Can this be exploitable? What can I do?

I made a simple script where 2 parts just move. I’m using a module script in replicated storage and a script inside serverscriptservice.

Do you think exploiters can change the values inside replicated storage so the exploited values are replicated on the server?

for example if they change tweenInfo’s time parameter from 5 to 50

Here is the module Script code

local part = {}
part.__index = part 

local sphere = {}
sphere.__index = sphere

--Services 
local tweenService = game:GetService("TweenService")

function part.new()
	local newPart = {}
	setmetatable(newPart, part)
	
	local part = Instance.new("Part")
	part.Parent = game.Workspace
	part.Anchored = true 
	part.CanCollide = true 
	
	newPart.Part = part 
	
	return newPart 
end

function part:Tween()
	local tweenInfo = TweenInfo.new(3, Enum.EasingStyle.Linear)
	local tween = tweenService:Create(self.Part, tweenInfo, {CFrame = self.Part.CFrame * CFrame.new(0, 10, 0)})
	tween:Play()
end

function sphere.new()
	local newSphere = {}
	setmetatable(newSphere, sphere)
	
	local part = Instance.new("Part")
	part.Shape = Enum.PartType.Ball
	part.Anchored = true 
	part.CanCollide = true 
	part.Parent = game.Workspace
	newSphere.Sphere = part 
	
	return newSphere
end

function sphere:Tween()
	local tweenInfo = TweenInfo.new(3, Enum.EasingStyle.Linear)
	local tween = tweenService:Create(self.Sphere, tweenInfo, {CFrame = self.Sphere.CFrame * CFrame.new(10, 0, 0)})
	tween:Play()
end

Here is the server script

local rs = game:GetService("ReplicatedStorage")

local part, sphere = unpack(require(rs:WaitForChild("ModuleScript")))

local part = part.new()
local sphere = sphere.new()

part:Tween()
sphere:Tween()




I’m not entirely sure since I haven’t looked that much into meta tables until now.

They can change the values for their own client, but they won’t replicate unless you have some remote they can fire to also change it on the server.

1 Like

Thanks for stating this I’m starting to learn more about things like this.

You want the client to access the Module and use it as well. All that is in client side is exploitable…

So if a exploiter changed a value on the module script, it will only show on their screen?

If they change something in the module script, it will just be for them, this won’t affect any other player and the server.

1 Like

I believe Client and Server requires are separate so the server and the client would see different things

2 Likes

Yes, any changes made to the settings would appear on the exploiter’s side, but not on any other client’s screen.

1 Like

As soon as the game starts, it requires the script, and returns all the default values that were in there when the server started. If I’m understanding correctly, you are worried about exploiters decompiling the module script and changing values? I’m pretty sure there will be no issue, because it gets required before an exploiter could even get their hands on it, and change the byte code inside the module script. But again, if someone knows more, please correct me, but I am pretty sure you won’t have an issue with this, unless you require it at different times in your game.

1 Like

Ok that makes alot more sense, so If I call a function from the server its going to use the correct values from the module script?

1 Like

Executors can even load before the game has loaded. They can also access the memory and change the values directly.

Yes, no changes will be made from the original values.

2 Likes

I would highly not recommend creating an OOP class unless you are going to require the module multiple times and also as long as there are no remote events you shouldnt be worrying about whether or not your scripts could be exploited. Exploiters cannot change your code. In your module, you set the tweeninfo time to 3. they cannot change that.