August 6, 2020, 10:49pm

nope, unless its client sided but would take no effect if the local scripts do some job for the server

blokav · August 6, 2020, 10:49pm

Things inside Workspace and ReplicatedStorage are visible to the client, but if a client changes something it will still not replicate.

cjjdawg · August 7, 2020, 8:51am

Note that any values or scripts under the tool can be deleted, and this change will replicate to the server if the tool is equipped.

Mega_Hypex · August 7, 2020, 9:16am

Using exploits, an exploiter can view byte code, copy it and edit the copy, then replace them. Thats the closest they can get when using the term “edit”. Yes, that means they can modify scripts in Workspace, ReplicatedStorage (No scripts can execute in ReplicatedStorage but I’ll take that as a module script). Well, if they get access to server scripts in workspace, they could do what I mentioned above but that would not replicate or affect anyone anyhow as the Server Script runs on server anyway, but for local scripts in other executable locations for the client, they can certainly “edit” them and their client would actually experience the change, however in most cases the server and other players should not be affected. It is thus, a safe practice to have Sanity Checks, important values changes and other vital information that affects gameplay to be modified and stored on the server.

hotwheels8000 · September 11, 2020, 5:16pm

So (slightly off topic), how would this apply to other descendants of a tool such as values. If I understand correctly the only reason changes made to server scripts don’t replicate across clients is because they run on the server, so does this mean values inside the tool could be changed.
To give an example if I stored the damage of a tool as an intValue inside the tool (so damage could easily be adjusted from server side scripts) could an exploiter use this to set their own damage?

Sniperkaos · September 11, 2020, 5:20pm

if you evaluate the value on the client then yes, but if you evaluate the value on the server then no.