Cross Server Market (Exploit Free?)

Bylocks · August 13, 2018, 5:21am

Hey! Hope you’re having a good day!

The problem I’m encountering is dealing with exploiters for my market.
I have supplied some images to better your understanding of how it works below.

Click here

The problem with my poorly scripted market from a year ago is I’m sending the cost from the client and checking on the server. (EEEEEEKKKKKK yes this is bad I know don’t blast me ) I was wondering how to check what card they have chosen on the client and tell the server since UI is client side. I was thinking of sending the table location and sending that number to the server and check with the server if they have the right amount of coins instead, how would you handle it?

woot3 · August 13, 2018, 5:32am

Give each card a unique ID.
Store information about each card alongside the ID.
Send the card ID from the client to the server.

RuizuKun_Dev · August 13, 2018, 6:25am

Cross Server Market? You mean like Multiple Servers? (kinda like Steam’s Marketplace?) That’s COOL!

Quick script

-- Module

local Items = {
		ReallyOPCard = {
			Name = 'ReallyOPCard',
			Price =  math.huge,
		},
		
		ReallyNoobCard = {
			Name = 'ReallyNoobCard',
			Price =  0.1,
		},
}

return Items

-- Client

local Items = require(Module)

if Player.Cash >= Items[CardName].Price then
	RemoteEvent:FireServer(CardName)
end

-- Server

local Items = require(Module)

OnServerEvent:Connect(function(CardName)
	if Items[CardName] and Player.Cash >= Items[CardName].Price then
		-- Give Card & Take away Player.Cash
	else
		Player:Kick('HOW DID YOU SEND A REMOTE EVENT WHEN YOU HAS LESS MONEY?! >:(')
	end
end)

You can however trick the Exploiters into thinking that they can change the price and then you check if the price is the same on the Server then you delete all their Progress if it’s not

iRexBot · August 13, 2018, 1:00pm

Just kick the player. Don’t erase their data. As it’s a possiblity a bug could happen.

LuckyTux · August 13, 2018, 1:18pm

How exactly could a bug happen if their datastore file is reset?

inHeadspace · August 13, 2018, 1:34pm

A bug could happen, as in a false positive. This would cause the player to lose data and would deter them from playing again.

RuizuKun_Dev · August 13, 2018, 1:34pm

The only way a RemoteEvent is sent is when the player has enough money and not Exploiting so…

If you really want to make sure you can add more logic to the If Statement

or just make sure your code is bug proof, it’s a Script for buying stuff it shouldn’t have any Bugs in the first place anyways.

@Starception

I forgot to mention that I added the Kick just for you to get the idea, I don’t kick the Players tho I just don’t do anything. (Maybe I’ll change that)

inHeadspace · August 13, 2018, 1:42pm

Alright, an example:

A young player feels like they should put their UltraEpicUltimatePower Sword into the Market. However, the developer has recently updated the price of it, but only on the server. Therefore, when another player tries to get it, it sends the server the wrong price, ending with the player having their data erased, and they go and tell everyone that it’s a scam and to not play the game again.

RuizuKun_Dev · August 13, 2018, 1:44pm

What?! NANI!

That is not Possible no way it’s Impossible

-- Module

local Items = {
		ReallyOPCard = {
			Name = 'ReallyOPCard',
			Price =  math.huge,
		},
		
		ReallyNoobCard = {
			Name = 'ReallyNoobCard',
			Price =  0.1,
		},
}

return Items

-- Server

local Items = require(Module)

-- Client

local Items = require(Module)

Both Client and Server are requiring the same Module how can the Data be different?

inHeadspace · August 13, 2018, 1:45pm

It was just an example, the way it checks prices could be changed in the future.

RuizuKun_Dev · August 13, 2018, 1:49pm

I mean yeah in your case it’s right if you aren’t requiring the same DataBase but that’s the Devs fault if their’s a bug.

But in my case it can never ever ever happen if you require the same DataBase for both Client & Server

I mean you don’t have to kick the player immediately you can make a Counter if the Counter is more than X then Kick and Wipe Data ?

It’s really up to you and how you code it

Their is a way to make sure that a bug can never ever ever happen

So you are probably right, it depends on how you Code.

I also forgot to mention that I am using DataStore + OrderedDataStore like DataStore2

So if the Data was wipe and it was the Dev’s fault it could be reverted.

By Wiping Data I just mean Setting Everything to like you just Started not Delete everything.

Extuls · August 13, 2018, 3:03pm

There’s still no reason to revert data or erase it just because the price the client sent is wrong. You don’t even need to kick them for something so minor. If they shouldn’t be able to do something their client thinks they should, just ignore it on the server when it does sanity checks.