I have scripted a gun system and noticed a vulnerability which can be exploited.
It works by raycasting in the client and then sending the information to the server with a RemoteEvent, then the server makes raycasting and distance checks. But it doesn’t solve the problem.
Heres a clip of me simulating someone exploiting the remote.
send the ray to the server, raycast with the same properties on the server and check the distance between the ray origin and character. Now obviously if a player has bad internet their character will be delayed so make the maximum distance like 20 studs, should work okay
This is what i did, i want to know if there is a way to make it not so vulnerable. Of course, exploiters won’t be able to kill everyone in the server, but they can create stuff like “Kill Aura”.
Heres a piece of the server side code:
Event.OnServerEvent:Connect(function(player,character,hit)
if not player.Character then return end
if player.Character.Humanoid.Health <= 0 then return end
if player.Character:FindFirstChildOfClass("Tool") then
local tool = player.Character:FindFirstChildOfClass("Tool")
if tool:FindFirstChild("WeaponStats") then --Checking if the tool is a gun
local weaponstats = tool:FindFirstChild("WeaponStats")
for i,v in pairs(game.Workspace:GetChildren()) do
if v:FindFirstChildWhichIsA("Humanoid") then
params.FilterDescendantsInstances = {params.FilterDescendantsInstances, v}
if v == character then
local muzzlepos = tool.Handle.Muzzle.WorldPosition
local hitpos = character.PrimaryPart.Position
local raycast = workspace:Raycast(hitpos, muzzlepos - hitpos, params)
if raycast then
local acerto = raycast.Instance
if acerto then
WS.RegisterHitEvent:FireClient(player,true, "raycast")
return
end
end
if (character.PrimaryPart.Position - v.PrimaryPart.Position).Magnitude < 5 then
--Part of the script responsible for damage
else
WS.RegisterHitEvent:FireClient(player,true, "distance")
end
end
end
end
end
end
end)