To prevent input lag for my projectile system, I set the client as the network owner of their projectiles, but this means that exploiters can freely change the position of their projectiles and these changes will replicate to the server. I assume the same problem applies to cars and any other physics-based object controlled by the client.
The question is - how can this be prevented? How can you verify that the physics calculated by the client follow the game’s rules of physics?
You can’t prevent exploits on the client on parts which the user has networkOwnership of, and all though it is useful for the things the player specifically handles, i.e. a sword, car, movement, etc. a bullet is not something that the client should control. Even in cases where they’re not exploiting, lag and other methods will screw with the system.
Hypothetically speaking, you could track the parts movement and recalculate physics, but thats a horrible and dumb idea as it’ll just cause lag and there are much more efficient ways. Instead, you’ll have to change the system you’re currently using, but I believe that’s for the better.
Firstly, to get rid of input lag, and this may sound crazy, but constructing a bullet on the client and doing the hit registration on the client is actually better for your game. Sure, you put yourself at risk of exploits which would happen anyway (and can be prevented with sanity checks on the server), but you also put less stress on the server.
Now, lets say you’ve casted a ray on the client and created the bullet for the client. Next, you’ll tell the server the player wants to shoot a gun and give them the essentials to recreate that bullet trail. If this trail actually hits someone, and some games even go as far as to check recent positions in range of ping, they’ll get damaged. This way the client cant just create a bunch of false rays. Either way, this bullet can now be recreated on the server and shown to other players.