I made a gun that shoots 20 times per second; on the client side it takes the start point and direction point and then it fires the server with those values. The server then uses those values to create a ray, checks if it’s hitting something or someone, if it’s hitting someone it deals damage.
This all works fine, but has one serious issue: Aim lag. If a player is running in a straight line you have to lead your shots in order for them to all hit. If you aim directly AT the player most of your shots are going to miss. Is the solution to do everything on the client and THEN fire the server just telling it to deal damage? This seems like it could be very easily exploited, so I’m open to solutions here.
Edit: I felt like I should mention that if a player stands completely still the shots are registered very quickly and accurately, which is why I’m calling it aim lag. It feels like you’re shooting where the play was a half second ago.
Most popular fps games handle the raycasting on the client, then send that data to the server. The server then checks if what the client is doing makes sense and if the enemy should be damaged.
Cast the ray on the client, do server checks to prevent exploits. Even games like phantom forces had / has problems where you can exploit and kill the entire server easily. I recommend looking into encrypting the games job id as a key, obfuscating the code, and using that to pass through remotes and kick the player if the correct key isn’t passed.
It’s not a perfect solution but it prevents trash exploiters which just happens to be the most common form of exploiters.
You can also look into changing the key every so often to prevent remote spy, or instead of this you can just randomly change the reference to events in replicated storage.
Unfortunately there is no perfect way to get great hit reg and make it non-exploitable. It’s been a common problem for years and I believe Phantom Forces is the closest to solving it (though there is no perfect solution) with some advanced anti exploit methods. I’ve watched videos on people exploiting their game, it seemed pretty interesting. I wish they shared their methods but doing so would probably make their game less secure.