Client sided hitbox security

Help and Feedback Scripting Support
1

I’m working on a system with client-side hit detection / hitboxes in my game, but I’m trying to make sure my server-side validation is solid.

Right now, the client fires a RemoteEvent to tell the server what it hit, and I do some basic sanity checks on the server, like magnitude checks, to make sure the hits are legit. Here’s a snippet of what I’ve got on the client-side:

local HitModels = ClientHitDetection.SphereCast(Position, Radius, Character, true)
if #HitModels > 0 then
Requests.Hit:FireServer(HitModels)
end

My question is: is this good enough? Should I be securing this remote event in a particular way?

2

i mean there are a ton of way’s you could improve sanity checking

like possibly saving states on server for when you’re attacking and using this as a verification layer for damage dealing

but this really depends on your games architecture.

but as for a simple verification method if I’m not mistake and i could be
client side hitboxes are more about replicating effects and visual feedback then actually verifying the hit, most people I’ve seen run a separate hitbox on the server after, but I’m not sure if this is standard.

1 Like