Client can change Tool.Grip on Server

Expected Behavior: Locally changing a tool’s Grip, unequipping and reequipping it should not replicate the Grip.
Actual Behavior: If a client changes the Grip while its equipped, unequips it and equips it back it will replicate the change to the server.

Code Example

task.wait(3)

local Player = game:GetService("Players").LocalPlayer

local Tool = Player.Backpack:WaitForChild("ClassicSword") -- Roblox's Classic Sword Tool
Tool.Parent = Player.Character
Tool.Grip = CFrame.new(0,10,0):Inverse()

task.wait(0.5)

Tool.Parent = Player.Backpack

task.wait(0.5)

Tool.Parent = Player.Character

Video

Example Place
Grip_Replication_Place.rbxl (38.6 KB)
This bug happens 100% both in Studio and in the Roblox Client.
Tool properties CanBeDropped, ManualActivationOnly, Requires Handle & Enabled do not affect this bug.

6 Likes

Bumping this because I both recently discovered more information on this bug and have also gotten fed up with trying to patch it.

Tool.Grip doesn’t actually replicate property-wise but it does affect the generated RightGrip weld’s C0 and C1 properties.
These properties replicate upon creation from the client, allowing exploiters to artificially move tools to gain an unfair advantage.

local Player = game:GetService("Players").LocalPlayer
local Char = Player.Character or Player.CharacterAdded:Wait()

Char.DescendantAdded:Connect(function(obj)
	if obj.Name == "RightGrip" then
		obj.C0 = CFrame.new(0,-5,0)-- They replicate!
		obj.C1 = CFrame.new(0,5,0)
	end
end)

I’ve also found an old scripting thread about how exploiters were able to crash people’s games by setting the Tool.Grip to NaN, however I have been unable to replicate this behavior.

To mitigate this for every tool I have to manually set the C0 and C1 properties on the server. This is very inefficient.

This should not be expected behavior and should be fixed.

3 Likes

Thanks for more information provided! We will come back with a reply when we will have updates!

5 Likes