How to prevent exploiters from changing the currency

Hello there,

I was recently notified by an exploiter that he can change the currency to infinite and buy anything in the game without having to wait or earn it by spamming a remote event which fires every 3 minutes to give a player their daily wages. Is there a way to prevent this?

Code that fires the event
local x = 0
game.Players.LocalPlayer:WaitForChild("Silver")
local Payday = game.ReplicatedStorage.Events.Parent
while true do
	wait(60)
	game.ServerScriptService.EventHandler.Payday:FireServer()
	script.Sound:Play()
end
8 Likes

The problem in your case is you are trusting the client to send proper events. In this case, you should move what :FireServer() currently does to the server, and using :FireClient(Player) for playing the sound.

4 Likes

Rule number one, NEVER trust the client.

If you need to fire the server to get the pay check, save the time that the player fires the event on the remote in a table.

local Times = {}
local Interval = 60
PaydayEvent.OnServerEvent:Connect(function(Player)
     if not Times[Player] or tick() - Times[Player] < Interval then return end
     --If waited longer than the interval
     Times[Player] = tick()
    --Store the time for later
    --Payment Handling Here
end)

Edit: Typed on my phone so it might be a bit sloppy

10 Likes

For more information you can read this SUPER helpful post by @ANSI_C, specifically the section Remote Exploiting. In a nutshell, always assume that the RemoteEvent/Function is getting fired by an exploiter, and model your code after this.

5 Likes