In my game, I have a Dead by Daylight style skill check meter where players must click at the right time when a moving bar is overlapping the center of the meter. I can get this working quite well but it all must be done in local scripts since it uses tweening and player guis. But, that makes it super easily exploitable. Is there a best practice to make it harder to exploit, or should I not even worry about it?
1 Like
Anything on the client is exploitable. You can’t stop that. However, you can make it so the server verifies it to add a bit of security.
Yeah, I’m just curious how would I go about checking that though as tweening the GUI is all done locally. Its position on the server never changes. The only solution I could think of would be tweening the meter on the serverside but it’s inefficient and choppy looking.
There isn’t really much to do here, and because of that, I suggest you not worry about it and focus on finishing other parts of your game before implementing anticheats (you also don’t know what kind of exploits cheaters might use).
Firstly, you can’t do anything on the server if the client’s exploit only perfectly times the check so that it never fails.
You might be able to prevent exploits in which the client completely skips the skill checks, but this would take quite a lot of effort.
The server needs to verify if the time between the start of the skill check and the client success signal is reasonable. To do this, the server needs to be aware of the bar’s initial position and tween speed (if it varies).
If the moving bar’s X position is randomized, you can ensure the client and server see the same random position by having the server send the client a seed (any number), initializing a random number generator (Random or math.random) with that seed on both ends, and then generating the X position. Since the generator was initialized with the same seed, it will produce the same random number. The client then renders the moving bar at the X position, and the server keeps note of it.
Then, when a skill check occurs, the server notes the current time and calculates a future potential completion time based on the tween speed (a non-linear easing speed might complicate the math for this).
When the client’s successful click signal comes through, the server verifies if the receive time is within an allowable window of the calculated future time (based on ping, and the size of the moving bar, because you could click either the moment one end of the bar reaches the center or the moment the other end leaves it).
1 Like
Since it’s a skill check, send the position of the bar to the server and note successes and failures. If a player never fails the check, then they are probably cheating.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.