Exploit Prevention with Vehicles?

Beartikal · November 21, 2018, 4:39pm

I am creating a game where there are Jet Skis that are spawned.
If I parent the vehicle to the player’s character or give the player ownership to it, then the exploiter can teleport the vehicle to the lobby and disturb other players with the vehicle.
However, If I give the ownership to the server, the jetski ride appears a little choppy / laggy to the player, which results in an unhappy experience to the player.

How can I do both of these while keeping exploit prevention in mind?

kingdom5 · November 21, 2018, 4:54pm

I would set the network ownership to the player but include a check if the player is near the lobby with the jet skis every so often.

Beartikal · November 21, 2018, 5:02pm

The player could spam teleport themselves and the vehicle to another player on the map, resulting in flinging and clearly not desirable effects from the other players point of view. Ultimately, I need the vehicle to be controlled by the server, yet still account for the latency visible somehow.

kingdom5 · November 21, 2018, 6:25pm

You would only give the network ownership when needed so it would not be possible to teleport it to other players. Only when the network ownership is given they will then be able to change its physics.

Security is a trade off between usability and in this case the users game experience is first. The amount of latency you would incur when setting the network ownership to the server would just scale per player. You may only be seeing the “exploit” side of this but the ability to move this work to the client in itself would free a lot of server work.

It is not possible to have the vehicle controlled by the server and incur no latency (there will even be some with a LAN server).

To break this choice down:-

Owned by server

Seccure
More work for server
Player has more delay before for their input

Owned by player

Less seccure (can be exploited but how often?)
Less server work
No delay for player input

Hope this help.

Beartikal · November 21, 2018, 6:30pm

Let’s say I were to give network ownership when they sit and use the vehicle, couldn’t they teleport themself along with the vehicle while they are sitting?

Maybe I’m not fully understanding when network ownership should be granted?
If it is when the player is sitting would I just have to do serversided exploit checks?

I’m not an expert at this sort of thing and I apologize.

kingdom5 · November 21, 2018, 6:44pm

You would need to include some “sanity checks” in short these are basic test to see what is allowed (after ownership is given back) . As you said they can teleport as soon as they sit but the server will know how long the have been using the vehicle.

Going back you the example you said some other options could be:-

log current cframe and compare the end cframe
log the time the player has been using the car
log at intervals velocity of the car (teleporting will not include velocity)
log at intervals upto 3 CFrames and check distance

IdiomicLanguage · November 21, 2018, 9:10pm

I would add these to your list of pros and cons to make it less biased:

Owned by server:

All players see closer to the same thing
Each player is affected by their own latency, not other players’

Owned by player:

All players’ views can be dramatically different
All players experiences are dependent upon the latency of the other players

The key is an authoritative server with client side prediction and interpolation.
Here is a thread I was involved in, and which I posted many good links on: