When users sell their own game passes in our experience Clip It they can use regional pricing to completely bypass all of our exploit checks. This allows for malicious users to completely bypass any checks against pricing changes for donation systems.
We check against https://apis.roblox.com/game-passes/v1/game-passes/{asset-id}/product-info to confirm users have not updated or changed the pricing of a game pass when it is purchased.
The current workaround is using https://apis.roblox.com/game-passes/v1/game-passes/{asset-id}/details and checking if it has a ‘RegionalPricing’ flag in the ‘enabledFeatures’ array, and ignoring gamepasses that have this attribute.
Expected behavior
Roblox APIs should return the accurate value, or allow for developers to predictably determine what users actually pay for game passes.
Not sure why this is the one being addressed. I kindly request you go through older bug reports that may have been filed overnight rather than just picking the ones you see at the top of the category to forward to engineers.
This issue has been fixed!