Will my Free UGC be safe?
Did Roblox fix this or is this still an issue?
Also, why can PromptPurchase() be fired from the client?
1 Like
pretty sure this has been patched, you can always make sure to prompt it yourself from server, track when its prompted, when .ProcessReceipt is triggered, check whether its tracked, else not, reject the process
3 Likes
Yes this is fixed, PromptPurchase() must now be called from the server when being used for ANY limiteds.
As to why PromptPurchase() can be fired from the client: probably because for the majority of transactions it’s unnecessary to go from Client → Game Server → the Roblox server that handles item purchases. The game server is an extra stop if the user is initiating the request to buy something.
Here is the post where they made the update to fix the exploit:
Here’s the relevant section:
1 Like