Creating a anti-exploitable Inventory System?

So I’m currently working on an RPG game with lots of randomized dungeon spawning and also lots of different items. The main problem I’m having is creating the Inventory System/UI. There are many different ways to collect/be rewarded items in the game, and I wanted to know what would be the best way to create it so that exploiters cannot just give themselves any item they want.

What I have in mind
My original plan was to give every time of item collecting method its own local script and each item its own unique 4-digit ID Code (0000-9999).

When the player is to receive an item, the script will Invoke a Bindable Function, sending the ID of the item to be given as an argument.

Then a Script containing all of the items in an organized dictionary will be sent to a Local Script that controls the Inventory GUI and Datastore on Invoke. The LocalScript will also activate on Invoke but wait to receive the item dictionary.

Once the item dictionary is received, the LocalScript would sort through the ID’s, looking for the an ID that matches the one received on Invoke, and the matching ID will contain the item’s traits and be saved to a “PlayersItems” table and also the Inventory Datastore

Problems I’m Having

  1. I have not yet created the system, because I don’t want to go through it all and it still be unsecure, so would the provided method above work?
  2. Is this a sufficient way to create the inventory system? Can I change anything to make it more organized?
  3. How can I further secure it to prevent exploiters from cheating the system?
  4. Is there any way I can make the system more compact, without losing effectiveness?

I’m sorry I could not provide pictures as examples, I did the best I could to explain. If there are questions, I can edit the post to further provide detail.

1 Like

I wouldn’t even worry about this because the only they can do this is through dex and even if they got that they won’t be able to use it and only they can see it, also every time they die they would loose it. So Don’t worry about it.

1 Like

Certainly don’t use the 4 digit code method, exploiters can spy on messages going through remote events, and they can even translate what’s written inside of a local script.

The best method would be to add context to everything the server gets.

Oh the player wants to pick up x item? Are they close enough to the item that it makes sense they can pick it up? Do they have the money? Do they even have the level unlocked to pick that item up?

Context is 100% the best way to check for exploits.