Deleting Humanoid With A LocalScript Replicates To Server

Deleting the local character’s humanoid on the client replicates to the server. This is not game-specific, and is also commonly know as a method to achieve God mode with Exploits. The character doesn’t even respawn after 5 seconds after the humanoid has been removed. Expected behavior is that deleting your own humanoid clientside does not replicate to the server.



local PlayerS = game:GetService('Players')

		local Hum = Cha:WaitForChild('Humanoid')
		for i = 0 , 50 do
			print(Hum:GetFullName(),' | ',Hum.Parent)


local PlayerS = game:GetService('Players')
	local plr = PlayerS.LocalPlayer
		local Cha = plr.Character or plr.CharacterAdded:Wait()
			local Hum = Cha:WaitForChild('Humanoid')

Damn, I’ll definitely add this to my anti-exploit right away, hope they patch it.


You’ll find that this isn’t specific to humanoids with mpre testing. This has been brought up before and received response from staff, there’s reasons which I don’t know if I should say here (my memory isn’t too strong on why either) why it hasn’t been changed. But to summarize, they want to fix it, and a fix will probably come at some point.

It also allows you to kill NPCs indirectly with explosions and the characters will explode and stuff client-sided, but on the server they will just be dead.

I had to add a check in my server script to auto-respawn the NPCs which died as the result of this exploit.

Instead of Respawning the NPC just add a ForceField to prevent it from dying by Explosions.

So you can kill NPCs Client Sided by deleting your Humanoid? I am unsure can you explain

No, just killing NPCs client-sided in any way will kill them server-sided. Exploits which spawn explosions or kill NPCs in anyway will kill them server-sided as well - but I didn’t know about deleting the humanoid would do that too.

This doesn’t affect other players besides LocalPlayer in any way (as far as I can tell) due to replication.

We must keep in mind however, that FilteringEnabled is just a whitelist of what is able to replicate and what isn’t - it’s actually a common misconception that it’s a true separation of client and server.

You might want to file that as a Separate bug report.

I’m interested to discuss this issue further in DMs.
(let’s not make this thread a mess)

This is a issue yes and can be exploited but there are a number of ways to prevent this.

They achieve this god by deleting the current humanoid and creating a new one right after.

If you can create some connection with the humanoid that the player spawns with on the server I don’t see why you can’t prevent this issue.

One of the ways you could prevent this is by simply checking if the humanoids ancestry has changed or not.

1 Like