While going through a script I’ve been working on, I realized that I didn’t do anything to check if the first argument of the remote was really the client who fired that remote.
This would be bad if an exploiter found the remote and forced everyone to reload their weapons or shoot their weapons by spoofing the remote.
So, can an exploiter spoof who fired the remote?
Why wouldn’t it be the client that fired it? It can only be fired by the client soooooo, lol
Anyway the first parameter of OnServerEvent() is always player
So no matter what the exploiter does, they can’t trick the server into thinking another client fired the remote?
I don’t believe they can, because you do not pass the player in the FireServer() event, so they can’t add in a player’s name and have it work