I was recently notified by an exploiter that he can change the currency to infinite and buy anything in the game without having to wait or earn it by spamming a remote event which fires every 3 minutes to give a player their daily wages. Is there a way to prevent this?
Code that fires the event
local x = 0
game.Players.LocalPlayer:WaitForChild("Silver")
local Payday = game.ReplicatedStorage.Events.Parent
while true do
wait(60)
game.ServerScriptService.EventHandler.Payday:FireServer()
script.Sound:Play()
end
The problem in your case is you are trusting the client to send proper events. In this case, you should move what :FireServer() currently does to the server, and using :FireClient(Player) for playing the sound.
If you need to fire the server to get the pay check, save the time that the player fires the event on the remote in a table.
local Times = {}
local Interval = 60
PaydayEvent.OnServerEvent:Connect(function(Player)
if not Times[Player] or tick() - Times[Player] < Interval then return end
--If waited longer than the interval
Times[Player] = tick()
--Store the time for later
--Payment Handling Here
end)
Edit: Typed on my phone so it might be a bit sloppy
For more information you can read this SUPER helpful post by @ANSI_C, specifically the section Remote Exploiting. In a nutshell, always assume that the RemoteEvent/Function is getting fired by an exploiter, and model your code after this.