I tested it in studio, and it updated pretty much instantly, is there different behavior in game?
4 Likes
yeah my thoughts.
so thinking of sending event and starts a while loop to get the price until purchase finished
2 Likes
yeah someone else told me it was cached too… am not sure
3 Likes
All I’ll say is that we managed to completely patch fake donations in our game which was basically under attack by them. The patch involves a little more than just checking and comparing the Updated timestamp. If you’re going to attempt this, make sure you have a deep understanding of the relevant APIs and their functionalities. You can also try to reverse engineer PLS DONATE’s system to see how it behaves in different scenarios - this might help you figure out how it works. We tried numerous potential fixes that we thought would work for months before arriving at our final solution – so it’s somewhat of a trade secret now. Good luck… 
5 Likes
Thanks for the gif.
Why do you want to keep it private? Would you be open to sharing it?
5 Likes
My simple sentences for this.
Warning: Wall of text
Comissionee fires server
Server use webhook
Server gets commissioner’s price
Server checks price match (Webhook vs stored)
Price does not match
Server revokes commissioner
Server fires commissionee (client)
Commissionee gets message
It says “Commissioner attempted changing price”
Lastly, commissionee is protected.
5 Likes
i don’t think this would work because they can change the price back before pressing okay.
3 Likes
It will not be an issue if the commissionee does not tell when they will donate. It checks the commissioner’s price of the product given real-time versus the server cached/stored before prompting the commissionee to purchase.
4 Likes
so you mean on the prompt right but then they could just prompt themselves and/ or send the event themselves
3 Likes
are you making web requests for the solution you’ve found?
3 Likes
which web hooks are you referring to btw?
2 Likes
Pre-prompt, it should have a check of webhook returned price versus the price given in server before-hand. Not sure what you mean by prompt themselves, but unless it is an exploiter, users cannot prompt themself.
By the way, if you’re confused…
Commissionee - The person that buys the commissioner’s product
Commissioner - The person that sells the product to the comissionee
4 Likes
yeah so we are trying to prevent exploiters from exploiting the game. it is popular exploit in donation games and completely ruins the economy of the game.
1 Like
The term you use is really vague. By exploiter, I am referring to the user who executes the script on client. You might be referring to the glitch abuser.
What I mean is that the glitch abuser is the commissioner. The commissionee will need to fire the server event which the server will check IF THE PRICES MATCH WEBHOOK VS SEVER STORED/CACHE before prompting the commissionee to purchase.
If the price does not match, the commissioner’s product will be revoked and therefore the server script returns a message to the commissionee which states that the commissioner has tried to trick the commissionee. This is my last reply.
2 Likes
i think i understand. we want to prevent people who can execute scripts from exploiting the game.
1 Like
I get this is valuable information to share, but something like this can make or break games of this type. Exploiters (and even some developers cough) are literally attempting to extort MILLIONS out of developers in exchange for the “solution”. Why not end this ridiculous cycle once and for all by sharing your solution?
3 Likes
Doesn’t have to be the code itself, but explaining what endpoints to use would be kind. And if not endpoints, are you scraping the data? @bvetterdays
2 Likes
I also have a donation system in my game and didn’t even think that something like this was possible. That said, I think I’m safe without even trying to mitigate this issue.
I save all of the clothing items and their prices as “shop items” (tables) in a list, send that list to shop UI and during the purchase flow I use my own ID combined with PromptPurchaseFinished event. When processing the purchase I use my previously saved data (where the price is) and item ID I got from the UI.
Edit: I realize that maybe I misunderstood the issue… I guess if someone sets their item price to a million, the game loads it up, then they change the price to 10 and someone else buys the dono, then my system would not work very well and register that 10rbx item as a million rbx purchase 
Back to the drawing board!
Edit 2: I didn’t read whole thread, so I might be mistaken, but it feels like a few more GetProductInfo() calls (one on initial load of clothing items, second on the purchase initiation, third on the purchasefinished, if any prices mismatched - nuke it) should fix this nicely. No?
2 Likes
save the price in a table for when they click it. If it goes through check the price on the server with a remote event
2 Likes
Yeah, going to just keep at it. I wonder if there is a certain endpoint we can use to our advantage or if there’s something in the roblox api we’re overlooking. Regardless this issue will get resolved in the end.
1 Like