Exploitable Client-sided rendering?

Help and Feedback Scripting Support
#1

Hi everyone,

I’m currently developing a simple powers system that enables players to wield different types of abilities. The way I’m handling damage and rendering effects may be similar to how you do the same for bullets: render the visuals/effects on the client and handle damage on the server. At the moment, I have an ability that follows the same concept and renders all effects on the client by firing an event to the server, receiving the event in a server script, and calling :FireAllClients() to have all clients in the game render the ability’s effects. The code works, but I’m worried about exploiters potentially spamming the event and repeatedly firing the event to display an endless amount of effects. Theoretically, important information such as damaging affected players should be safe due to the checks I have on the server but wouldn’t effect rendering be easily exploitable? I’m concerned that any exploiter could take advantage of this weakness and spam ability effects around the map which could be annoying, even if players themselves aren’t taking any damage. Or should I simply not worry about this issue at all? I’m also not sure if this issue is severe enough for me to take measures against it.

If anyone could provide any input, that’d be great!

Thanks,

Alimegacorn

#2

One way to prevent the spamming of RemoteEvents is to use a debounce. You can do something like:

local Debounce = {}

RemoteEvent.OnServerEvent:Connect(function(player)
	if not Debounce[player.Name] then
		Debounce[player.Name] = true
		
		-- handle event
		
		wait(5)
		Debounce[player.Name] = nil
	end
end)
1 Like
#3

Thanks for the suggestion! I’ve actually considered using debounces but I had decided not to because I figured you would have to track the cooldowns of potentially dozens of abilities which could clutter up the dictionary and make managing it a bit tedious. I completely forgot you could just delete the entry in the dictionary when the cooldown is up, making the entire process more cleaner. Thanks for your input!

2 Likes