Can Hackers Change A Value Obtained With A Remote Function

faze_paspro · August 30, 2023, 9:42pm

Hello everyone let’s say i have a local script that lets you buy items and i used remote function to check in the server if the player has enough money and then send to the local script if it he can or cannot buy it by the player like so

Client :

local part = game.Workspace.Part

local ReplicatedStorage = game:GetService("ReplicatedStorage")
local buyFunction = ReplicatedStorage.BuyFunction

local debounce = false

part.Touched:Connect(function(hit)
	if hit.Parent:FindFirstChild("Humanoid") and debounce == false then
		debounce = true
		
		local canBuy = buyFunction:InvokeServer()
		
		if canBuy then
			print("Bought !")
		else
			print("Cannot buy it !")
		end
		
		task.wait(1)
		
		debounce = false
	end
end)

Server

local ReplicatedStorage = game:GetService("ReplicatedStorage")
local buyFunction = ReplicatedStorage.BuyFunction

local itemPrice = 1000

buyFunction.OnServerInvoke = function(player)
	if player:GetAttribute("Money") >= itemPrice then
		return true
	else
		return false
	end
end

Can a hacker just go into the local script and edit the canbuy variable to true or false like so

local part = game.Workspace.Part

local ReplicatedStorage = game:GetService("ReplicatedStorage")
local buyFunction = ReplicatedStorage.BuyFunction

local debounce = false

part.Touched:Connect(function(hit)
	if hit.Parent:FindFirstChild("Humanoid") and debounce == false then
		debounce = true
		
		local canBuy = buyFunction:InvokeServer()
		
		canBuy = true

		if canBuy then
			print("Bought !")
		else
			print("Cannot buy it !")
		end
		
		task.wait(1)
		
		debounce = false
	end
end)

txcIove · August 30, 2023, 9:43pm

At the end of the day, it doesn’t matter as you’ll check on the server if they have enough money when you take away their coins before you give them the item / whatever benefit anyway.

faze_paspro · August 30, 2023, 9:44pm

Let’s just say that i really need to give the item in the local script

VonickTW · August 30, 2023, 9:45pm

I belief with enough variation and ease of earning coins a hacker could exploit this. But they shouldn’t be able to change the amount of coins given without serious intervention into the roblox player.

faze_paspro · August 30, 2023, 9:45pm

I just understood now )bababab

txcIove · August 30, 2023, 9:46pm

Then you should change that. If the item can be given to the player on the client, then your remote function won’t even matter anyway, they can just give it to themselves straight away.

zStxtion · August 30, 2023, 9:50pm

Yes, they could spoof the value on their own client if you handle it through a localscript.

system · September 13, 2023, 9:51pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.