Critical Exploit via Regional Pricing Allows Gamepasses Product Abuse

Bug Reports Purchasing Bugs
,
#1

A recently discovered exploit allows users to bypass intended gamepass and avatar item pricing within experiences by leveraging regional pricing differences. This is combined with test accounts added through the user’s own experience, where the passes are hosted. The exploit manipulates the perceived transaction amount, creating major discrepancies between what developers expect a user to pay and what is actually paid.

image

This bug severely impacts developers who rely on item sales for monetization. It enables users to gain access to premium content or currency for significantly reduced prices—or even near-zero cost—without the game detecting a difference in payment. (Examples shown in the video—check PM.)

Roblox recently introduced regional pricing for avatar items and other purchases. This system adjusts item costs based on a user’s geographic location and local currency, aiming to increase accessibility across different economic regions.

While the intent behind regional pricing is positive, it has introduced a critical vulnerability. When combined with test accounts, which can be regionally configured, the system can be abused. Users can test prices in their own experience, then exploit those prices in other experiences to gain unfair advantages.

As a result:

  • The game executes reward logic as if the full price was paid.
  • Developers receive significantly reduced revenue.
  • Premium content, in-game currency, or restricted features are unlocked for little or no cost.

Expected Behavior:
Developers should be able to confirm whether a transaction matched their intended price and respond accordingly.

Actual Behavior:
Transactions appear successful to both the player and the game, even when the amount paid is far lower than expected. Currently, there’s no exposed API or backend validation available to let developers verify the true amount of Robux spent per transaction.

This exploit enables bad actors to:

  • Obtain premium content at reduced or zero cost.
  • Disrupt in-game economies.
  • Defraud developers of substantial Robux revenue.

Impact:

  • High: Undermines monetization in games that rely on purchases.
  • Supports mass exploitation through disposable or test accounts.
  • Can create major economic imbalance in games with trading or progression systems.
  • Damages player trust when unfair advantages are possible.

Games such as Pls Donate are having extreme issues with this bug and they had to take precautions until it is fixed. Many of the game function is disabled because of this bug and is out of their control. Please do the best you can and help them with this.

To the Roblox engineers:
I’ve included a lot of detailed information in the PM—please take a look at it!

A private message is associated with this bug report

14 Likes
Not receiving purchase confirmation until player press "OK" in the prompt that is After the purchase
Introducing Regional Pricing for Passes
Gamepasses are now spoofable via regional pricing
New Vulnerability Affecting Donation Games
Players able to test regional pricing of their gamepasses outside of their experience
#2

You’d think that the fact that three separate bug reports have been made on this problem would signal to engineers that this is a critical issue:

… but apparently not. This issue was brought up to them internally by developers of Pls Donate, yet so far all they’ve been doing is downplaying the issue’s significance and refusing to provide any meaningful solution.

Feel free to like my reply that goes into more detail on the issue:

5 Likes
#3

The problem is — and always has been — that Roblox either refuses or is technically unable to return the price paid via their parameters.

So far, we only receive the following information:

  • player: [Instance]
  • gamePassId: [number]
  • wasPurchased: [boolean]

Unfortunately, we do not receive the wasPurchasedAtPrice! This is the only piece of information missing. Please, Roblox — add this parameter!

Once again, we’re forced to rely on our own security systems because Roblox is still not able to provide this basic data.

I just hope I’m not lying to myself by thinking it’s technically impossible to implement… and not just a matter of bad faith.

1 Like
#4

Definitely possible to implement. There’s 100% a way for them to send the final price that they deduct from the purchasing user’s balance to the server of purchase. They do it for developer products already.

They mentioned they were working on ProcessReceipt for avatar items and stated it would be released in November, which was a complete lie. Extremely unprofessional.

#5

I know right ! … we are still waiting … regional pricing was more important… i guess

1 Like
#6

Funny thing to note:

Also, cross-posting this reply here:

#7

Yup, they’ve know the problem for a long time but i suppose donation game is ruining their profit.

Who knows ? They don’t say much.