I want to make a dashing system for my player, so whenever they hit shift, they dash. I thought about simply making a local script, putting that in starter character scripts and calling it “Movement”, but then exploiting became a concern.
If I allow the player to dash on the client, the player can give themselves an infinite number of dashes, increase their dash length by increasing their walkspeed, or give themselves no dash cooldown.
What can I do to prevent this?
Im going to be honest, there isnt much point trying to prevent it, sooner or later they’ll find a way to work around it, and at the end of the day, they can just teleport.
At least thats how I view it, and thats why I dont feel like movement abilities need a whole bunch of safety checks, as its usually a waste of time. (Depending on what the ability is of course, but in this case I still just dont see it as necessary)
With that out of the way, the only real way to stop them from modifying the dash is to put it on the server, but that would make it more delayed for users with higher ping, and again exploiters could just teleport. So really in this case you have to decide to make exploiters lives a little easier and let your players have a more enjoyable time, or make that time a little worse and make exploiters struggle a bit more.
Just my thoughts though!
How’s byfron? Hope it’s working cuz players are gonna have to suffer in my pvp game 
But yeah, right now I’m just gonna focus on getting the movement over with. Maybe I’ll have moderators oversee the server since I’m not sure and have doubts about Roblox’s method of exploit prevention.
I have no idea whats going on with byfron at all 
I know some part of roblox anticheat now detects modifications to the client, so thats good, other than that, no clue lol.
Nonetheless, best of luck with your project :D
Yeah I agree, there’s 0 point of trying on stuff like that. I have explored fighting games which have like thousand line scripts on the client (wild but fair). An exploiter can instantly disable or modify it and destroy the game. Make it so that if its destroyed or something happens that it kicks or punishes them. I also recommend that you “Interconnect” systems so that if one system tweaks and fails all the others on the client will fail. Exploiting in your game wouldn’t become a reasonable point because of this interconnection
Hey so you can manage security w the remote events.
Method
Note: cool down can work like
If Savedtick - tick() > cooldown then
— do dash stuff
end
Exploiting
A good rule of thumb is to always the smart stuff on the server. Atleast that’s how I’ve learned it.
This will give u some lag so I recommend replicating the work also on the client. This is should keep the lag less noticeable. And even if the player were to exploit client side it wouldn’t do anything. Most players won’t try to hack ur game anyways. So don’t go to crazy about it
Yeah just do it on the client. Cheaters can usually inject custom scripts into the game so even if your game didn’t have a dash script they could move their character however they wanted anyways. The only real way to prevent this is to build a validator on the server that knows about how far they could have moved and when and the like and snap them back to the last valid position if you detect an invalid position (with some padding to allow for bad network conditions).
Competitive games for example often do a system of movement where the server and the client are running the exact same simulation, but the client is sending keypresses to the server along with timestamps and the server rolls back the clock and simulates the players movements from the time they stated any changes. At the same time that has already been done physically on the computer and then if the server and client end up getting too far apart they resync the client to the servers location. This is hard to implement especially with how little direct access you have to the physics system so I would border on calling it impossible on roblox (though I’m sure you could get close, or perfectly do it if you roll your own physics). Though some subset may work with good results.
Yep as @tlr22 said just do it on the client as the client has network ownership and can already teleport all over the map.
So there are 2 options, detection or prevention. You could consider statistical analysis record the movement data, acceleration velocity and position, and compare with cheaters vs client similar to other anti cheats have done on community resources like this FJ’s. There will always be some discrepancy’s and false positives but it can do the job actually and is what Roblox suggested with movement validation but it is very basic and does not account for acceleration (dashing).
Or you can bite the red pill, the 100% solution that Roblox will definitely (or should) release, Server authority which is industry standard at this point but Roblox is still an old engine I guess.
I would suggest a quick dirty solution if you need anti cheat ASAP or if you have time to learn, then to have some patience for this update.
I have the entire summer, although the game won’t be finished for a while and this server authority thing I’m just now hearing of sounds sweet. I think I’ll put it on the backburner for now.