How do you handle debounce exploits?

So, my question is, how do you handle debounce exploits, such as player being able to fire bullets quicker as changed some variables using getsenv() and now since I am handling the debounce on the client, how would I handle on the server?

You could try saving a time value on the server and if they are shooting too quickly you could kick the player, or have an if/else that makes the remote do nothing.

Well heres a basic Debounce system for the server:

-- place this above the event
local debounce = {}

-- place this at the start of the event 
if debounce[player.UserId] == nil then
debounce[player.UserId] = false
if debounce[player.UserId] == false then
debounce[player.UserId] = true

-- put code here --

debounce[player.UserId] = false
1 Like

On the server-side, you should set up a player-based debounce system, which allows each player to have its own cooldown instead of a global one, based on their username/userid.


local Debounces = {}
local DebounceTime = 1

if table.find(Debounces, Player.UserId) then return end -- Check the player's userid, if found, return end.
table.insert(Debounces, Player.UserId) -- Add the player's userid to the array.
table.remove(Debounces, table.find(Debounces, Player.UserId)) -- Remove the player's userid from the array.

Once you add them to the array, tell the client that they are able to shoot the gun.

1 Like

Just move everything onto the server side, if the server has to deal damage or create projectiles you may as well just do it all from the server. This means if you check the information being passed into the server which stops exploiters from firing too fast and makes it much harder to exploit.

It’s important to not move everything to the server, however it can be a good idea to have a separate damage denounce on the server.

That’s what I thought, just wanted to make sure. Thanks!