Crafting, ReplicatedStorage or Script?

So, let’s say that you are making a crafting system with a UI. If you were to decide, which one would be more efficient/less exploitable? Factor both of them in, with the less exploitable being priority.

So this is what it would look like in the replicated storage:

Then it would be looped through by a local script and see if the values from the leaderstats are satisfactory, then it will send it to the server via Remote event to check it.

This other one will make only a local script, with server checking via Remote event:

local Statistics = game.Players.LocalPlayer.leaderstats:GetChildren()

    local CraftData = {
    	[1] = {"Bla1", Wood, 2}, -- Ice and wood are predefined variables, with the string value being the name of the crafted item
    	[2] = {"Bla2", Ice, 1, Wood, 1},

    local function VerifyRequirements(CraftTable)
    	local Success = 0
    	for i = 2, #CraftTable , 2 do
    		if CraftTable[i].Value >= CraftTable[i + 1] then
    			Success = Success + 1
    			if Success == (#CraftTable - 2) / 2 then
    				-- Fire RemoteEvent
    				Success = 0

    for i, v in ipairs(Statistics) do
    		for i = 1, #CraftData do

What’s your opinion?

  • First(RepStorage)
  • Second(Script only)

0 voters

comment your suggestions

As long as you check the values on the server as well (not the values that were passed over from the client), it shouldn’t be exploitable. However, if the values are only held in the client script (and the server doesn’t have it’s own set of values to compare), and the server is relying on these values at the time of call, then your system is exploitable.

Use remotes to communicate the crafting to the server, so the client handles nothing. Rule #1 of making a game, never trust the client.

Using the server will help control and prevent exploiters from crafting items on a whim, and every action can be checked on the client by using remote functions. Of course, you can also check stuff on the client before sending the official “OK” to the server to craft, but use remote functions to return “yay” or “nay” to execute that action. Always verify with the server, never trust the client.


You’re fine using the first option, since changes made by clients to ReplicatedStorage data doesn’t replicate to the server at all.

So, which one would you go for?

I would completely remove any client side based crafting and force the server to do the crafting with the client only sending events to each step. The server must then check every step. Server Script method with client communication all the way.


To be completely safe, the client should only be sending what item and the number of it to the server. From there, the server should determine the item and calculate the cost based on the number of items being used.