How would I do sanity checks for my client sided hitboxes

Hi! So I decided to try and make client-sided hitboxes. I did it but I got not idea how to do sanity checks.
So here how its work:

  • Client detects if keybind is pressed. If so executing ability function from module
  • Client creates hitbox
  • Client fires a bindable event to create VFX on all clients
  • Hit detected. Firing a remote event to damage

As you may guesses the problem is with last line. Exploiters can change anything if its on their client meaning that the arguments I would pass in can be changed. I got no idea where to put sanity checks in the middle all of that. How do I do that?

1 Like

Simple solution dont let the client handle it

I have been making hitboxes on server all the time. I want to try something new and my friend says that client hitboxes are the best. So why not give it a try.

Then you have to accept that exploiters can exploit it. There is no way to bypass that without having the server check

That’s what I want. I want to do a server check so it wouldn’t be that exploitable but I got no idea how with my hitbox system.

Ok I decided to remake the system.